Hello GP Community,

This article compiles the solutions to common bug relating to Web Client, I have broken down the errors based on blazon of mistake.

  • HTTP Errors
  • Login Errors
  • Correlation/Event Viewer Errors
  • Boosted Tips

I have too included:

  • Spider web Client Pre-Requisites
    • Server Roles and Features
    • Server Certificate Installation (Self-signed & Wild Card)
    • Active Directory Groups
  • How to install Spider web Client
  • Recommended Steps for Uninstalling/Reinstalling Web Client
  • Web Client Logs and how to capture them.

HTTP Errors

401.one Access Denied on Spider web Management Console

  • https://community.dynamics.com/gp/b/dynamicsgp/archive/2014/x/20/401-one-access-denied-on-spider web-management-panel-automatic-web-client-login-non-working

401.2: Unauthorized:  Access Denied due to Invalid Credentials

  • when trying to log into Spider web Management Console
  • Make sure users are added to the Spider web Client Admin Group in Agile Directory


HTTP Fault 500.19

  • Double Bank check that all IIS Pre-Requisites are installed (Run into Pre-Requisites below)


HTTP Error 503. The service is unavailable.

This indicates an upshot with the App Pools, the identity used past the App Pools does not have correct permissions or an issue with the URL Reservation.

Cause 1: The App Pools for Web Client are non running.

Resolution 1: Utilise the following steps to check.

  1. Make sure both the DynGPWebApp and DynGPWebMgmt awarding pools are started.
  2. Open up IIS, then go to the application pools and check to make sure they are started.
    1. If they are not, right-click on the application pool, so click Commencement.

 ----------------

Crusade 2: The identity used by the application pools does not have sufficient rights.

Resolution 2: The account that is used for the AppPool in IIS needs to accept "Logon as a Batch Job" and "Log on Locally" rights or be a fellow member of the Local Administrators Group.

---------------

Cause three: Extra URL Reservation added to IIS Server.

Resolution 3:     Use the following steps.

  1. Open CMD as Administrator
  2. Run: netsh http testify urlacl
  3. Do you have a reservation for https://+:443/ ?  If and then nosotros need to remove this.
  4. Run: netsh http delete urlacl url=https://+:443/
  5. Run: iisreset
  6. Restart application pools
  7. Restart GP Session Central Service and GP Session Service Services
  8. Test again.


Terminate Point not establish or There was no endpoint listening

  • Make sure that the GP Session Fundamental Service and the GP Session Service Services are running.
  • If they will not start, the best pick is to uninstall/reinstall completely.
  • If the issue continues afterward a reinstall attempt the following:

    Review the SessionService.config file located at C:\Programme Files\Microsoft Dynamics\GP Web Components\SessionService by default for the following line:

    Then restart the Session Primal and Session Service services

Login Errors

Spider web Client user can login, but errors are showing upward in SQL fault log

The Runtime Service uses the FQDN if it is a self-signed document or one created in CA. If using a third-party certificate, you lot could potentially have it setup.

The fact that your users can login to Web Customer but get prompted for the GP login window means that Identity Management is not setup correctly. The three parts of this setup is:

  1. In GP Utilities, you create a proxy login which then gets created in SQL with the DYNGRP role assigned for all arrangement and company databases for GP.
  2. When installing Spider web Client, this exact proxy login and password needs to exist entered in the GP Configuration window, which shows the paths to your GP code directory, Dex.ini and Dynamics.set up file.
  3. Lastly, in the User Setup window in GP, the GP logins demand to be tied/associated to the Windows account they are logging into Spider web Client's initial login window as.

If this is all setup correctly, and then yes, when the user logs onto Spider web Client using their Windows account, information technology should come across they are tied to a GP login and log them into the GP awarding automatically as that user, but seeing a company selection window if they have admission to more than ane GP company.

I'd verify the in a higher place iii settings again, as most likely they are not correct. I'd also recommend not copying/pasting user ids and passwords as well, equally I've seen that not always work.

When attempting to log into Web Customer: A problem occurred creating a session. Please endeavour again later on or contact your administrator.

  • Make sure Web Customer Runtime is installed on the Web Client Server.

"The username and countersign supplied are not valid credentials for using Microsoft Dynamics GP. "

  • Make certain the login user has assigned to web client users group.
  • If you have reinstalled/installed multiple times, you will want to follow the steps above for Uninstalling and Reinstalling Spider web Client.

Logon failure: the user has non been granted the requested logon blazon at this computer

  • Log on as a batch - service account for spider web client.
  • Log on equally a service - service account for web client.
  • Allow Log on locally - Users need to be able log into the server.  Add the Spider web Client User Group to this option.

Y'all are not allowed to use Microsoft Dynamics GP. Delight sign out and sign in with an authorized business relationship

The error means that the user account the user is signing in equally is not on the listing of allowed Web Client users.

The list of allowed users can be found by running a repair of the Web Client, or running this script against the GPConfiguration database (normally on the same SQL Server as GP):

  Select * from [GPCONFIGURATION]..[ServiceSecurity] where GroupID like '%GPWebUserAccounts%'

This should return results similar this:

This effect means the Dyn-gp-kb grouping should take access to my Web Customer. The user would demand to be add to that group inside Advertizement, and would need to make sure to enter in their Domain/username and not just username when logging into the Web Customer.

If a user/group needs to be added to the listing, a repair of the Web Client would be required.

After logging into Web Client, immediately get in Red Bold blazon:

Error:
An error has occurred processing this request.

If there are no errors in the Result Viewer on the Web Client Server or on the local reckoner where you are getting the message.

  • This can be caused by unsupported special characters in the Users AD Password.
  • Permission Mistake - Add together Web Client User Advertising Group to Local Security Policy - Allow Log on Locally
  • Make sure the service account for the Awarding Pools and for the GP Session Central/Session Services are added to the post-obit Local Security Policies
    • Allow Log on Locally
    • Log on as a Batch
    • Log on equally a Service
  • After making these changes
    • Open Command Prompt equally Admin and run iisreset.
    • Restart GP Session Central Service
    • Restart GP Session Services Service

Y'all are able to login merely are stuck at a GP Splash page, the shows just the Microsoft Dynamics GP logo.

  • Make sure Web Client Runtime is installed on the Web Client Server.
  • Brand sure you are using the FQDN that matches the Certificate for the site.

Organizational Account Login Considerations

If yous are using Organizational Accounts (equally opposed to Windows Authentication) in your Web Client deployment you may find that you lot are forced to terminate at the Dynamics GP User Login window when logging into the Web Client.  Since you lot cannot assign an Organizational Account to your Dynamics GP users in the Desktop Client it will have to be done in the Web Customer.  This ways that the very offset Web Customer login will need to be washed using a GP user (eastward.g. sa).  You can then navigate to the User Maintenance window and tie Org Accounts to each GP User as appropriate.  After that the Identity Management feature should work and allow you to get from the Web Client login window directly to Company Choice or even direct into the Web Client session if you lot have a company remembered.  For more information on using Organizational Accounts with the Dynamics GP Web Customer you can refer to the following commodity:

Dynamics GP 2018: Organizational Accounts and Workflow

CorrelationID/Event Viewer Errors

A trouble occurred creating a session. See the Session Central Service logs for more data.

  • Make certain WebClient Runtime is installed


Session Central Service was not able to successfully communicate with the session service

The user has non been granted the requested logon type at this figurer

  • Grant the Web Client User Group to be a local admin on the server
  • Or Open up Local Security Policy on the Server, navigate to Let log on locally, so add the Web Client User Group.


System.Security.Hallmark.AuthenticationException: The remote certificate is invalid according to the validation procedure.

  • Reinstalled Dynamics GP Web Customer


The target principal name is wrong. Cannot generate SSPI context. Unexpected error occurred when logging in

  • Cause: Windows fifteen Character limit on Machine name
  • Resolution:  Review the name of your machine with what Web Client is looking for.
    Review the service configuration to the actual name of your machine. (Start>>Right click on Computer and select backdrop.) With windows, there is a brake on the character limit for your automobile proper name. There is a Windows restriction that states that annihilation afterwards the 15th character in the name of the server is a suffix and is basically dropped.  If you are over this limit, unfortunately yous will need to rebuild the machine or VM with a new name.

A trouble occurred creating a session.  Delight endeavour again or contact an administrator.  The following session host was not found in Session Central.

  • Cause: SQL Services were running under domain credentials rather than local service accounts.
  • Resolution:  Switch the SQL Services back to a local service account.  (Network Service Account)


Sever cannot prepare status later HTTP headers have been sent

  • Make sure you are using the FQDN for the site.
  • Ostend that the SSL Certificate is install in the Trusted Root Certificate store on each workstation connecting to spider web client.
  • Ostend that you have all pre-requisites installed on the Spider web Client Server.
  • Confirm that Session Service is running.


A loader exception has occurred.

Loader Errors:

Microsoft.Dynamics.Security.InvalidSecurityContextException: Microsoft.Dynamics.Security.NonExistentSecurityObjectException : The security object does not exist.  Key = 25cc1a21-2cc4-4b13-a1c8-eea186fb688a

  • Uninstall/Reinstall Web Components

An mistake occurred while processing your request.  An unauthorized try to call the ReportSessions performance on Session Central was made by DOMAIN\asmith user.

This error can signal a user has been deleted from Active Directory but was still in the ServiceSecurity table in GPCONFIGURATION.  Delete record in GPCONFIGURATION.

Additional Tips

Images are not appearing on homepage.

  • Grant permissions to C:\Program Files\Microsoft Dynamics


If you wanted to mass delete sessions: This post may be of utilize to y'all.

https://community.dynamics.com/gp/b/gpmohammad/archive/2014/12/07/dynamics-gp-web-client-kill-all-web-client-sessions

Web Client Pre-Requisites

IIS Pre-Requisites

  1. Add Roles and Features
  2. Spider web Server IIS under Server Roles must include the following selections:
    1. Web Server
      1. Common HTTP Features
        1. Default Document
        2. Directory Browsing
        3. HTTP Errors
        4. Static Content
        5. HTTP Redirection
      2. Wellness and Diagnostics
        1. HTTP Logging
        2. ODBC Logging
      3. Operation
        1. Static Content Compression
      4. Security
        1. Request Filtering
        2. Windows Authentication
  3. Under Features - Confirm Selections for .Internet Framework
    1. .NET Framework three.v Features
      1. .Cyberspace Framework three.five (includes .NET two.0 and three.0)
      2. HTTP Activation
    2. .Cyberspace Framework 4.six Features
      1. .NET Framework four.6
      2. ASP.Internet 4.half-dozen
      3. WCF Services
        1. HTTP Activation
        2. TCP Port Sharing


Check Certificate Installation (Self Signed Document)

  • https://docs.microsoft.com/en-us/dynamics-gp/web-components/security-certificates-and-ssl
  1. Outset -> Manage Figurer Certificates
  2. Needs to exist in Personal -> Certificates
  3. Must have a Friendly proper name
    1. Friendly name cannot incorporate spaces or special characters
  4. Ostend the Certificate shows the following if yous have a private cardinal for the certificate


Check Certificate Installation (Wild Bill of fare Certificate)

  • https://docs.microsoft.com/en-usa/dynamics-gp/spider web-components/security-certificates-and-ssl
  1. Start -> Manage Computer Certificates
  2. Needs to exist imported to the following:
    1. Personal -> Certificates
    2. Third-Political party Root Certification Authorities -> Certificates
    3. Web Hosting
  3. Must have a Friendly proper noun
    1. Friendly proper noun cannot incorporate spaces or special characters
  4. Ostend the Certificate shows the following if you have a individual key for the certificate


Open IIS

  1. Click on the Server
    1. Open Server Certificates
    2. Confirm your certificate is showing with the friendly name
  2. Click on the Site
    1. Click on Bindings (on far correct side of the screen)
    2. Add https and attach your Certificate
      1. Get out the Host name blank.

Agile Directory Groups

  • https://docs.microsoft.com/en-u.s./dynamics-gp/web-components/security-groups-and-user-accounts

You will need to have two Active Directory Groups setup

  1. A group for Web Client Users
    1. This group volition be able to log into Web Client
  2. A group for Web Customer Administrators
    1. This group volition be able to log into Web Management Panel

Install Dynamics GP with Web Client Runtime option

  • Confirm you are able to log into GP

At this point, you have all necessary Pre-requisites in place and will be able to install Web Client.

How to install Web Client

  • https://docs.microsoft.com/en-us/dynamics-gp/spider web-components/calibration-out-installation
  • Only install the Certificate where it is required.

Recommended Steps for Uninstalling/Reinstalling Web Client.

  1. Uninstall GP Spider web Components
  2. Delete the GPCONFIGURATION database.
  3. Restart the IIS server
  4. Delete GP Web Components from C:\Plan Files\Microsoft Dynamics
  5. Install Web Client
    1. For Session Central and Session Services, practice not bind the SSL to those services as it is optional.
  6. Log into Web Client.
  7. Log into WebMangementConsole

Helpful logs when troubleshooting errors logging in or inside web client.

  • Runtime Log
  • Script Log
  • Timing Log
  • SQL Log

To capture these logs open up Web Management Console and Web Client.

  1. Log into Web Client with AD User, only do not log into GP with SQL creds notwithstanding.
  2. Log into Web Management Console
    1. Under Session Cull the new session
    2. Click on Logging
    3. Choose all 4 options
    4. Click okay
  3. Now back on the Spider web Customer tab, log in with the 60 minutes user creds to GP.
  4. Permit Web Customer run till it errors out or yous know information technology is washed processing.
  5. Dorsum to the Web Management Console Tab
    1. Click on the session over again
    2. Click on Logging
    3. Uncheck all options
    4. Click okay.

The log files are located at C:\ProgramData\Microsoft Dynamics\GPSessions\Logs.