What to check before (re)using RSAT
We have been working for a while now with RSAT at various customers, it is stable, but we see sometime small glitches in user experience. In general, what is happening, if you haven’t maintained/used it for a while (for instance when during implementation RSAT is configured and used (for instance as provisioning tool), but then not actively monitored for some time) and a consultant or customer starts using it does not work (as expected). So, let us address some topics you should check before (re)using RSAT. Below is a list based on using RSAT for the last 2 years.
LCS (Lifecycle Services) Project Azure trust expires (every year)
There is a trust between DevOps and LCS, the maximum trust time is one year.
Getting a new token at: https://XXX.visualstudio.com/_usersSettings/token
In case the access token is expired, update it from LCS
For more information about integration of LCS and Dev Ops please read the blog on Kaya Consulting: Is your Business Process Modeler updated? – Kaya Consulting (kaya-consulting.com)
Are the soap names still, correct?
Unbelievably, there are a lot of incorrect solutions in the MS communities, with all distinct kinds of suggestions, starting from adding only soap or at the wrong place in the URL. The correct location is:
- Tier 2 XXXXXaossoap.sandbox.operations.dynamics.com
- Tier 1 XXXXXaossoap.cloudax.dynamics.com
Limitation on the test user (the consultant test partner account)
The test user must be active in the tenant domain of the customer. In general, always try to avoid using non-customer tenant users as also uploading the task recording directly into LCS, has similar issues. The tenant domain is visual in D365 at right top, click the question mark and about, tab page licenses.
Validate the certificates
And those are the nasty ones, I have seen a lot of Non-RTFM issues here. So, let us start addressing them by environment type. We will first start Microsoft Management Console for validating the certificates.
- Start mmc.exe
- We add the snap ins for certificates; for the current user and local computer.
It is wise to save this console setup after validating and fixing!
Tier 1 dev box
When you create a certificate for a Tier 1 and look at the pulldown, we can agree, no clue, what is meant here?
Adding a user-friendly meaningful name to the certificate will help you, this can be done by pressing the right mouse and selecting properties.
Meaningful names will result in clear names on the pull down for the Thumbprints.
There is a widespread misconception that pressing New in the RSAT tool also adapts the config file on the remote dev box. Sorry, technical consultants can perform miracles, but this is not one of them. So please open your remote desktop to the Dev Box and validate it!
Tier 2 environments
Be aware that platform updates also update the RSAT certificates. Last week I checked all on Monday and on Friday constant complaints, it is not working. That they did a platform update during that week, they forgot to tell me 🙁
Maintain Certificates RSAT Tool
Working with the Maintain Certificates RSAT Tool. It is not perfect yet. The Tier 1 and production should not appear on the list.
The user-friendly meaningful names are missing (but you know how to fix this now)
So, you change to the meaningful name. But it is still not working. You get the next error.
It took me some time to figure out this one. Please look at the next pictures on how to resolve this. I think MS will fix this in their next release.
And if we compare it with the certificate I imported the old way, we see a difference. With below certificate RSAT can pull a token.
Microsoft is on the right track with the Maintain Certificates RSAT Tool. So, we follow Frank Dahl and support him with valuable feedback.
Despite the above, I am still a happy user of RSAT!
For more details about RSAT please look at. Regression suite automation tool installation and configuration – Finance & Operations | Dynamics 365 | Microsoft Learn