Thursday, February 16, 2017

Web Client: HTTP Error 500.0 - Internal Server Error

Just recently I was assisting a partner on the Dynamics GP Partner forum with an error they were receiving when attempting to log into the Microsoft Dynamics GP web client.

Summary

The partner reported they could log into web client just fine from the SQL Server. However, when they launched web client from the Web Server that host the Dynamics GP web application, they received:

HTTP Error 500.0 - Internal Server Error



Now, this error is a pretty generic error. In addition to not being able to log in, the landing page would not display the Microsoft Dynamics GP logo.

Troubleshooting the Issue

The partner had tried the following troubleshooting techniques:
  1. Repaired Microsoft Dynamics GP web components
  2. Uninstalled and reinstalled web components
  3. Rebooted the server
In addition, I recommended my article Microsoft Dynamics GP 2016 web client UI not displaying icons to ensure static content had been enabled during Internet Information Services (IIS) configuration. Typically, when static content is not enabled, the web client image resources do not get displayed.

Usually, after trying options 1 and 2, if you are still experiencing issues not allowing you to bypass the login window, you know you are facing a pre-requisite configuration issue.

Reading the Detailed Error Information section, you will notice that the error was caused by an authentication request, trying to access an image resource file using Anonymous Authentication by an Anonymous user. In simple terms, this is a permissions issue.

Upon inspecting the GP website authentication setting, the partner noticed the credentials for the anonymous user identity were set to IUSR.



So what's the big deal?

Anonymous authentication gives users access to the public areas of your website without prompting them for a user name or password. When a user attempts to connect to your public Web site, your Web server assigns the user to the Windows user account called IUSR.

By default, the IUSR account is included in the IIS_USRS built-in group. This group has security restrictions, imposed by NTFS permissions that designate the level of access and the type of content available to public users. With that said, websites such as the GP web belong in the private domain and most organizations disable anonymous authentication totally for the GP websites and revoke access to the IUSR account or IIS_USRS group to the website folder to prevent unauthorized access.

If you are running IIS 7.5 on Windows Server 2008 R2, or a later version of IIS, for every application pool you create, the Identity property of the new application pool is set to ApplicationPoolIdentity by default. The IIS Admin Process (WAS) will create a virtual account with the name of the new application pool and run the application pool's worker processes under this account by default.

By setting the ApplicationPoolIdentity as the anonymous user account for a site, you can isolate content and configuration for that site so that no other sites on the same IIS web server can access it, even if you have enabled anonymous authentication. GP web client installation allows you to specify a domain account as the identity for the Web Management Console and GP web application pools. The installer in turn will ensure the proper permissions are given to the folders hosting the web site and the GP web components.

This is particularly useful if you are a hosting provider running multiple customer websites on a single IIS server. Having the ability to control the website access and the content that is displayed is very important.

For a primer on IUSR vs application pool identity, take a look at the following article by Tristan K.

IUSR vs Application Pool Identity – Why use either?

The fix

In this particular case, switching the Anonymous Authentication credentials from IUSR to ApplicationPoolIdentity fixed the issue, although, keep in mind that the GP web client does not require anonymous authentication to be enabled.

Until next post!

MG.-
Mariano Gomez, MVP

Wednesday, February 15, 2017

VST: An error occurred while loading or initializing an addin

As I mentioned before, I am now the Lead Software Engineer at Mekorma. I love it here as I get to work with some really talented software engineers and developers, all of which challenge me everyday. One of the cool new products we are working on, Mekorma Multi-Batch Management, allows you to build payment batches, print and post payments, and generate electronic funds transfer (EFT) and positive pay (Safe Pay) files, across companies, and across multiple checkbooks, with some minor configuration and just the click of a button. You can see an in-depth video on the product here.


Part of the challenges of building Multi-Batch Management were its extensive interfacing with both our own Mekorma MICR product and Microsoft Dynamics GP, and in particular, the Safe Pay module - Multi-Batch Management is designed to drive the Microsoft Dynamics GP user interface, thus eliminating the need for invasive code.

If you have worked on integrating code for Microsoft Dynamics GP, you are certainly familiar with the challenges surrounding the response to Dexterity modal dialogs. This is true for Microsoft Dexterity service enabled procedures as much as it is true for standard applications like ours, that simply try to drive the user interface.

NOTE: Dexterity does not have a programmatic mechanism to respond to modal dialogs. As it stands, only Visual Basic for Applications (VBA) and Visual Studio Tools for Microsoft Dynamics GP (VST) provide event handlers for modal dialogs.

VST aids in responding to Dexterity modal dialogs by allowing a developer to define form or window level modal event handlers. Because our code needed to respond to dialogs in Safe Pay only when our process was running, it was necessary to create an application assembly for our dictionary, that we could then reference in a Visual Studio Tools project. In addition, we needed to reference the Safe Pay application assembly as well. The project reference looks something like this:


Project References

Once references are added to the project, the tendency is to immediately add all event handlers to the Initialize() method within the GPAddIn class, as shown below:


public void Initialize()
{
   Dynamics.Forms.SyErrorMessage.SyErrorMessage.OpenBeforeOriginal += 
     Dynamics_SyErrorMessage_OpenBeforeOriginal;
   Dynamics.Forms.CmTransactionEntry.CmTransactionEntry.BeforeModalDialog += 
     Dynamics_BeforeModalDialog;
   Dynamics.Forms.CmEftGenerateFiles.CmEftGenerateFiles.BeforeModalDialog += 
     Dynamics_BeforeModalDialog;
   SafePay.Forms.MePpTransactions.MePpTransactions.BeforeModalDialog += 
     new EventHandler(SafePay_Transactions_BeforeModalDialog);
}


Unfortunately, this approach has a problem: let's assume Safe Pay is not installed, therefore, the Safe Pay application dictionary and application assembly are missing from the Dynamics GP installation folder. Since the Initialize() method is the entry point to your VST application, when the runtime engine attempts to load your assembly, your application would contain a reference to a non-existing assembly. This in turn will cause the runtime engine to produce the following error:

"An error occurred while loading or initializing an addin. As your administrator to check the Windows event log for more details. Dynamics will now close."


This is always been accepted as "the way things work". Unfortunately, we couldn't live with the status quo as it meant that customers who did not require the Safe Pay module would have to install it just for the sake of our assembly not failing.

We then attempted to move our event handler registration into it's own method, enveloping the call in a try..catch block:


public void Initialize()
{
   Dynamics.Forms.SyErrorMessage.SyErrorMessage.OpenBeforeOriginal += 
     Dynamics_SyErrorMessage_OpenBeforeOriginal;
   Dynamics.Forms.CmTransactionEntry.CmTransactionEntry.BeforeModalDialog += 
     Dynamics_BeforeModalDialog;
   Dynamics.Forms.CmEftGenerateFiles.CmEftGenerateFiles.BeforeModalDialog += 
     Dynamics_BeforeModalDialog;

   try 
   {
     InitializeSafePay();
   }
   catch (Exception e) 
   {
     throw new Exception(e.Message);
   }
} 

public void InitializeSafePay()
{
  SafePay.Forms.MePpTransactions.MePpTransactions.BeforeModalDialog += 
    new EventHandler(SafePay_Transactions_BeforeModalDialog);
}


The above produced virtually the same results. That is, the exception was still being displayed. Now, quite clearly, if we commented out the throw statement, the exception would no longer present itself and the message would not appear, precisely what we needed since we did not want to alert of the missing assembly and prevent the user from login into Dynamics GP.

NOTE: Alternatively, we implemented tracing capabilities for our assembly, so now all exceptions are recorded in a log file.

Special thanks to my Sr. Software Engineer, Lee Butenhoff for researching and providing a solution to this long standing issue.

Until next post!

MG.-
Mariano Gomez, MVP

Tuesday, February 14, 2017

Revisiting: SOP Quick Print

Continuing with my Revisiting series, today I look at an article I wrote in 2009 regarding the SOP Quick Print feature.

Summary

SOP Quick Print is one of those gems in Microsoft Dynamics GP hidden within plain site. Written by my friend David Musgrave, it was designed to save time when saving and printing sales orders, fulfillment orders, and invoice. SOP Quick Print is activated by pressing CTRL + Q on your keyboard, and after a simple setup, it's good to go.

SOP Quick Print Setup window
One of the frustrating things about saving most documents in Dynamics GP, is that the window is cleared completely from the document that you were working on. Depending on what you are trying to achieve, this can be an inconvenience if all you wanted to do is save your document up to that point, so you can keep working on it. Current business logic would have you retrieving that document once more by either typing the document number or retrieving it via a lookup. With SOP Quick Print, you can save the document while keeping it displayed on the Sales Transaction Entry window.

SOP Quick Print and the Web Client

In order to achieve the printing and the saving of the document, SOP Quick Print creates a Dynamics GP macro on the fly, with the necessary macro lines (based on the selected options during configuration) to print, save, and retrieve the document when saved. The macro looks something like this:

ActivateWindow dictionary 'default'  form 'SOP_Print_Options' window 'SOP_Print_Options'
  MoveTo field 'Print Button NONE'
  ClickHit field 'Print Button NONE'
NewActiveWin dictionary 'default'  form 'Report_Destination' window 'Report_Destination'
  MoveTo field 'Print to Screen'
  ClickHit field 'Print to Screen'
  MoveTo field 'OK Button'
  ClickHit field 'OK Button'
PrintDialog copies 0 from 0 to 0


The macro is saved in the Data folder of the current instance.

The issue with macros is, they are not compatible with the Dynamics GP web client, so unfortunately, this great feature is not available when running the web client. But if you currently enjoy the desktop client, there should be absolutely no reason for you not to take advantage of this feature.

I have tested this across all newer versions of Dynamics GP, since GP 2013 and the feature continues to work as expected.

Until next post!

MG.-
Mariano Gomez, MVP

Monday, February 13, 2017

You receive "Unhandled Script Exception: Invalid Product ID 258" when attempting drill-down into an invoice from Purchasing All-In-One view

Just recently, I was helping someone on a forum with a question regarding the Purchasing All-In-One view. The consultant could not get the view to show the receipts and invoices for some vendor POs. In order to assist with the issue, I had to try and recreate the issue myself. Needless to say, I could not recreate the specific problem reported by the consultant. However, in an attempt to drill-down on a specific invoice voucher, I received the following error message:

Unhandled script exception:
Invalid Product ID 258.

EXCEPTION_CLASS_SCRIPT_OUT_OF_RANGE
SCRIPT_CMD_CALL




Product 258 corresponds to Project Accounting. Suffice to say, there isn't any validation in place to determine if the Project Accounting dictionary is present, before attempting to display the invoice. The workaround, of course, is to install Project Accounting even if you don't need it, until a fix is in place from Microsoft.

This issue is present in Microsoft Dynamics GP 2015 R2 YE (14.00.1016) and Microsoft Dynamics GP 2016 RTM (16.00.0404). I have not tested GP 2016 R2, but see no specific reason to believe this is been fixed, given the fact that this condition only occurs if Project Accounting is not installed.


Until next post!

MG.-
Mariano Gomez, MVP

Friday, January 27, 2017

Deploying Microsoft Dynamics GP Web Client with Office 365 Identity and Azure Active Directory - Part 1

Hi! As of late I have been seeing a number of questions on forums about deploying Microsoft Dynamics GP Web Client using Office 365 identity. So I figured I would take a deep dive look into this topic, by providing a bit of background and steps to achieve a successful deployment. What you need to know is, you have a range of options.


Background

Office 365 uses Azure Active Directory (Azure AD) cloud-based user authentication service to manage users. This service provides 3 identity models that can be used to manage user accounts:


Cloud identity. In this scenario, accounts are managed in Office 365 only. All the administration is done in the cloud, requiring no on-premise servers to manage the accounts.

Synchronized identity. In this particular case, your on-premise directory objects are synchronized with Office 365, with the bulk of the administration done from your on-premise server. Passwords can be synchronized such that users have the same password both on-premises and in the cloud. The downside to this approach is, users will need to sign in twice: once to the local domain and yet again to access Office 365.

Federated identity. This identity management model allows you to synchronize your on-premises directory objects with Office 365 and manage your users on-premises. The users have the same password on-premises and in the cloud, and they do not have to sign in again to use Office 365. This is often referred to as single sign-on.


The following video describes in more detail how each of these identity models work:



Most organizations will fall within the Synchronized or Federated model, but as more and more organizations move to a pure cloud model, cloud identities are becoming very common.

In my next article, I will go into the pre-requisites to deploy Microsoft Dynamics GP Web Client with Office 365.

Until next post!

MG.-
Mariano Gomez, MVP

Wednesday, January 25, 2017

Revisiting: Microsoft Dynamics GP's PerformancePoint Server Connector

I realize this one is a really obscure topic, but I thought it was important to bring it to light. Microsoft Office PerformancePoint Server was an actual thing, it existed, and to the surprise of everyone reading this and not in the channel long enough to remember, Dynamics GP had a connector to it.


Summary

Microsoft Office PerformancePoint Server was a business intelligence software product released in 2007 by Microsoft. It was discontinued in 2009, then resurfaced with its dashboard, scorecard, and analytics capabilities incorporated into SharePoint Server 2010 - the feature was known as PerformancePoint Services in SharePoint Server 2013. PerformancePoint Server also provided a planning and budgeting component directly integrated with Excel. However, by 2009, the actual Microsoft Dynamics GP connector for PerformancePoint was also discontinued.

Back in 2008, I wrote a stub article about it for an article published by Alan Whitehouse. You can read more about it here:

A First Look at GP's PerformancePoint Connector by Alan Whitehouse

Dynamics GP took full advantage of SharePoint, to address deficiencies in the document management and workflow areas. PerformancePoint provided the Business Intelligence capabilities lacking at the time. With the introduction of GP 2015, Workflow went the way of Dexterity and Windows Workflow Foundation, a lot of the document storage capabilities went the way of Document Attach, which brings me to the BI portion that PerformacePoint addressed at the time.

Business Intelligence with Power BI

The BI track has taken multiple twists and turns - and will probably continue to as new(er) tools come to market. First it was PerformancePoint, then it was Corporate Performance Management, then it was KPIs in SQL Server Reporting Services (SSRS) - those are still around by the way, then came Excel Dashboards, but with the introduction of Dynamics GP 2016 came the integration of Microsoft Power BI. You can read more about it here:

Microsoft Dynamics GP 2016 - Power BI Feature

Power BI allows users to create powerful visualizations without ever drawing a single line of code: point to your data source, setup the type of visualization you want, and off you go.


There are some pre-requisites to configure Power BI. The first and foremost is to register to use Power BI. You can do this by going to https://powerbi.microsoft.com/en-us/. This is actually pretty straight forward if you are already registered for any of the Microsoft online services like Office 365, Dynamics 365, or Windows Azure.

Once you've done this, you can then register an application by going to https://dev.powerbi.com/apps.


The documentation on the Microsoft Dynamics GP Support and Services blog provides additional information on how to fill in this page, so no need to rehash here. Finally, you will setup visualizations to show up on Microsoft Dynamics GP's home page by going to the Reporting Tools Setup window.

In a next article, I will upload a video to my YouTube channel showing how to get started.

Until next post!

MG.-
Mariano Gomez, MVP

Monday, January 23, 2017

"Get-Content : Cannot find path 'C:\en-US\Welcome.txt' because it does not exist" error when running GPPowerShellStart.ps1

Lately, I have been dabbing into PowerShell. The truth is, I had been wanting to do this for the past 3 years now, to switch from DOS batch files and VBScript to a more robust, developer-like task automation alternative. So I thought myself PowerShell over the past few days and, in doing so, I decided I'd look into the GP PowerShell feature, so off I went installing it.

Summary

Directly from the PowerShell TechNet page, "Windows PowerShell® is a task-based command-line shell and scripting language designed especially for system administration. Built on the .NET Framework, Windows PowerShell helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows." More on PowerShell here.

GP PowerShell is available for Microsoft Dynamics GP 2013 and above and can be found on the main application setup page.

Setup page
A couple clicks and you are ready to go.

The Problem

The GP PowerShell components install under the Microsoft Dynamics GP folder which contains a startup script, GPPowerShellStartupScript.ps1. A quick look at the code in Windows PowerShell ISE (or Notepad) quickly points out that this script is supposed to retrieve the path from where the script is being launched, concatenate said path with the locale, obtained from the .NET culture (in my case en-US, English United States) and the name of the file, Welcome.txt, to then show its content.

$ScriptRoot = $MyInvocation.PSScriptRoot


$GPPowerShellConfig = "$ScriptRoot\GPPowerShell.dll.config"
[appdomain]::CurrentDomain.SetData("APP_CONFIG_FILE", $GPPowerShellConfig)
Add-Type -AssemblyName System.Configuration

$Locale = (Get-UICulture).Name
if (Test-Path "$ScriptRoot\$Locale\Welcome.txt")
{
    Get-Content "$ScriptRoot\$Locale\Welcome.txt"
}
else
{
    Get-Content "$ScriptRoot\en-US\Welcome.txt"
}


However, when this script is executed, I immediately get the error:

Get-Content : Cannot find path 'C:\en-US\Welcome.txt' because it does not exist.
At C:\Program Files (x86)\Microsoft Dynamics\GPPowerShell\GP2015\GPPowerShellStartupScript.ps1:14 char:5
+        Get-Content "$ScriptRoot\en-US\Welcome.txt"
+        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo : ObjectNotFound: (C:\en-US\Welcome.txt:String) [Get-Content], ItemNotFoundException
          + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetContentCommand


The Solution

One thing I like about PowerShell is, the errors are pretty clear and concise as to what the problem is, in this case the path to the welcome.txt file is incorrect, and based on the result, the culprit can only be the $MyInvocation.PSScriptRoot not returning the path corresponding to the script's launch location.

In doing some research, I found that the method of obtaining the path of the current running script depends on the version of PowerShell and .NET Framework you are running. For more information on PowerShell scripting engine requirements click here.

For PowerShell 3+, you can simple use the global variable $PSScriptRoot. For all version of PowerShell, the below method works well:

Split-Path $MyInvocation.MyCommand.Path -Parent

This led me to think that perhaps this problem could have been easily taken care of by providing a universal function that could be called within the script, but we will address the issue with the previous method, as follows:


$ScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent
# $ScriptRoot = $MyInvocation.PSScriptRoot

$GPPowerShellConfig = "$ScriptRoot\GPPowerShell.dll.config"
[appdomain]::CurrentDomain.SetData("APP_CONFIG_FILE", $GPPowerShellConfig)
Add-Type -AssemblyName System.Configuration

$Locale = (Get-UICulture).Name
if (Test-Path "$ScriptRoot\$Locale\Welcome.txt")
{
    Get-Content "$ScriptRoot\$Locale\Welcome.txt"
}
else
{
    Get-Content "$ScriptRoot\en-US\Welcome.txt"
}


After making these adjustments, the script produces the expected result:

Welcome to the Microsoft Dynamics GP 2015 PowerShell module.
For a list of GP cmdlets type 'Get-Command -module GP2015'.
Use 'Set-GPSessionCentralAddress' to connect to your GP Session Central Service before executing any other GP cmdlet.

After all, what would be of this world without a warm welcome ;-)

Until next post!

MG.-
Mariano Gomez, MVP

Thursday, January 19, 2017

Revisiting: The Dexterity OLE Container

Welcome to the first article in my Revisiting series. Today I'm going to talk about the now defunct Dexterity OLE Container feature in Microsoft Dynamics GP. However, not because the technology is dead, it means that you don't have to deal with OLE notes. If you are coming from older versions of Microsoft Dynamics GP and upgrading to, say, GP 2013 R2 onward you have to be substantially aware of OLE notes: how are you going to migrate these and what is there in place to replace them.

Summary

In principle, OLE is a compound document technology from Microsoft based on the Component Object Model (COM). OLE allows an object such as a graphic, video clip, spreadsheet, etc. to be embedded into a document, called the Container Application. The Dexterity OLE Container is part of the Dexterity Shared Components. In OLE compound document technology, it is the OLE client application (CONTAIN.EXE), which holds the linked or embedded objects. The Dexterity OLE Container first surfaced with the release of Dexterity 3.0 in 1993.



It is important to note that the OLE client application and the OLE functionality is still available to Dexterity developers today, but the functionality began phasing out from Microsoft Dynamics GP since version 12 (GP 2013 R2) with the introduction of the Web Client. More on this below.

You can read my previous articles on the OLE Container, here:

All about the Dexterity OLE Container
More on OLE attachments and record notes
"You have too many note windows open. Close a note window" Error Message
All About Dexterity OLE Container - Follow Up
OLE Notes and Microsoft Dynamics GP 2013 Web Client

Document Attach

Document Attach (Doc Attach) 1.0 was introduced back in November of 2012 in a Feature of the Day article by Pam Misialek prior to the RTM release of Microsoft Dynamics GP 2013. Document Attach marked the beginning of the end of the OLE container notes feature in Microsoft Dynamics GP. Doc Attach 1.0 first addressed attachments in Sales Order Processing. With the introduction of Microsoft Dynamics GP 2013 service pack 2 in August of 2013, showed a marked improvement of the feature with delivery of key aspects like document flow, status tracking, password protection deletion, ability to establish properties for attached documents, ability to email attachments.



Microsoft also delivered a migration tool, the Microsoft Dynamics GP OLE Object Migration Utility, that would allow customers and partners to migrate the OLE container notes to the new Document Attach feature.

Dynamics GP 2015 completely phased out the OLE notes and delivered yet improved functionality with the introduction of the ability to scan documents straight into Doc Attach.

The Microsoft Dynamics GP OLE Migration Utility

The Microsoft Dynamics GP OLE Object Migration utility can help system administrators extract OLE objects that were attached to note records in the Microsoft Dynamics GP desktop client, and migrate them to document attachment records. Users can view and edit the attachments in the desktop client as well as the Microsoft Dynamics GP Web Client. If you don’t move your OLE objects to document attachment records, you will not be able to view and edit existing notes with OLE objects, or create new notes with OLE objects, in the desktop client. In addition, you won’t be able to create, view, or edit window- or record-level notes with OLE objects in the web client.

Using the utility is not required for implementing or using Microsoft Dynamics GP. If you haven’t used OLE objects, or will not be attaching notes in any format to records using the Microsoft Dynamics GP Web Client, you don’t need to use this utility. The utility was first made available for Microsoft Dynamics GP 2013 R2. If you haven’t used it with GP 2013 R2, but you have installed GP 2015, you can still install and run the utility.

The migration tool provides some automation of the process of transferring OLE Notes to document attachment documents. In some cases, the tool might not convert all your OLE Notes. For example, while many variations or file types of OLE Notes will migrate successfully, some file types might not. In those situations, if you need to retain the OLE Notes that do not convert, those notes must be manually attached in Document Attach.

You can download the Migration Utility Guide here for more information on prerequisites and overall use of the tool. You will need a valid CustomerSource or PartnerSource account to download.

Hopefully this review has been clear and concise and I welcome your comments.

Until next post!

MG.-
Mariano Gomez, MVP

Tuesday, January 17, 2017

New Year's Resolution

Well, hello everyone! I hope you had a great time with family and friends and that you are now cranking it in high gear to get this year started off on the right track. I know I am.

A little of what I'm working on...

As the Lead Software Engineer for Mekorma, my job is to make sure we build quality new products, while improving the capabilities of our existing offerings. To that effect, my team has been working on a really cool product that automates the entire processing of payments (checks, EFTs, and Credit Cards) and remittances by leveraging our existing MICR offering, all the while, delivering total Accounts Payable automation in the process. I am really excited to talk about this, so more on this in an upcoming article.


Blogging challenge for the New Year

One of the questions I get asked the most in my comments section is, "does this article still apply to the newer versions of GP?" Usually, the person asking the question is referring to versions GP 2015 R2, or GP 2016, and now GP 2016 R2? What I found surprising about this question wasn't so much the question itself, but in revisiting my articles, I have over 1000 that would qualify as "old". So I asked myself, "wouldn't it be cool to go back and revisit some of the older ones to see whether they still apply or not, or what changes they require for them to work with today's newer versions of GP?". In response, I will be revisiting as many articles as I can over the course of this year, and republishing them with newer code and better development patterns (where applicable), or even improved solutions noting whether there's standard functionality now available for what was covered before as a workaround.

Starting tomorrow, I will begin a new series called "Revisiting" where I will cover some of the old material I have on this site under the light of the newer GP versions - you asked, you got it! - all the while introducing new topics.


Community Activities and Events

This year, I have the honor to serve as Vice-chair of Association of Dynamics Professionals Credentialing Council Board. You can read more here. The Credentialing Council Board is the most senior leadership body of members of the Association of Dynamics Professionals (DynamicsPro) and is responsible for setting the direction for nearly all aspects of the association. I share the stage with a number of professionals from other disciplines like NAV and SL, and probably one of the most diverse group you will ever find, with folks hailing from Europe and the United States.

I have also taken an active role with my GPUG local chapter, GPUG Georgia, assisting with the planning and marketing of the 2017 quarterly meetings. I will also be delivering sessions at the local chapter meetings. Our goal is to improve participation while delivering rich content that all who attend can immediately leverage in their organizations. If you are currently an active GPUG member and you live in the Metropolitan Atlanta area, please see our Chapter page for more information.

I will also be participating as a speaker at GPUG Amplify 2017 in Anaheim, CA, GPUG Summit 2017 in Nashville, TN, and reIMAGINE 2017 in Fargo, ND. You may also see me at some international events, but that's still being worked out as I type. The following tune has been chosen as the theme song for this year's GPUG Summit.



Finally, this year I'm making an absolute commitment to attend the Microsoft MVP Global Summit 2017 in Seattle, Washington, assuming I get re-awarded as a Microsoft MVP to begin with, in July.

As you can tell, my blogging agenda, along with my agenda of activities and events is quite pack for this year. I hope to meet a good number of what I have planned for the year and see quite a few of you at the events I will be attending. Please join me in continuing to make Microsoft Dynamics GP the leading middle market ERP with over 47,000 customers world wide, by showing your support to your local GPUG chapter, joining the events whether you are a partner, a customer, or an ISV.
Until next post!

MG.-
Mariano Gomez, MVP

Wednesday, November 23, 2016

Google Chrome Penalizes Websites Using SHA-1 SSL Certificates

Just recently, I was working with the Microsoft Dynamics GP 2016 web client and, as is customary, I run my tests on Google Chrome and Microsoft Internet Explorer and Edge browsers. When I brought up the web client website on Internet Explorer and Edge, nothing out of the ordinary seem to happen and effectively, the address bar is squeaky clean, as shown below:

Microsoft Edge address bar

Internet Explorer address bar

However, when you bring up the same site in Google Chrome, you are greeted with a site configuration warning and struck-out https prefix, as shown below

Chrome address bar

If you further click on the warning sign, you get additional information stating:

"This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private."


The Details link is further more descriptive by opening the Chrome Security pane, where you get additional information stating the certificate expiration date is approaching soon and that the page is insecure.


So, I figured, an SSL certificate is an SSL certificate and SHA-1 is by far better than HTTP or no certificate at all (which is not supported by the web client). However, I started digging a bit more and, as it turned out, Google began phasing out support for SHA-1 certificates since version 42 of Chrome. The phase out has happened slowly. In version 42, users received a simple yellow warning triangle with a padlock to indicate the site used a weak SSL encryption, IF their certificate expired in 2016. If the certificate expires past 2016 -- like in the case of my certificate -- the user would receive a "broken https" indication.

However, at this point, it seems Google is not planning on blocking connection to sites with SHA-1 certificates, but this is not assurance that it won't happen. So what do you need to do? If you have third party certificates in place, you probably have already been contacted by your Certificate Authority company and they probably have issued you a SHA-256 certificate. If you are using Active Directory Certificate Store certificates, you can read up the Technet article on Implementing SHA-2 in Active Directory Certificate Services.

If you are using Self-Signed certificates, you may want to use these only in a development environment and forego their use in production.

If you are unsure of what type of encryption you are running, you can check your SLL certificates at:

Qualys SSL LABS

Note that the Qualys test can only be run on port 443.

Until next post!

MG.-
Mariano Gomez, MVP