Azure SQL firewall access

Some things were easier in the good old days before Dyn365 and Azure and some are better. Often the things that were better before tends to be things we need to relearn.

Allowing firewall access to Azure SQL (for example regarding BI) is easily scripted and here are 3 useful scripts for that purpose:

List current firewall rules:

SELECT * FROM sys.firewall_rules

If you need to grant access to the IPs 111.222.111.222 to 111.222.111.250:

EXEC sp_set_firewall_rule N'The_Name_That_Will_Be_Shown_On_The_List', '111.222.111.222', '111.222.111.250';
Getting rid of the above rule is just as simple:
EXEC sp_delete_firewall_rule N'The_Name_That_Will_Be_Shown_On_The_List'

The three above is all server rules so you need to run them towards the master database.

You can do the same tricks on database level:

Listing

SELECT * FROM sys.database_firewall_rules

Granting

EXEC sp_set_database_firewall_rule N'The_Name_That_Will_Be_Shown_On_The_List', '111.222.111.222', '111.222.111.250';

Deleting

EXEC sp_delete_database_firewall_rule N'The_Name_That_Will_Be_Shown_On_The_List'

 

Remember to be run them on the desired database.

 

Please keep in mind that you are messing with security and I – as usual – don’t take any responsibility in any damage you might make by using the above.

Advertisements

Prompting for values in SQL script

This is something that I forget 2 seconds after I’ve used it so now I’ll put it here as a note to self.

I have a series of TSQL scripts that I use once in different circumstances and often it’s a while between each go. In some of the I need to add some environment specific information and instead of having to scroll down through the text the query editor offers a way of prompting for parameters through a tagging of text like this:

select <Parameter name, Data type, Default value>

Before executing the script you press CTRL+SHIFT+M (this is the part I usually forget) and that makes the editor prompt you like this:

Screenshot 2019-02-19 at 13.49.43

Replace the Default value with the appropriate text and click OK. This will update your SQL script to this:

select 1234

Not the most mind-blowing thing in the world, but a great help.

 

POS not showing offline data jobs

In Dynamics 365 the offline story on the MPOS has been significantly improved since AX 2012. Now it’s more or less a click on the register in Dyn365, install the POS and distribute data. A bit simplified approach to life but anyways.

Here’s something I’ve seen a couple of times now. There’s just no jobs and nothing to process …No offline jobs

The event log gives it away a bit:

Failed to get offline sync data in offline database due to Exception. Error Details: Data Source=localhost\SQLEXPRESS;Initial Catalog=RetailOfflineDatabase;Integrated Security=True;Persist Security Info=False;Pooling=True;Encrypt=True;TrustServerCertificate=True

offline error 1

And in the details it’s clear that we’re facing a rights issue here. But in SQL Express with no management tools on the POS machine we don’t have many configuration options and even less when we’re in a setup with a large number of registers.

All you need to do is add the user logged in to Windows to these two groups on the local machine:

User groups

Log off and on again to activate the changes. Start your POS and check the database connection status. Hopefully, you should see a lot of jobs now:

Offline jobs

RDP access to Dyn365 servers denied

You know that the server is running, but your RDP connection request is denied.

Connection waitingConenction denied

This might be due to the introduction of the IP access check introduced not so long ago and on production environment servers. To get around this you need to add your IP address to the white list for the environment.

To do this click Maintain and Enable access:

Click maintain

Select Enable access:

Enable access

Click + to add a new rule:

Add

Fill in the form with a relevant name and the IP address to white list:

Add form

To get your IP you can ask Google or use one of the many web sites offering that service. For example www.whatsmyip.org:

whatsmyip

As soon as your have created the new rule you’re good to go (and connect):

Rules

RetailTenantUpdateTool.ps1 misses prerequisites

After moving data from one server to another you need to run the RetailTenantUpdateTool powershell script. Doing this might present you with this error:

Please download and install below prerequisites:
Microsoft Online Services Sign-In Assistant for IT Professionals, download link: http://go.microsfot.com/fwlink/?LinkID=286152
Azure Active Directory Module for Windows PowerShell (64-bit version), download link: http://go.microsoft.com/fwlink/p/?linkid=236297

PowerShell error

One of them actually links to a proper download but the other one forwards you to a site telling you that what you’re looking for has retired …

To get moving install this module before executing the script:

Install-Module -Name MSonline

Install MSOnline

After completing this install you can run the script without any issues.

Login prompt

 

Updates tiles in LCS not updated

When looking at the hosted environments in LCS sometimes the tiles showing updates doesn’t seem to update probably. The symptoms could be that the numbers indicate that you’re missing some updates after updating it all or that the Last run date isn’t updating.

Tiles update outdated.PNG

The status is updated through a scheduled task on the server.

Task scheduler.PNG

It runs a powershell script in C:\LCSDiagnostics\ called CollectData.ps1

Script.PNG

You can run it manually (through an elevated powershell) and that should hopefully update the figures.

It would have been nice to be able to see the run history on the task in the scheduler but for some reason that has been disabled:

History disabled.PNG

That is easily fixed. Open the Task scheduler as Administrator and that gives you the option in the right most part of the form:

Enable task history.PNG

 

Changing Configuration keys in Dynamics 365 – Maintenance mode

Going into License configuration to enable or disable a configuration key you’ll probably see the warning:

This form is read-only unless the system is in the maintenance mode. Maintenance mode can be enabled in this environment by running maintenance job from LCS, or using Deployment.Setup tool locally

Not in maintenance mode.PNG

Here’s how to work around that in all but production environments:

  • Tell the other users working on that environment, since you’ll be restarting the IIS during the process.
  • Log on to the server running the AOS service and start up a command prompt in Administrator mode
  • Run the following statement where you change K to the correct drive for your AOS service:

K:\AosService\PackagesLocalDirectory\Bin\Microsoft.Dynamics.AX.Deployment.Setup.exe –metadatadir K:\AosService\PackagesLocalDirectory –bindir K:\AosService\PackagesLocalDirectory\Bin –sqlserver . –sqldatabase axdb –sqluser <SQL admin user id> –sqlpwd <SQL users password> –setupmode maintenancemode –isinmaintenancemode true

  • Restart the IIS with the iisreset command

This leaves the environment in maintenance mode. This doesn’t mean non-functional; but you probably would like to leave the maintenance mode as soon as possible.

When you are done you run this script from a command prompt in Administration mode (again replace K with the appropriate drive letter):

K:\AosService\PackagesLocalDirectory\Bin\Microsoft.Dynamics.AX.Deployment.Setup.exe –metadatadir K:\AosService\PackagesLocalDirectory –bindir K:\AosService\PackagesLocalDirectory\Bin –sqlserver . –sqldatabase axdb –sqluser <SQL admin user id> –sqlpwd <SQL users password> –setupmode maintenancemode –isinmaintenancemode false

Restart you IIS once more and you’re back on track.