Category Archives: AIF

How to export configuration settings for AIF inbound/outbound ports

A very tedious task of mine has often been to deploy AIF services accross environments. I am used to do this the old school way = manually.

Today I had something that might be compared to as an epiphany – I stumbled upon this great technet artichle descripting how to export the configuration settings using the data import/export framework. Tried it out for the first time today and it’s working just great. The only downside so far, is that I haven’t been aware of this feature before…:-)

The HTTP request is unauthorized with client authentication scheme ‘Basic’. The authentication header received from the server was ‘Basic realm="some_name"’.

Today I spent quite some time struggling how to figure out was wrong with my client implementation of an AIF webservice. I kept getting the error “The HTTP request is unauthorized with client authentication scheme ‘Basic’. The authentication header received from the server was ‘Basic realm="some_domain_name"’.”

It was the realm part I didn’t understand. I had configured the service in AX to use basic authentication. From a reference environment, I knew the configuration had been working.

It turned out that my focus on the realm part was wrong because the reason to the error was invalid login credentials. How invalid login credentials can trigger the above error message is not for me to say. I would have expected a message like “Failed to log in to Microsoft Dynamics AX” instead. Just thought I would share my experience…

AIF – getting offline WSDL files

Quite often when dealing with AIF service I am asked to send a WSDL for a service to a 3rd party partner. Typically the partner dowsn’t have access to the service in that phase of the project. This means that I would have to send physical wsdl files (and not just an URL). In my experience the “singleWSDL” feature introduced with .net framework 4.5 doesn’t work for AIF services. In these cases AIF can be quite thedius to work with because the wsdl references other wsdl files as well as xsd’s. So in order to being able to send an offline wsdl file to a partner, you have to do a little bit of manual work. Ofcourse there are many ways to achieve the same, but here’s a guide of way, that I have found quite easy to work with.

  • Make sure the service has been published.
  • Open visual studio and create a console application. Add a new service reference pointing to the your service. Visuial studio now creates proxy classes as well as downloads referenced wsdl’s and xsd’s. You should see something similar to this in your project:
    Please note the 3 WSDL files and 6 XSD files.
  • Locate the physical location of the files (right click in VS and look at the file properties)
  • Copy all of the WSDL and XSD to a new folder of your choice (outside the project). This folder now contains the files that we want to send to our partner. But before sending them, we need to do some minor modifications.
  • Open the RoutingService.wsdl in your editor (VS will do just fine). Find and edit all import statements:
    You will se that the Locations attribute references a http address. Edit the location to point to the local file residing in the current folder.
    You will want to do the same for the service location:
    Make sure to point to the local file instead of the url.
  • Do the same for the other 2 WSDL files. It’s quickly done.
  • When finished You can test your work by going back into visual studio. Just simulate adding a new service reference pointing to the local wsdl files instead. Remember it is the RoutingService.wsdl that is Your point of entry. If VS doesn’t complain You are now finished.
  • Finally zip the folder and sent it to the partner.

If You know of a better/easier way please post a comment…

How to implement basic authentication in Dynamics AX2012 webservice

Recently I had to configure an inbound port for basic authentication. Furthermore I had to produce a guide in order to being able to set it up in the same way in other environments.

Lucky for me, I found this great guide, that I would like to share. You can also use it as a template for configuring other types of authentication.

Deadlocks show up in AIF exception log when CRM synchronizes multiple companies.

Recently I was working on a case where some issues occured when trying to synhronize data between MS dynamics ax 2012 and MS CRM.

Scenario description:

In MS CRM the following maps have been set up for synchronization in two integrations.


Each integration uses its own AX user for connection.

From the CRM point of view, the synchronization seems to succeed. However going through the exception log in AX it seems that quite a few deadlocks have occurred, please see screendump below:


And here’s a screendump from the “general” tab showing the error message – “Cannot select a record in Change Tracking Version (AifSqlCtVersion). Change Tracking Version: 0.
Deadlock, where one or more users have simultaneously locked the whole table or part of it.


The deadlocks seems to have disappeared by themselves.
From this blog post this issue seems to be a known issue – – however the ax database had not recently been updated.


The cause:

The cause seems to be the SQL optimiser doing a clustered index scan (RecId) in the query below, resulting in blocking:



The solution:

  • Login to Dynamics AX –> Open a Development workspace, and navigate to AOT –> Dictionary -> tables,
    Find the table AIFSQLCTVERSION , and create a new non-unique index for CTVERSION field
  • Login to SQL server Management studio, and create a new plan guide for the query adding index hint
    GO(replace the index name I_100021KOO_CTVERSIONIDX with the actual name of the newly created index)


Microsoft CRM: Synchronizing with multiple AX companies results in continuously opening new active AOS-connections

Recently I was presented with a very interesting problem that occured when Microsoft CRM was synchronizing with Microsoft Dynamics AX 2012 using the DynamicsConnector for MS Dynamics AX. The installation guide can be found here.

In basics it was a standard setup in both ends. When syncing only one company everything would work just fine, but when syncing two or more companies the online users would be filled with active connections that wouldn’t close by themselves. In the end this would lead to the AOS not accepting new clients or even a crash due to lack of RAM.

The strange thing was that everything was setup according to the guidelines and was working fine in a reference environment. A MS support request was created and I will try to summarize all of our findings and the solution that fixed the problem.

The problem in short:

  • When running the synch of 2 or more companies simultaneously, the client session on AX continues to increase till the crash of AOS.
  • Running synch of 1 company only (in other words 1 integration) the client sessions do not increase; looks like they are recycled.
  • The problem occurs in all maps and seems to be a general problem in our scenario.
  • The synchronization for all companies is running on the same AX account.

The solution:

  • The verified solution from MS was to create separate accounts for each synchronization.

AIF–duplicate types with name Dynamics.Ax.Application…

In a recent task I had to redeploy an AIF http document service several times due to changes. Ocassionally the below error would occur when opening the inbound ports form. The error indicated that the classes related to my document service somehow would conflict because they were already registered. In the current state it would not be possible to activate a new inbound port.


Fortunateley a colleague of mine had experienced something similar and here is our guide that in the end solved my issue:

  • Create a job that deletes everything  from the SysXppAssembly

static void Job1(Args _args)
SysXppAssembly sysxppassembly;
delete_from SysXppAssembly;

  • Stop the AOS.
  • Delete all files (and folders) from the “C:\Program Files\Microsoft Dynamics AX\60\Server\[instancename]\bin\XppIL” folder
  • Start the AOS and go to Systemadministration/setup/services and application integration framework/inbound ports to check if the error has gone.

In most cases that would solve the problem. In one situation I experienced that the above gude was not enough. I also had to do the following:

  • compile the entire application
  • Perform full CIL
  • Restart the AOS

Hope this helps…

Thanks to Henning Ejner Andersen for assisting me on this issue.

AIf – Some or all identity references could not be translated.

In a recent task i struggled with that error when calling an AIF http service. It would work from visual studios internal casini browser but when the client was deployed to IIS the error “ Some or all identity references could not be translated.” would display in the AIF exception log.

It was not possible to set up proper debugging in a timely manner so a little fix was created in order to being able to see why the error was being thrown.

Analyzing the labelid’s it turned out that the error with that labelid would only be thrown from one single location data dictionary/tables/AifPortUser. From there a call to to AifUtil::getWindowsUserSid(windowsUser) would occur causing the exception to be thrown. So the interesting thing would be to analyze what windows user actually was submitted by the client. In order to do that the AifUtil::getWindowsUserSid was modified in order to write the domain, alias and usersid to a text file:

        TextIo textIo;
        FileIOPermission fileio;   





        fileio = new FileIOPermission(@"C:\test\", #io_append);
        textIo = new TextIo(@"C:\test\textIOtest.txt", #IO_WRITE);
        textIo.write("domain: " + domain + "\n");
        textIo.write("alias: " + alias + "\n");
        textIo.write("userSid: " + userSid + "\n");

That little snipped showed that the identity of the default apppool was submitted and not the actual windows user. Changing the apppool identity fixed the problem.

A call to SSPI failed–DynAx 2012 AIF/WCF

Recently I deployed an AIF service to a customer environment. Everything was working fine in my single server development environment, but after deploy to the distributed customer environment, calls to the webservice resulted in the error “A call to sspi failed”.

The scenario:

  • My service – a simple document service. No hex about that.
  • I needed to deploy the service to IIS in order for it to be consumable from a corporate website
  • The customer environment contained a standalone server for the AOS and a standalone server for IIS
  • I created a simple test webform – my test client, in order to being able to test that everything was working ok.

Having deployed the service, the service was browsable. The identity of the application running the AIF site was the same as the one used for the Business connector proxy account (System administration –> setup –-> service accounts) The app pool was configured like this:


Authentication was configured like this:


Here’s a nice reference on how to install AIF on IIS when using Ax2012

From AX my service was configured to use a customBinding using NTLM and my clienct was also configured to use NTLM. Any call from the client to the service would result in the error “A call to SSPI failed – see inner exception…” – and no inner exception were to be found.

Trying to narrow down the problem a basicHTTPBinding was tried – still the same error.

As different kinds of blogposts suggested, I was able to call the AIF/WCF service when the service itself was using the ipaddress (to avoid the use of kerberos) of the aos server instead of the url. However this wasn’t an acceptable solution, as any new deployment of the service from AX, would result in a non working webservice, since the web.config would be overwritten when deploying from AX. And as it turned out, it was not possible to alter settings in AX forcing ax to deploy the service and having the endpoint in web.config reference the ip address instead af the FQDN. However the problem was now narrowed down to be caused by kerberos. I found this great blogpost explaining some basic things about Kerberos.

Another thing we tried out was to set the spn for the user running the service:

Setspn –A HTTP/2012webtest.myDomain.local myDomain\sa-proxy-lon

Having done that we tried to setup trust for delegation in AD according to this. We are not sure whether this had any effect, but we didn’t reverse the process.

This blogpost (see comment from Eric Ledoux and Brian Kinser) suggested that this might be caused by a kernel error. My customer recently upgraded to R2CU7 and I was expecting this to be fine, but talking with the technician from the customer revealed that IIS might not have been updated in that process with the new AX components. Running the setup file from the CU7 install media, suggested to update some core AX components. Choosing yes to update, restarting IIS and the AOS service, fault messages from ax started to show up when calling the webservice – meaning that everything was starting to work as expected.


In my case the “a call to sspi failed” error turned out to be resolved when upgrading to CU7. The problem I was facing was just caused by the fact that only the AOS had been upgraded – not IIS. Resolving this mismatch solved the problem.

Thanks to my colleague Morten Uldall for both moral and technical support:-)

AX2012 AIF – CallContext

Working with AIF on the Dynamics AX 2009 platform you had to create the SoapHeader manually. In that you had to specify the destination endpoint and the source endpoint user in order to being able to target a specific company using and maybe using a specific AX user. It could look like something similar to this:


public static class SoapHeader



        /// <summary>

        /// Helper method – adds a SOAP Header defining the destination endpoint (local endpoint) in Dynamics AX

        /// </summary>

        /// <param name="nameOfEndpoint">The name of the local endpoint</param>

        public static void SetDestinationEndpoint(string _nameOfEndpoint)


            OperationContext.Current.OutgoingMessageHeaders.Add(MessageHeader.CreateHeader("DestinationEndpoint", ";, _nameOfEndpoint));



        /// <summary>

        /// Helper method – adds a SOAP Header defining the source endpoint name and the source endpoint user to use

        /// </summary>

        /// <param name="sourceEndpointName">the name of the source endpoint</param>

        public static void SetSourceEndpointAndUser(string _sourceEndpointName, string _userName)


            //string userName = HttpContext.Current.User.Identity.Name.ToString(); //returns the current user and domian – eg. egdk\tomph

            var addressHeader = AddressHeader.CreateAddressHeader("SourceEndpointUser", ";, _userName);

            var addressBuilder = new EndpointAddressBuilder(

            new EndpointAddress(new Uri("urn:" + _sourceEndpointName), addressHeader));

            var endpointAddress = addressBuilder.ToEndpointAddress();

            OperationContext.Current.OutgoingMessageHeaders.From = endpointAddress;





            //call the webservice’s find method



                //SOAP header info

                using (new OperationContextScope(client.InnerChannel))



       //this assumes that a endpoint (inside AX) with the selected (dataareaid in this case) name has
       been created for all companies



       //this assumes that a local endpoint (inside ax) with the name [ddlDataAraeId.SelectedValue] has
       been configured and is associated with a company that exists in dynamics ax

                    SoapHeader.SetSourceEndpointAndUser("Default", Helper.GetCurrentUser());

                    //submit the request and retrieve the respons


                response = client.find(qc);

                enumerEmplTable = response.EmplTable.GetEnumerator();




Now in AX 2012 AIF you can simply specify the CallContext – which I may say is a h… of a lot easier…


            //create the AX call context in order to being able to define Ax company and submitting user

            CallContext axContext = new CallContext();

            axContext.Company = ddlDataAraeId.SelectedValue;

            axContext.LogonAsUser = Helper.GetCurrentUser();




                #if DEBUG

                CreateXmlMessageTextFileFromCreate(axdEGF_HRMWebRecruitment, Guid.NewGuid().ToString());


                keys = client.create(axContext, axdEGF_HRMWebRecruitment);

                txtResult.Text = "SUCCESS: " + keys[0].KeyData[0].Field + " = " + keys[0].KeyData[0].Value;


Thank You MS for making my life just a little bit easier:-)

You may find it relevant to look at the this peace of documention on technet.