GP Web client error with SSL/TLS

We have already seen the cross domain issue with the previous post. Here the security issue with SSL/TLS to establish trust relationship to session central service.


An error occurred during session monitoring: ‘System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority ‘’. —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

The web application ssl has been configured in IIS, but we have to create the trust certification access from windows certificate manager console.
Hove to copy the SSL certificate from personal to “Trust Root Certificate Authority” section. Now the service certification will be authorized to establish the connection.

1. Go to Run command and type certmgr.msc.

2. Now expand the Certificate–>Personal -> Certificate

3. Select the web site certificate which is installed on IIS. Right click and copy the certificate

4. Now expand the Certificate–>Trusted Root Certification Authorities -> Certificate. Right click and past it

6. Now enter the GP web client url.

Cross Domain Error in Dynamic GP 2013 Web Client

The cross domain error would be occurred on Silverlight. Because distinct URL has been configured on session central service, session service and run time service.

Severity: Critical
Summary: An error occurred while initializing communication with the server.
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See

Scenario 01:
For example I have configured session central and session service with out SSL and runtime service with SLL, in my scenario looks like;
Here the service URL has been configured in same domain.

http://gpserver:48650/SessionCentralService (without SSL)
http://gpserver:48651/SessionService (without SSL)
https://webclient.sathiya.local:48652/ (SSL mandatory for GP web client Runtime service)

Scenario 01:
If suppose the web client is accessible thought internet and configured public url then the Runtime service will be configured like
So the silver light wont communicate between cross domains.

http://gpserver:48650/SessionCentralService (Local url)
http://gpserver:48651/SessionService (Local url)

So you have to configure all three service url should be in same domain. Either it would be local FQDN urls or public urls,

https://webclient.sathiya.local:48650/SessionCentralService (without SSL)
https://webclient.sathiya.local:48651/SessionService (without SSL)

(or) (Local url) (Local url)

Security issue may happen after installed this setup. To resolve Web client error with SSL/TLS

Error configuring Management Reporter 2012

While configuring MR 2012 RU5 for Dynamics GP 2012 with Microsoft SQL 2014, this is the error we have faced;

2/16/2015 3:15:09 PM - System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at http://dynamics/CompanyService.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)

--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Security.IssuanceTokenProviderBase 1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory 1.ClientSecurityChannel 1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings 1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Dynamics.Performance.Deployment.CompanyImport.CompanyService.ICompanyService.FillAllConfiguredIntegrations()
at Microsoft.Dynamics.Performance.Deployment.Common.WcfUtility.ExecuteOnClient[TCommunicationObject,TReturn](Func 2 invokeMe, Func 1 clientFactory)
at Microsoft.Dynamics.Performance.Deployment.CompanyImport.CompanyServiceHelper.ExecuteOnClient[T](Func 2 invokeMe, Func 2 exceptionHandler, Uri applicationServiceUri)
2/16/2015 3:16:09 PM - Starting deployment of Management Reporter 2012 Application Service
2/16/2015 3:16:09 PM - Creating PrincipalContext for domain <domain>
2/16/2015 3:16:09 PM - Finding Principal for user entadmin in context for domain <domain>
2/16/2015 3:16:09 PM - Found database package: C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Packages\ManagementReporter.dacpac
2/16/2015 3:16:09 PM - Found database package: C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Packages\SchedulerStore.dacpac
2/16/2015 3:16:09 PM - Found database package: C:\Program Files\Microsoft Dynamics ERP\Management Reporter\2.1\Server\Packages\ConnectorStore.dacpac
2/16/2015 3:16:09 PM - Deployment parameters:
DatabaseCollation: SQL_Latin1_General_CP1_CI_AS
WindowsLoginToCreate: <domain>\mrsvc
FirstAdminUserName: <domain>\entadmin
FirstAdminSid: S-1-5-21-1583657088-1483352188-1218694631-500
FirstAdminDisplayName: Ent Admin
2/16/2015 3:16:09 PM - Extracting supporting files for database deployment...
2/16/2015 3:16:09 PM - Beginning database deployment...
2/16/2015 3:16:11 PM - The database deployment failed. Additional information: Could not deploy package.
2/16/2015 3:17:21 PM - Microsoft.Dynamics.Performance.Deployment.Console.Core.DeploymentFailedException: An error occurred during database deployment. View the deployment log for more information.
at Microsoft.Dynamics.Performance.Deployment.Reporting.ReportingDatabase.DeployDatabasePackages(String connectionString, String databaseName, Dictionary
2 parameters)
at Microsoft.Dynamics.Performance.Deployment.Reporting.ApplicationServiceDeploymentPart.DeployWithSettings(IDictionary2 settingsToDeployWith)
at Microsoft.Dynamics.Performance.Deployment.Console.ConfigurationConsole.Wizard.Screens.DeploymentViewModel.TryRemoveFromView(Boolean isProgressing)


Before starting the MR, you have to check SQL server version. Hence the root cause of the above error is version compatibility. Ref version summary here

So, you have to download CU9 from your customer source which is support to SQL server 2014. Ref here still the error persist.