Monday, October 1, 2012

Windows 8 and the Microsoft Dynamics GP Web Client Series - Part 4

Windows 8 and the Microsoft Dynamics GP Web Client Series
Part 4

This series narrate my personal experiences of installing Microsoft Dynamics GP 2013 Beta and the Web Client in an unsupported environment. The following installation steps are for testing purposes only and were done on a test box. If you are to test, please make sure your machine is not a production box.

"While it's not supported, it doesn't mean it won't work. It only means we haven't tested it"...
                                                                                                      Microsoft Dynamics GP Support

Where were we?

In the previous installment I wrote about a number of errors that may happen and think I did a decent job at pointing out the most common ones - services down, you missed the web client runtime install, and so forth.

However, in my quest to get this thing working on Windows 8, I also found out the heartaches that can happen when your certificates go bad.

In my environment, I have self-signed certificate which was created specifically for SSL encryption on each of the ports used for listening purposes by the different web client component services - see part 2b of this series for more information on the different components.

The certificate has the following Thumbprint.

Certificate Thumbprint

If the installation process went well, the Certificate Hash assigned to each port used by Session Service (port 48650), Session Central Service (port 48651), and Runtime Service (port 48652) should match the thumbprint value of the certificate in IIS.

To verify the Certificate Hash value on each port, you can execute the network shell command, netsh, from the DOS command prompt:

netsh http show sslcert

Certificate hash on each listening port must match that of the certificate in IIS
If for some reason the values do not match, there are two ways (that I know of) to fix this:

1. You can try to uninstall the Web Client, which in turn ~should~ remove the SSL certificate bindings for each of the ports listed above. If the bindings are cleared, you can then proceed to remove and recreate the certificate in IIS, then reinstall the Web Client, selecting the correct certificate.

2. You can manually remove the SSL certificate bindings with the following command line:

netsh http delete sslcert ipport=
netsh http delete sslcert ipport=
netsh http delete sslcert ipport=

As a matter of fact, it is also wise to delete the URL reservation associated with the certificate binding as well,

netsh http delete urlacl url=https://+:48650/SessionCentralService/
netsh http delete urlacl url=https://+:48651/SessionService/
netsh http delete urlacl url=https://+:48652/RuntimeService/
netsh http delete urlacl url=https://+:48652/

Following this process, you can then uninstall the Web Client, recreate the certificate in IIS, and reinstall the Web Client, this time selecting the certificate.

For more information on the network shell command take a look at:

MSDN: Netsh commands for HTTP

Until next post!

Mariano Gomez, MVP
IntellPartners, LLC

No comments: