Microsoft Dynamics GP 2013 SP2 Web Client Scale-Out Deployment: Avoiding Trust Relationship Problems

January 27th, 2014 by

If a wildcard domain certificate has been used then you won’t need to follow the steps in this post. If, like me, you’re using individual machine certificates then you will have problems with trust relationships between servers unless you install the certificate from each machine on all of the others.

To accomplish this, the certificates need to be exported and then imported. As an example, I am going to transfer the certificate from the Session Control Server (SC1) to the first Session Host (SH1).

To do this open Internet Information Services (IIS) Manager, select the machine and double click Server Certificates:

Internet Information Services (IIS) Manager

Select the certificate to export (in my case the one named Dynamics GP Web Client) and click Export in the Action pane:

Internet Information Services (IIS) Manager - Server Certificates

Enter the path to export the certificate, a password and password confirmation and click OK:

Export Certificate

On the machine you’re going to import the certificate (in my case SH1), press Win + R to open the Run window, type MMC and click OK:

Run

In the Microsoft Management Console click on File and select Add/Remove Snap-in…:

Microsoft Management Console

In the Available snap-ins list select Certificates and click Add > to move it to the Selected snap-ins list:

Add or Remove Snap-ins

After clicking OK select Computer account as we need to make the certificate we import available to all user and service accounts on the machine:

Certificates snap-in

Set the snap-in to always mange the Local computer and click Finish:

Select Computer

When returned to the Add or Remove Snap-ins folder, click OK:

Add or Remove Snap-ins

In the Microsoft Management Console navigation pane expand Certificates (Local Computer) and click on Certificates to display a list of all certificates installed on the machine.

In my example you will see that the certificate for SH1 (the local machine) is displayed second bottom in the list:

Microsoft Management Console

Right click in the middle panel, click All Tasks then, on the fly-out menu, click Import…:

Right Click Menu

Read the blurb on the Certificate Import Wizard welcome screen and click Men>Next:

Certificate Import Wizard - Welcome to the Certificate Import Wizard

Enter the path and file name of the certificate to be imported. On the source machine (SC1) I saved the certificate to the C:\ so to load it I entered a UNC path which access the Certificates folder on SC1:

Certificate Import Wizard - File to Import

Enter the password used when exporting the file and click Next:

Certificate Import Wizard - Private key protection

The Certificate Store we need to use is the Trusted Root Certificate Authorities

Certificate Import Wizard - Certificate Store

In the final stage of the Certificate Import Wizard check your selections and then click Finish:

Certificate Import Wizard - Completing the Certificate Import Wizard

A confirmation dialog will be displayed that the import has been sucessful:

Certificate Import Wizard - The import was successful.

In the Microsoft Management Console, the newly imported certificate for SC1 is shown third bottom, just above the SH1 certificate.

The Session Control certificate needs to be imported on each of the Session Hosts, and each of the Session Host server’s certificates need to be imported onto the Session Control server.

Show/Hide Index for this series

Source: azurecurve

Leave a Reply