Exposing Dynamics 365 Onebox to the LAN

Exposing Dynamics 365 Onebox to the LAN

The below instruction was inspired by the blog How to access AX 7 from other machine. However, I work not on a single notebook, but connect to a prosumer 6-core Windows Server 2016 machine with 32 GB RAM, 1 TB M2. SSD. The resulting performance is comparable – if not higher – to a D365 production instance.

Onebox in the LAN

  1. The first [time consuming] step is to download the latest Dynamics 365 for Finance and Operations, Enterprise edition 7.3 with Platform update 12. Once downloaded, unpack the 10x3GB RAR archives to a fast disc, preferably SSD. The Connect site some of us have been using semi-officially to download the latest releases and betas has been retired, but the latest VHD is available here: https://aka.ms/finandops73pu12, God knows for how long.Update 27.03.2018: the above SharePoint link has expired too. Use LCS to download the image.
  2. Install the Hyper-V role to the Windows Server, should it has not been done before.
  3. In the Virtual Switch manager of the Hyper-V manager, create a new Virtual Switch of the External network type, and Allow management operating system to share this network adapter: Contrary to this advice, there is no need for another Internal network, because the virtual machine is going to be an equal peer in the LAN, visible under a local IP address. Should your physical server be assigned a fixed IP and running its own DHCP service, note the IP address down before applying the changes, because the Hyper-V switch is going to take place of the original Ethernet connection and become the primary ‘gate’.
  4. Next, create a new Virtual Machine in the Hyper-V manager. Generation = 1, attach the VHD you have unpacked at step 1. Give it dynamic memory; a Dynamics 365 Onebox running under full steam consumes between 8 and 12 GB of memory. Hence, for a comfortable experience your physical server should possess no less than 24 GB RAM. Give the machine the Network Adaptor from step 3. An Automatic Start Action (delayed) makes sense for an always on, accessible anytime virtual machine.
  5. Start the VM. It should be able to boot and join the local area network. Connect to the machine using the default credentials: Username = CONTOSO/Administrator, Password = pass@word1 (you will be asked to change the password ASAP). Be aware the EN-US keyboard is active by default. FYI: for the SQL server Authentication in SQL Server Management Studio, the user name and password are going to be AOSUSER, AOSWebSite@123.
  6. Once connected, make yourself comfortable in the virtual machine: assign your native keyboard layout, localization options and the time zone. Dynamics is not going to let you in, though, for the admin provisioning tool has not been executed yet. Let the Windows Server 2016 running in the virtual machine download and install the latest updates. It is going to take a while.
  7. Create a snapshot of the VM to rollback any changes to this virgin state, if needed.
  8. Run the AdminUserProvisioning tool from the VM desktop to associate your personal Office 365 tenant account with the Admin user in Dynamics 365. FYI: the basic Office 365 Business Essentials subscription is as cheap as ~4 Euro a month.
  9. Try the Internet Information Server and the Dynamics 365 application by typing in https://usnconeboxax1aos.cloud.onebox.dynamics.com in the browser on the VM. The External network connection is mandatory, because the application is going to authenticate you against the Azure Active Directory.
  10. In the meantime, open your DHCP management console and assign a fixed local IP address to the virtual machine by the Hyper-V virtual MAC address. The VM must have gotten a lease already under the name ‘MININT-F36S5EH’. This lease can be Added to reservation to make the lease persistent, e.g. 192.168.0.201
  11. What the C:\Windows\System32\drivers\etc\hosts file does to the local machine, so is the DNS server for the local network. In the DNS console, create a new Forward Lookup Zone cloud.onebox.dynamics.com, and add a New Host (A) usnconeboxax1aos with the IP address from step 10 into this zone. The FQDN of the virtual machine in the local network becomes usnconeboxax1aos.cloud.onebox.dynamics.com:
  12. To test the connection, you may temporarily turn the firewall in the VM off for the internal network, and try to ping the VM by the name usnconeboxax1aos.cloud.onebox.dynamics.com from a different host in the LAN, then navigate to https://usnconeboxax1aos.cloud.onebox.dynamics.com in the browser. The browser is going to show an SSL certificate error.
  13. To circumvent the warning, export the SSL certificate from the IIS in the VM by opening Bindings… of the AOSService site, then Edit… > View… > Details > Copy to File, then save the file in a local network share, since your VM is able to browse the local network.
  14. Install the certificate on your notebook into the Trusted Root Certification Authorities repository of your Current User by double-clicking the .PFX certificate file from step 13 (you may review or delete them if needed in the Manage user certificate console).
  15. Try https://usnconeboxax1aos.cloud.onebox.dynamics.com again, voila!
  16. Update 27.03.2018: In order to download Office files from the machine or to use the Data management module you need to re-configure the Azure Storage Emulator in the OneBox, otherwise an error appears on the attempt to connect to the address http://127.0.0.1:10000.
  17. Open the configuration file C:\Program Files (x86)\Microsoft SDKs\Azure\Storage Emulator\AzureStorageEmulator.exe.CONFIG and replace 127.0.0.1 with usnconeboxax1aos.cloud.onebox.dynamics.com at 3 places.
  18. Open the configuration file C:\AOSService\webroot\web.CONFIG and replace the encoded connection string with UseDevelopmentStorage=true;DevelopmentStorageProxyUri=http://usconeboxax1aos.cloud.onebox.dynamics.com
  19. In the Windows firewall, add a new Inbound rule and open the ports 10000, 10001, 10002 to the Private network. Update 02.09.2019: The Azure Storage Emulator fails to release the 1000x ports on every VM restart e.g. due to mandatory Windows updates. Change the ports to 40000, 40001, 40002 in C:\Program Files (x86)\Microsoft SDKs\Azure\Storage Emulator\AzureStorageEmulator.exe.CONFIG, start the emulator, than restart the VM once more, set the ports back to 10000, 10001, 10002 and restart the emulator again.
  20. Restart the IIS application and the Azure Storage Emulator.

Onebox in the WAN

Exposing the same machine to the WAN is difficult. Obviously, you do not own the domain dynamics.com, and for the global Domain Name System to redirect an HTTPS call to the external IP address of your router, you have to rename the URL of the Dynamics 365 application first. The old instructions here and here do not work anymore, since authentication attempts from a fake URL such as dax.erconsult.eu fail with the error AADSTS50011: The reply address 'https://dax.erconsult.eu/' does not match the reply addresses configured for the application: '00000015-0000-0000-c000-000000000000’ Update 02.09.2019: This conundrum was solved by M.J. from the Netherlands: https://cloudtotal.blog/2019/08/tutorial-expose-a-dynamics-365-for-finance-and-operations-onebox-on-a-custom-public-domain/ Below is a copy of his work:

Connect the Warehouse Management App

Update 15.11.2023: Provided an up and running Dynamics 365 for Finance / SCM instance,as outlined in the previous chapter, the challenge is now to connect a Warehouse Management app and execute the respective workloads against the local server.
  1. Follow the advice Install the Warehouse Management mobile app – Supply Chain Management | Dynamics 365 | Microsoft Learn up to the selection of the authentication method.
  2. Opt for the User-based authentication. Follow the guidance User-based authentication – Supply Chain Management | Dynamics 365 | Microsoft Learn. It is essential to have these 2 API permissions granted to your Application: CustomService.FullAccess https://erp.dynamics.com/CustomService.FullAccess Resource APP ID: 00000015-0000-0000-c000-000000000000User.Read https://graph.microsoft.com/User.Read Resource APP ID: 00000003-0000-0000-c000-000000000000
  3. With regards to the user setup, you may find this blog highly useful: (6) User-based authentication (Device code flow) for the D365 Warehouse management app | LinkedIn The connection settings will look like this: where the client ID is the Application ID, and the Entra ID resource is the URL of the Dynamics 365 for Finance and SCM application.

EU Tax directives

EU Tax directives

A well-formed intra-community or export invoice in the European Union should have a certain remark for the issuer (exporter) to have a tax-free delivery, and for the recipient (importer) to apply the proper tax regime.

In the past we used to build complex hard-coded logic into our invoices in Dynamics AX: “if the destination delivery address is not our country but another EU member, and the goods are tangible, then print XXXX, otherwise YYYY” etc. It turns out we were reinventing the wheel. Pascal, a colleague of mine, discovered a function called Tax directive which emerged apparently in one of the AX2012 releases and remained in Dynamics 365 for Finance and Operations EE.

On the VAT codes screen there is a button called Tax directives. This button appears in legal entities with a primary address in one of the EU countries. The remark can be entered in the language of the prospective customer:

Now, if the parameter VAT specification in Sales ledger (en-us: Accounts receivable) > Setup > Forms > Form setup is set to either Registration currency or Registration and company currency, the text of the directive appears nicely in the middle section of the sales order invoice or the free text invoice:

The remarks are as flexible as the tax configuration itself, and the tax directives are additive, which allows for complex cases e.g. where services (=reverse charge) and goods (=IC delivery) are billed with one invoice.

There are limitations. The tax directives are not yet available on PSA (professional service automation) project invoices, in particular on the so-called “Project invoice without billing rules”. The remedy is the VAT exempt codes with their Translations. They are a bit more difficult to configure because not assigned to tax codes directly but to VAT group — Tax code combinations, but they fulfil the same purpose, here for the reverse charge remark in the German language:

You may vote for my product improvement suggestion to extend the VAT directives into the Project accounting realm sooner.

Copy-paste automation in D365 FO with a keyboard emulator

Copy-paste automation in D365 FO with a keyboard emulator

The Microsoft Dynamics Product Group in their infinite wisdom first deprecated in D365 FO the import into an arbitrary table (because entities can do much more, and they became the First Class Citizens in the development environment), then the table browser in Production (because Microsoft Support Engineers were complaining the partners did not behave).

However, the ~2600 First Class Citizens are still too few in front of the common crowd of 9000+ application tables, and Microsoft Support Engineers themselves never execute SQL scripts against the database. In the absence of other mass update tools in Dynamics 365 FO, the consultant’s last resort became the clipboard: <Ctrl-C> <Tab> <Ctrl-V> <Ctrl-C> <Tab> <Ctrl-V> <Ctrl-C> <Tab> <Ctrl-V> <Ctrl-C> <Tab> <Ctrl-V> <Ctrl-C> <Tab> <Ctrl-V> <Ctrl-C> <Tab> <Ctrl-V> <Ctrl-C> <Tab> <Ctrl-V>… This activity is well paid like any other consulting routine, but it is as entertaining as watching the grass grow. Most importantly, it is error prone.

Desperate times call for desperate measures. Many large partners out there have already deployed their table browser forms and SQL injection tools, but in simple cases a keyboard emulator may help. I used the program called AutoHotkey with its rich scripting language.

The below scripts are started by this program with the hotkey <Ctrl-J>. They send key combinations into the browser window to perform repetitive actions. The <F1> key is your panic button to stop a script running amok. The D365 browser UI is not instantly responsive: allow for 10-100 milliseconds to enter data across different fields in one record, and 1000-1500 milliseconds on database operations of saving, deleting, or opening/closing a form. This is achieved by the “Sleep(x)” command. Even the tabulator key and <Alt-Something> combinations require some time for the JavaScript presentation layer to respond. The scripts simulate the key pressed, give some time to D365 to respond, and depress the key.

Watch it in action:

 

Mass-deleting lines

‘Simple list’ forms in D365 FO often offer no multi select capability, and with the table browser locked, mass deletion of lines becomes a sweaty exercise for the consultant. The following script calls <Alt-Del> and confirms ‘yes, delete’ one hundred times in a loop:
; ---------Press Ctrl-J to trigger
^j::
Loop 100 {
Sleep, 500
Send, {alt down}
Sleep, 100
Send, {Del}
Sleep, 100
send, {alt up}
Sleep, 500
Send, {TAB down}{TAB up}
Send, {TAB down}{TAB up}
Send, {Space}
Sleep, 500
}
Return
; Press F1 to stop
F1::ExitApp

Copy language translations

Many master tables come with translations into the customer/supplier language: terms of payment, terms and modes of delivery, miscellaneous charges etc. Entities such as the ‘Unit translation’ only exist for a few of them. Here is the rescue: import the language text with the entity into an existing field (e.g. Description), then copy and paste it into the Translation form. The below script copies 200 payment term descriptions into the ‘en-us’ language:
^j::
Loop 200 {
Sleep, 100
; ---------Copy the content of the Description field
Send, ^a
Sleep, 200
Loop 20{
Send, {Shift Down}{Right}{Shift Up}
Sleep, 10
}
Send, ^c
Sleep, 100
; --------- Open the ribbon, 'click' Translations
Send, !m
Sleep, 100
Send, a
Sleep, 100
Send, {TAB down}{TAB up}
Send, {TAB down}{TAB up}
Send, {TAB down}{TAB up}
Send, {Space}
Sleep, 1500
; ---------Create a new record
Send, {Alt Down}
Sleep, 100
Send, n
Sleep, 100
Send, {Alt Up}
Sleep, 1000
Send, en{-}us
; ---------Paste the content, save the record
Send, {TAB down}{TAB up}
Send, {TAB down}{TAB up}
Sleep, 200
Send, ^v
Sleep, 200
Send, ^s
Sleep, 200
; ---------Close the Translation form
Send, {Escape Up}
Sleep, 200
Send, {Escape Down}
Sleep, 500
; ---------Scroll down to the next record, and repeat the cycle
Send, {LControl Down}{Down}{LControl Up}
}
Return
; Press F1 in panic
F1::ExitApp