We are happy to share the Spring ’18 release notes for Microsoft Business Applications. It summarizes all new and updated features shipping in the Spring wave, starting in April. You can download the release notes here.

In many ways, our Spring ’18 release marks the beginning of a new era for Microsoft Business Applications. It is a monumental release on many dimensions.

We’ve made tremendous progress unifying our business applications family, across our marketing, sales, service, operations, finance, talent and retail offerings; bringing together what we believe is the most comprehensive family of business applications spanning the entire business process landscape for our customers and partners.

We’ve also worked tirelessly to ensure Dynamics 365 users gain synergistic benefit from any other Microsoft investments they’ve made – integrating Dynamics 365 with Microsoft Outlook, Teams, SharePoint Online, Stream, Azure Functions, LinkedIn. We’ve enriched the Dynamics 365 experience with data and signal from Office 365 and Bing. And we’ve made it more intelligent by employing the decades of AI work pioneered by Microsoft Research.

The platform beneath Dynamics 365 (importantly, now also the platform beneath Office 365) has also been substantially advanced in this release – Power BI, PowerApps, Flow, Stream, the Common Data Service for Apps and the Common Data Service for Analytics combine to deliver what we believe is an unmatched palette of tools for extending, customizing and integrating Dynamics 365 and Office 365 into your environment – and for powering those experiences with insights and intelligence from data across hundreds of business systems for which we have built-in connectivity, and with rich audio-visual media that make experiences more natural.

All this work we’ve done for you – our partners, customers and users – to help you drive your digital transformation agenda.

You can find a summary of new features across all Dynamics 365 apps and the platform in the release notes here. We will update the release notes in the coming weeks as we add and enhance features and capabilities.

We’re excited to engage with you as you employ the new services, capabilities and features and eager to hear your feedback as you dig in the Spring ’18 release.

We know that our product name is long, and has changed. We’ve worked with our branding, marketing, and legal folks to come up with a way to make all of our content easier to find. It’s #Dyn365FO.

 We’ve already tagged all of our content on docs.microsoft.com with the hashtag, and hope that you follow suit with your blogs, Tweets, and other conversations.

Consider a scenario where you are importing data using DIXF, and you get an error when you try to “Preview source file” and you are running SQL Server 2014 SP2 CU10 or CU11.

1. The error

The error you see looks something like this:

System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to http://servernamehere:7000/DMFService/DMFServiceHelper.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down).

We also see these sorts of events in the Windows Event Log:

Event 1026 – .NET Runtime – Application: Microsoft.Dynamics.AX.DMF.SSISHelperService.exe – The process was terminated due to an unhandled exception – exception code 1

Event 1000 – Application Error – Faulting application name: Microsoft.Dynamics.AX.DMF.SSISHelperService.exe, version:6.3.6000.3667 – Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202

2. Cause

There is a SSIS issue in SQL Server 2104 SP2 CU10 for which a fix will ship in SP2 CU12.

3. Possible workarounds

On AX side, the issue will repro only when “Create error file” is enabled in “Data import/export framework parameters“. Thus, as a workaround, users can un-check this option until the SSIS fix has shipped.

Another option is to uninstall the SQL Server CU that is causing the issue and wait for CU12 to ship.

Please implement this in TEST first, before rolling out in PROD, in line with your change management processes.

After installing a hotfix (Ex, KB4090327) for Retail Return Location customers have been having issues with Return Locations not populating.

First, go to Retail > Inventory management > Return locations to create your Return location.

In my example if you select the Defect Subcode (1), the Returned item should go into the Central\Houston\Defected location (only if the item is tracking Locations). The Block inventory check box means that you are not able to sell out of the Defected Location.

The most common reason for the Return Locations not populating is:

• The Return Location is not added to the Retail Product Hierarchy.

Go to Retail > Product and categories > Product categories.  Select a node that has your product and expand the Manage inventory category properties fast tab.  Select your company and set the “Return location”

Please note that there are two ways to get into product categories (through hierarchy setup in products menu and through Retail menu) when you go in through product setup – it doesn’t show the inventory configuration section which needs to be used for this, so users must open the form from retail menus.  I do agree that this is very confusing, and this is a big reason why this step is missed and reported as a bug (when this is currently not considered a bug).

• The Site\Warehouse\Location is not Active
• Verify a customization is not preventing the Return location from populating.

Upon activating MPOS you can run into the following error message that you would also see in Event Viewer:

In order to troubleshoot this you will need to look into the Event Viewer logs of the Retail Server that this MPOS is connecting to (HQ or RSSU, depending on your topology) and search for entries referencing providedIssuer and registeredIssuers, like for example:

The registeredIssuers section refers to entries that have been added to Identity Providers under the Retail Shared Parameters section of the HQ, while the providedIssuer refers to the entry that the MPOS is sending out while trying to activate. These 2 would need to match exactly.

In the example above the MPOS has a forward slash at the end of the entry, while the entry in Identity Providers does not have the final “/” slash at the end. The way to resolve this is to add the “/” character at the end of the entry in HQ here (click on the image in order to zoom in):

There are several ways to approach troubleshooting performance, and the aim of this blog post is to give Customers and Partners some guidance on what information and data to provide when you need help trying to establish why something is “slow”.

QUESTIONS

The sorts of questions we would typically ask include the following:

1) What kind of environment is the performance issue occurring on?

This is relevant because the tools and processes vary depending on whether the issue is occurring on PROD, UAT, or DEV. For the purposes of this blog post, I will assume that we are talking about PROD environments.

2) Is the problem happening now or is it a problem that you experienced in the past?

This is obviously important to know from a severity and business impact perspective. For historical issues, we may need to perform a Root Cause Analysis (where applicable) and that process is different to troubleshooting a live performance issue.

3) What information and data to you have already?

One of the main tools available to both Customers and Partners is LCS. If you are a Customer then you may find that your Partner is able to provide you with useful insights into a performance issue based on their own analysis of the problem using LCS. If you are a Partner, providing LCS data will help the Microsoft Support Engineer to progress the case quicker.

You may also be able to provide either SESSION INFORMATION for an affected user or an AX TRACE that was captured when the problem was occurring. This kind of data can be used to establish the scenario more quickly, and can lead to faster problem resolution.

4) Can you describe what the issue is and can you provide detailed repro steps?

Finally, one of the most important things to establish is of course what the actual problem is and how it might be reproduced. You can speed up time to resolution by clearly documenting what the issue is and providing detailed information about what the affected users are doing (include screenshots!). I realize that it can sometimes be difficult to get a clear picture from the users of what the actual issue is, but even if the only input they can provide is “everything is slow”, it is useful if you can provide a tangible scenario that illustrates such a wide problem definiton.

e.g.

“It takes 30 seconds to open the All Customers form – CustTableListPage – under ‘Accounts receivable > Customers > All customers’ in company USMF”.

You can add other details that may be relevant,

e.g.

Is the issue always happening or is it intermittent?
Are all users seeing this issue or just some users?
Are you seeing an increase in SQL utilization in LCS when the issue is occurring?
Are you seeing long running queries in LCS when the issue is occurring?
Are you seeing blocking in LCS when the issue is occurring?
Does this issue appear to be related to the location of the user?
Does this issue appear to be related to the browser the user is running?
Does this issue appear to be related to the network the user is on?

DATA COLLECTION

As mentioned above, you can collect SESSION INFORMATION and/or AX TRACES from a system where you are experiencing or you have experienced performance issues.

—————————————————————————————————————

AX TRACING

1. Click on the SETTINGS COG WHEEL in the top right corner then click on Trace

https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/perf-test/trace-trace-tutorial

NOTE: As usual, keep tracing as short as possible

—————————————————————————————————————

SESSION INFORMATION

1. Click on the FEEDBACK SMILEY in top right corner

NOTE: Do this immediately before you start to reproduce the issue so the timestamp is accurate

2. Copy and paste the SESSION INFORMATION as TEXT into an E-MAIL

e.g.

SESSION INFORMATION
71abe991-64b1-47b8-aef5-?????????????
2018-01-12T12: ?????????????
demo-1-dafb8907-0bde-4866-b803?????????????
{D73B29C0-C336-4DA3-88?????????????}
IIS:DEMO-1

—————————————————————————————————————

FURTHER READING

Please see this blog post for details on troubleshooting using LCS

https://blogs.msdn.microsoft.com/axsa/2018/06/05/how-to-use-environment-monitoring-view-raw-logs/

You may run into this error running OLAP reports on a SQL Server 2016 Reporting Services instance on which the ENU\x86\SQL_AS_ADOMD.msi component from the Microsoft® SQL Server® 2012 SP1 Feature Pack was not installed.

SYMPTOMS:

When running the report in AX 2012 client you will see this error in the info log:

“Client found response content type of ”, but expected ‘text/xml’. The request failed with an empty response.”

When opening a Role Center in Enterprise Portal that contains an OLAP report (CEO /EPCEORoleCenter/ or CFO /EPChiefFinancialOfficerRoleCenter/, for example) you will see the following error:

“An unhandled error has occurred. To view details about this error, enable debugging in the web.config file or view the Windows event logs.”

If you enable debugging in the web.config more exception details will be included:

Error
Message: An unhandled error has occurred. To view details about this error, enable debugging in the web.config file or view the Windows event logs.
Source: System.Web.Service
Exception details:
Client found response content type of ”, but expected ‘text/xml’. The request failed with an empty response.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.Reporting.WebForms.Internal.Soap.ReportingServices2005.Execution.ReportExecutionService.Invoke(String methodName, Object[] parameters)
at Microsoft.Reporting.WebForms.Internal.Soap.ReportingServices2005.Execution.ReportExecutionService.SetExecutionParameters2(ParameterValue[] Parameters, String ParameterLanguage)
at Microsoft.Reporting.WebForms.Internal.Soap.ReportingServices2005.Execution.RSExecutionConnection.ProxyMethodInvocation.Execute[TReturn](RSExecutionConnection connection, ProxyMethod`1 initialMethod, ProxyMethod`1 retryMethod)”

Trying to open the shared data source that is used with OLAP reports, “DynamicsAXOLAP”, in Report Manager an error will be thrown, the Properties page will display all fields disabled and the Connection Type field empty while it should be “Microsoft Dynamics AX AdoMd”.

“An error occurred.”

SOLUTION:

Installing the missing component ENU\x64\SQL_AS_ADOMD.msi of the Microsoft® SQL Server® 2012 SP1 Feature Pack may resolve the issue.

https://www.microsoft.com/en-us/download/details.aspx?id=35580

When I add the fields “Customer Type”, “Authorization Code” and “Card number partly hidden” to the Customer Receipt format, the fields will not print the when the Customer Receipt is printed and a paying with a credit card. These fields are only available in the Header of the receipt and they should be available in the Footer.

To print the Credit Card fields on a Customer Receipt, you must utilize the Customer Credit Card receipt and use the “Card Tender Details” field to pull the data you need.

Below is how to accomplish this:

In Dynamics 365 browse to Retail > Channel setup > POS setup > POS profile > Receipt profiles

Select the Receipt profile you are using (Default for me).

Select Customer’s credit card receipt (make a copy if you do not want to lose your Customer’s credit card receipt)

The Receipt format should be set to “Do not print”

Select Designer and log into the receipt designer

In the Customer Credit Card Receipt, add the credit card fields you would like to print on the Customer receipt. Delete all other fields.

Unfortunately, you can only delete fields one at a time in the Receipt designer.

Save the Receipt format.

Select the Select format tab

Change the Receipt format to the Customer Receipt (Mine is 1) and click OK

Select the Footer of the Customer Receipt. Pull the Card Tender Details into the Footer of the layout

Save the Customer Receipt and close the Designer

Run the 1090 (Register) job

In POS sell a transaction and print the receipt.

The fields that were added to the Customer Credit Card Receipt are printing based on the Card Tender Details field added to the Footer of the Customer Receipt.

On Dynamics 365 for Finance and Operations functionality was added for managers to recover and unblock terminals. This functionality was added with KB 4101053 on 7.2 and KB 4338783 (Application Update 7.3.2.5) and the updates are available in Lifecycle Services.

Prior to the hotfixes when POS had an issue closing a shift, the shift could be stuck in an Open and Closed state. The shift for the terminal is in the CRT.RETAILSHIFTSTAGINGTABLE (which would be considered an open shift) and the AX.RETAILPOSBATCHTABLE (which would be considered a closed shift). When the shift for a terminal is in this state, the shift could not be closed, and a new shift could not be open.

The above example is one of the reasons the new Manage Shifts functionality was needed.

Official Articles:

https://docs.microsoft.com/en-us/dynamics365/unified-operations/retail/shift-drawer-management

Lifecycle Services Articles (As of 8/1/2018 – Subject to change)

7.2 Hotfix KB4101053

https://fix.lcs.dynamics.com/Issue/Details?kb=4101053&bugId=3945328

7.3 Hotfix

Functionality was also added in Application Update 7.3.2.5

KB 4338783 Microsoft Dynamics 365 for Finance and Operations – Version 7.3.2.5. (X++ part)

https://fix.lcs.dynamics.com/Issue/Details?kb=4338783&bugId=215543

KB 4338784 Microsoft Dynamics 365 for Finance and Operations – Version 7.3.2.5. (X++ part)

https://fix.lcs.dynamics.com/Issue/Details?kb=4338874&bugId=215661

With the new Manage Shifts functionality, the “Show blind closed shifts” operation has been renamed to “Manage shifts” where users can view opened and suspended shifts, as well as perform shift operations on blind closed shifts or delete “stuck” invalid shifts.

Note: The POS operations is changed to “Manage Shifts”, but Button grids containing this operation should be renamed to reflect this change.

Demo Data still displays “Show Blind closed shifts”

Open Button Properties and change the Button text to “Show Manage shifts”

Business Purpose of new feature: Easier for managers to monitor the shifts and take actions if required.

This can be done by Logging into the POS and clicking on “Show blind closed shifts” (or “Manage Shifts” if renamed) on the POS home page. There will be displayed all the currently open, suspended and blind/closed shifts. They can be managed only by a user with sufficient permission (for example manager) – “Users can now view all opened, suspended, and blind close shifts in the POS.  Invalid shifts can also be deleted to quickly recover and unblock terminals”.

Technical Details/Specifics: Most important is that “Manage Shifts” is only active if the user is a manager or if  “Allow Multi Shift Logon” is enabled.  (POS permission groups)

You should also have “Shared Shift Drawer” activated (Retail > Channel setup > POS setup > POS profiles > Hardware profiles > Drawer):

*Note: Make sure that you have selected the correct Hardware Profile for the POS and you have synced the changed to the POS.

Below is some terminology that will help users understand how Manage Shifts work

Manage shifts

This is the POS operation that lets users view all active, suspended, and blind-closed shifts for the store. Depending on their permissions, users can perform their final closing procedures, such as Tender declaration and Close shift operations for blind-closed shifts. This operation also lets users view and delete invalid shifts, in the rare event that shifts are left in a bad state after a switch between offline and online modes. These invalid shifts don’t contain any financial information or transactional data that is required for reconciliation.

Multiple users

Some retailers are willing to sacrifice the level of accountability that single-user shifts provide and to allow more than one user per shift. This approach is typical when there are more users than available registers, and the need for flexibility and speed outweighs the potential for loss. It’s also typical when store managers don’t have their own shifts but can, as required, use the shifts of any of their cashiers. To sign in to and use a shift that was opened by another user, a user must have the Allow multiple shift logon POS permission.

Shared shift

A “shared shift” configuration lets retailers have a single shift across multiple registers, cash drawers, and users. A shared shift has a single starting amount and a single closing amount that are summarized across all cash drawers. Shared shifts are most typical when mobile devices are used. In this scenario, a separate cash drawer isn’t reserved for each register. Instead, all registers can share one cash drawer.

For shared shifts to be used in a store, the cash drawer must be configured as a “shared shift drawer” at Retail > Channel setup > POS setup > POS profiles > Hardware profiles > Drawer. Additionally, users must have one or both of the shared shift permissions (Allow manage shared shift and Allow use shared shift).

With the Share Shift turned off, then a Shift is tied directly to the Till is was created on.  Only one worker can use this at a time, but any worker logging in (assuming the previous worker is logged off but didn’t close the shift) would be prompted to Resume this shift.  Also, when a worker is creating a new shift and there is more than 1 cash drawer configured in the Hardware profile, you could potentially have 2 shifts for the register (one for each cash drawer). 

Example of “Manage Shifts” with activated “Shared Shifts”:

1. Log In with worker A on POS (device) 1 and start a New Shift.
2. Afterwards Log Off with worker A.
3. Now Log In with worker B on POS (device) 2 and you will be asked to Resume Shift (as Shared Shift is active).
4. Afterwards just navigate to “Show blind closed shifts” (or “Manage Shifts” if renamed) on the POS home screen and open the page. You can see all the Blind/Closed, suspended and Opened shifts.

Below is an example of a Invalid shift.  The Manager will be able to delete the invalid shift where previously a support ticket had to be created.

We’ve migrated the Microsoft Dynamics AX 2012 content that was previously hosted on TechNet and MSDN to doc.microsoft.com:

• Application User/IT Pro content: https://docs.microsoft.com/en-us/dynamicsax-2012/appuser-itpro/  
• Developer content: https://docs.microsoft.com/en-us/dynamicsax-2012/developer/

Existing links to the content are being redirected. The content is open for comments and edits, with the exception of the reference content.

Consider a scenario where you are using IDMF 2.0, and you find that after each IDMF Metadata sync the Master table list gets refreshed and you then have to manually sort out the list each time by unchecking/checking tables as Master tables. Well, there’s a simple way to change that default behaviour:

1. Update AXDataManagementSchedulerService.exe.config file and set UpdateMasterSyncTablesPostMetaDataSync = false
2. Restart the IDMF service

I’ve worked on some cases related to Data Management exports to BYOD recently and I thought I would share some observations on things you should consider when exporting data to BYOD. This blog post is not meant to serve as a comprehensive document outlining how the process works, but rather to raise awareness of the sorts of factors that may impact how consistently successful your exports to BYOD will be. Much of this is common sense and non-technical, and it is valid for other data movement scenarios using different technologies.

If you are experiencing data exports failing or only partially succeeding on a recurring basis then I suggest that you look at the following in your efforts to try to track down a cause and resolve such issues:

EXAMPLE SCENARIO

You are regularly exporting data from Dynamics 365 for Finance and Operations to a BYOD Azure SQL Database

Bring your own database (BYOD)
https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/analytics/export-entities-to-your-own-database

1) What kind of error pattern are you seeing?

Do the exports always fail or is the problem intermittent?
Are you seeing this across a bunch of different exports or is a specific failing very often?
Does there appear to be any date/time pattern to the export failures?
Do the failures seem to occur only for entities where a lot of data is being pushed to the BYOD Azure SQL Database?

2) How are your exports configured?

Are you exporting relatively static data or dynamics (e.g. transactional) data?
How many entities are you trying to export in one go? Might it be possible to split the workload into several more granular entities?
Are you taking full advantage of change tracking and INCREMENTAL PUSH where possible and appropriate?
Are you doing regular FULL PUSH of data that continues to grow in size each time it is exported?

3) Where is your BYOD Azure SQL Database and what service tier is it running on?

If you are pushing data to a different data centre or your BYOD service tier is “too low” resulting in throttling of deletes and inserts then that could lead to timeouts.

Single database: Storage sizes and performance levels
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-dtu-resource-limits-single-databases#single-database-storage-sizes-and-performance-levels

For optimal performance you should ideally be running your BYOD Azure SQL Database on a Premium service tier, i.e. P2 or higher.

Hello,

If you have any issues regarding sales tax (net amount) rounding between Retail store transactions and posted sales invoice voucher transactions, you should check at first Sales tax setup.

The recommended setup for sales tax which should be used when ‘Price include sales tax’ is enabled on a Store.

1. ‘Marginal base’ to set up as ‘Net amount per line’ for Sales tax code:

Tab Calculation:

• Origin= Percentage of net amount
• Marginal base= Net amount per line
• Calculation method= Whole amount

2. ‘Rounding by’ recommended to have ‘Sales tax codes’ for Sales tax group:

It is very important to know that once you did some changes on sales tax setup in HQ, you should run Job 1080 (Tax) and then be sure that Retail server is restarted, because changed tax setup might be cashed.

With that setup you should always get the same calculation of all amounts (Net amount and Sales tax amount) in POS/Retail and in HQ transactions.

Also a suggestion to change sales tax setup only after working hours when nobody is working to be sure that the changes are done correctly, distributed to POS and there are no differences between HQ and POS or their transactions.

The same is valid for AX2012 and D365.

Best regards,

Ramune Peckyte

Microsoft EMEA Customer Services and Support

Hello,

The hotfix KB 3034468 released for this feature ‘Advance invoices for prepayments in retail ‘. The link to LCS:

https://fix.lcs.dynamics.com/issue/results/?q=3034468

This feature is based on the regular Polish functionality of advance invoices in AX and extends the functionality to process advance invoices when a Customer order Deposit is registered in POS or a final Payment for a Customer order is processed. The following is a high-level overview of the process:

There are only two setup steps required to enable and use this functionality in POS (in addition to the regular setup of advance invoices in AX):

1. Set Retail parameters \ Customer orders \ Create advance invoice for deposit to enable the functionality;
2. Configure a windows printer in the Hardware profile of POS to be able to print advance invoices from POS.

The feature does not change user scenarios in POS.

Best regards,

Ramune Peckyte

Microsoft EMEA Customer Services and Support

How to reset approved expense report document back to draft status in Dynamics 365 for Finance and Operations

New functionality is added to provide the ability to reset approved expense report document back to draft status.

This is available in App8.0+ version. There was a hotfix for App7.2 and App7.3. Here is the recommendation for different versions:

App7.2 customers to install KB4462583

https://fix.lcs.dynamics.com/Issue/Details?kb=4462583&bugId=242339&qc=f4bd88056d3bf176b2b3c366d282b73fd6e3e0bb00c7b3e0b86ab96096b89cde

App7.3 customers to install KB4462581

https://fix.lcs.dynamics.com/Issue/Details?kb=4462581&bugId=242340&qc=cc0e073c673649b61ece3c6c04146ef87125e8326502f9754751a6dfe16ffc69

Go to Expense management > Periodic tasks > Reset expense document status.

Select the expense report(s) that are stuck and click on “Update to draft” button.

Once the operation is completed, go to the expense report(s) and validate the status to be draft.

When installing cumulative update on 8.0.4 on Tier II sandbox environment you may experience the error:

“The running command stopped because the preference variable “ErrorActionPreference” or common parameter is set to Stop: Unable to resolve dependency ‘dynamicsax-applicationfoundationformadaptor’.”

This due to the fact that there is a X++ code released in Demodatasuite model where we changed the class SalesOrdersCleanup.

On Tier II there are no Demodatasuite model or any related models installed and this is why we are getting error. The way to go is to exclude the model from the build definition https://docs.microsoft.com/en-us/dynamics365/unified-operations/dev-itpro/dev-tools/exclude-test-packages

Included in MPOS and CPOS are two methods for extended logon functionality: logging in by scanning a barcode or by swiping a card with a magnetic stripe reader (MSR). Setup for these are described here: https://docs.microsoft.com/en-us/dynamics365/unified-operations/retail/extended-logon.

One shortcoming of the out-of-the-box functionality, however, is that each of these methods only allows for five significant digits for a unique identifier. For example, if you have two cards with the IDs “1234567” and “1234578” you will find that they will be considered the same “12345” and the second card will fail when it is attempted to be assigned to an operator.

The reason for this problem is relatively simple: the implementation of the extended logon was originally intended to be a sample upon which developers could customize to fit the specific needs of a particular implementation. In prior versions of the product (going back to Dynamics AX 2012 R3) this was much easier since we shipped the full source code to the Commerce Runtime (CRT). However, because the CRT is now sealed, developers have to create a custom CRT service to override existing functionality – something that is difficult to do from scratch.

This blog post is an end-to-end sample that can be used as a starting point for such an implementation. It is intended as a specific workaround for the five-character limit for barcode and MSR scans, but does not discuss extending to other devices.

Here is a link to a zip file for the source code for the sample:  Contoso.ExtendedLogonSample

Architecture

There are essentially two main pieces to the functionality for barcode and MSR extended logon: assigning the identifier (barcode or card number) to the user and then creating a hook on the logon screen to act on the event of a cardswipe or barcode scan.

The following is a simplified explanation of the logon screen:  when the logon screen displays, MPOS automatically listens for one of the two events (a barcode scan or card swipe). If either of those events fires, instead of attempting to authenticate with an Operator ID and Password, the CRT logon request (UserLogOnServiceRequest ) is called with a special parameter.  This parameter, GrantType, notifies the CRT what kind of event was fired.   This, along with the actual text (card number or barcode) is used to perform the extended logon workflow instead of the standard workflow.

The second part of the functionality is the assigning the barcode or card number to the Operator ID. This process is similar and re-uses some of the same logic. On the Extended log on screen, the user searches for the Operator ID to which they will be adding an identifier (card number of barcode) and then swipes the card or scans the barcode. Pressing the OK button sends this identifier to the CRT which will then check to see if the identifier is already in use and if not, adds a record to a table to map the Operator ID and barcode or card number.

All of this is done with three CRT requests that you need to implement in your custom service: GetUserEnrollmentDetailsServiceRequest, GetUserAuthenticationCredentialIdServiceRequest, and ConfirmUserAuthenticationServiceRequest.

Notes on the Code

There are three requests that need to be handled by your custom code:

public IEnumerable<Type> SupportedRequestTypes
{
    get
    {
        return new[]
        {
            typeof(GetUserEnrollmentDetailsServiceRequest),
            typeof(GetUserAuthenticationCredentialIdServiceRequest),
            typeof(ConfirmUserAuthenticationServiceRequest)
        };
    }
}

public Response Execute(Request request)
{
    if (request == null)
    {
        throw new ArgumentNullException("request");
    }

    Response response;
    Type requestType = request.GetType();

    if (requestType == typeof(GetUserEnrollmentDetailsServiceRequest))
    {
        response = this.GetUserEnrollmentDetails((GetUserEnrollmentDetailsServiceRequest)request);
    }
    else if (requestType == typeof(GetUserAuthenticationCredentialIdServiceRequest))
    {
        response = this.GetUserAuthenticationCredentialId((GetUserAuthenticationCredentialIdServiceRequest)request);
    }
    else if (requestType == typeof(ConfirmUserAuthenticationServiceRequest))
    {
        response = this.ConfirmUserAuthentication((ConfirmUserAuthenticationServiceRequest)request);
    }
    else
    {
        throw new NotSupportedException(string.Format(CultureInfo.InvariantCulture, "Request '{0}' is not supported.", request));
    }

    return response;
}

GetUserAuthenticationCredentialIdServiceRequest and GetUserEnrollmentDetailsServiceRequest are very similar: each validates and returns the significant digits of the scanned barcode or swiped card. The first one is used during the logon process and the second one is used when assigning an extended identifier to an operator.

private GetUserAuthenticationCredentialIdServiceResponse GetUserAuthenticationCredentialId(GetUserAuthenticationCredentialIdServiceRequest request)
{
    return this.GetUserAuthenticationCredentialId(request.Credential, request.RequestContext);
}

private GetUserEnrollmentDetailsServiceResponse GetUserEnrollmentDetails(GetUserEnrollmentDetailsServiceRequest request)
{
    string credentialId = this.GetUserAuthenticationCredentialId(request.Credential, request.RequestContext).CredentialId;
    return new GetUserEnrollmentDetailsServiceResponse(credentialId, string.Empty);
}

Each of these shares the same validation method (GetUserAuthenticationCredentialId). This method operates on two pieces of information: the full string that was just scanned in (barcode or card number) and the current device configuration. It performs three validations and throws specific exceptions if any fail: is the device is even configured to use this type of extended logon (as defined in the functionality profile), whether a good swipe or scan was made, and whether the barcode or card number had enough characters.

If everything looks good, a GetUserAuthenticationCredentialIdServiceResponse with the identifier is returned to the caller. The caller (CRT and then ultimately MPOS) will handle the three exceptions appropriately.

Note that this is the method where the out-of-the-box implementation is hard-coded to only five characters. This sample requires a barcode of at least ten characters and only the first ten characters are stored in the database.

private GetUserAuthenticationCredentialIdServiceResponse GetUserAuthenticationCredentialId(string credential, RequestContext requestContext)
{
    DeviceConfiguration deviceConfiguration = requestContext.GetDeviceConfiguration();

    if (!this.IsServiceEnabled(deviceConfiguration))
    {
        throw new UserAuthenticationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_AuthenticationMethodDisabled, "Authentication service is disabled.");
    }

    if (string.IsNullOrWhiteSpace(credential))
    {
        throw new DataValidationException(DataValidationErrors.Microsoft_Dynamics_Commerce_Runtime_MissingParameter, "credential");
    }

    if (credential.Length < IdentifierLength)
    {
        throw new InsufficientCredentialLengthException(DataValidationErrors.Microsoft_Dynamics_Commerce_Runtime_InvalidFormat, credential.Length, IdentifierLength);
    }

    // Only use the first IdentifierLength (10) characters
    string credentialId = credential.Substring(0, IdentifierLength);
    return new GetUserAuthenticationCredentialIdServiceResponse(credentialId);

ConfirmUserAuthenticationServiceRequest: This request is the second stage of the logon process. At this point the extended identifier (card number or barcode) has been translated to an Operator ID (based on the mapping in the RetailStaffCredentialTable).

There are two scenarios that affect this request: whether the device is configured to challenge for a password after scanning or not. If the barcode or card swipe is enough (no password needed) then this request essentially does nothing; it returns a NullResponse object which is an indicator to MPOS that a successful logon was made.

However, if the device is configured to require a password, this request will get hit twice during the logon process.

The first pass happens before the user gets prompted for their password. In fact, the specific exception that gets thrown (Microsoft_Dynamics_Commerce_Runtime_PasswordRequired) is a signal to MPOS that it needs to prompt the user for a password. You may notice that this password entry dialog looks different than the standard login screen; it is actually a dialog box.

After the user enters the password, the ConfirmUserAuthenticationServiceRequest gets called a second time, this time with both an Operator ID and a password. The request then is responsible for calling the standard logon request (UserLogOnServiceRequest) before the user can gain access. If no exception is raised from that call, the NullResponse is again returned a successful logon. If an exception is raised (i.e., the password entered is incorrect) it will just bubble up to the caller and MPOS handles it just like if the user entered an incorrect password on the main logon screen.

private Response ConfirmUserAuthentication(ConfirmUserAuthenticationServiceRequest request)
{

    DeviceConfiguration deviceConfiguration = request.RequestContext.GetDeviceConfiguration();

    if (!this.IsServiceEnabled(deviceConfiguration))
    {
        throw new UserAuthenticationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_AuthenticationMethodDisabled, "Authentication service is disabled.");
    }

    if (this.IsPasswordRequired(deviceConfiguration))
    {
        if (string.IsNullOrWhiteSpace(request.Password))
        {
            throw new UserAuthenticationException(SecurityErrors.Microsoft_Dynamics_Commerce_Runtime_PasswordRequired);
        }

        // call auth service for password check
        UserLogOnServiceRequest passwordAuthenticationRequest = new UserLogOnServiceRequest(
            request.UserId,
            request.Password,
            request.Credential,
            PasswordGrantType,
            request.ExtraAuthenticationParameters);
        request.RequestContext.Execute<Response>(passwordAuthenticationRequest);
    }

    return new NullResponse();
}

Additional Notes

• The class needs to implement a property named HandlerName.  These are specific identifiers for card swipe nd barcode and are hard-coded in the MPOS code.  Because of this, they are not easily changed and your implementation of either should just use the same hard-coded values.

public string HandlerName
{
    get
    {
        return "auth://example.auth.contoso.com/barcode";
    }
}

• All of the data handling for the extended login information is taken care of behind the scenes.  When the user is assigned a barcode or card number, it calls Realtime Service to save the number to the RETAILSTAFFCREDENTIALTABLE at Headquarters and also to the local (channel) version of the table for immediate use.  Depending on how often you run CDX jobs, it will eventually also get pushed out to other stores as well.
• To test your plugin, compile and deploy to Retail Server as noted in these instructions:  https://docs.microsoft.com/en-us/dynamics365/unified-operations/retail/dev-itpro/commerce-runtime-extensibility.  You will need to add the Extended log on operation to a button grid to be able to assign barcodes to a user.  The easiest way to test is to use the Barcode Scanner in the Virtual Peripherals tool – use “work as keyboard wedge” to avoid having to mess with OPOS drivers and hardware profiles.

This was a internal request from support team to quickly fix the certificate expire issue. I would like to post it here in case you need it. Please note this should only apply to your Dev VHD, and strongly recommand you create a checkpoint before proceed.

One script for all steps(renew certificate,grant permission, replace in config, reset iis and batch)

Function Update-Thumberprint

{

    Set-Location -Path “cert:\LocalMachine\My”

    $oldCerts = Get-childitem | where { $_.subject -match “DeploymentsOnebox” -or $_.Subject -match “MicrosoftDynamicsAXDSCEncryptionCert”}

    $ConfigFiles =

    @(“C:\AOSService\webroot\web.config”,

      “C:\AOSService\webroot\wif.config”,

      “C:\AOSService\webroot\wif.services.config”,

      “C:\FinancialReporting\Server\ApplicationService\web.config”,

      “C:\RetailServer\webroot\web.config”

      )

    foreach ($oldCert in $oldCerts)

    {

        $newCert = New-SelfSignedCertificate -CloneCert $oldCert

        #consider to delete the old cert

        $keyPath = Join-Path -Path $env:ProgramData -ChildPath “\Microsoft\Crypto\RSA\MachineKeys”

        $keyName = $newCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName

        $keyFullPath = Join-Path -Path $keyPath -ChildPath $keyName

        $aclByKey = (Get-Item $keyFullPath).GetAccessControl(‘Access’)

        $permission = “EveryOne”,“Read”, “Allow”

        $accessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission

        $aclByKey.SetAccessRule($accessRule)

        Set-Acl -Path $keyFullPath -AclObject $aclByKey -ErrorAction Stop

        foreach($configFile in $ConfigFiles)

        {

            (Get-Content -Path $configFile).Replace($oldCert.Thumbprint,$newCert.Thumbprint) | Set-Content $configFile

        }

    }

}

Update-Thumberprint

iisreset

Restart-Service “DynamicsAxBatch”

Please copy all the script and run in powershell via administrator previligge.

Each time you run this script, it will create a new set of certificates. So do not repeat it.

Hope it helps.