GP 2013 and 2015 GP Web Services "Exception message: The security object does not exist"

After moving the GPWEBSECURITY database for GP Web Services and running a repair we received the following error opening the Security Console:

"Exception message: The security object does not exist. Missing Key: 25cc1a21-2cc4-4b13-a1c8-eea186fb688a"

Turns out we ran the wrong repair.  DO NOT run the repair from the GP Web Services Configuration Console.  Instead, launch the GP Setup.exe from the GP installation media.  This will detect the existing install and give you the option to repair.I used information from the following link and updated it for the new web services that does not run in IIS:

To determine the scopes in the ADAM database, use the Authorization Manager (Azman.msc) Microsoft Management Console (MMC) snap-in to browse the database. To do this, follow these steps:

  1. Click Start, click Run, type azman.msc, and then click OK.
  2. On the Action menu, click Open Authorization Store.
  3. Click Active Directory.
  4. In Windows Explorer, open the following folder:
    C:\Program Files\Microsoft Dynamics\GPWebServices\WebServices
  5. Use Notepad to open the DynamicsSecurity.config file.
  6. Copy the following value for the AzManConnectionString setting:
    mssql://Driver={SQL Server};Server={MySqlServer\MyInstance};/GPWEBSECURITY/DynamicsGPWebServices
  7. Paste the value into the Store Name field in the Open Authorization Store window, and then click OK.
  8. Expand the DynamicsSecurityService store.
  9. Expand 25cc1a21-2cc4-4b13-a1c8-eea186fb688a to view the scopes. A folder graphic designates the scopes that are installed and that have an assigned integer value.

I was able to verify that the database in the new GPWEBSECURITY database did not contain the data from the original database.  I restored from backup.  Reran the repair.

NOTE: I also had to search all .config files in the install folders for the original MyOldSqlServer\MyOldInstance and replace it with the MyNewSqlServer\MyNewInstance.

I used FNR.exe from codeplex.

SSRS Report Builder "Application cannot be started, contact application vendor."

When trying to launch Report Builder you receive the error "Application cannot be started, contact application vendor."

I did two things that seemed to of helpled.

1. Open SSMS and connect Server type "Reporting Services", Server name. Right Click the Server Name in Object Explorer and pick Properties. Under Advanced setting in the Reports section set the ReportBuilderLaunchURL to https://serverurl/ReportServer/Report/BuilderReportBuilder_3_0_0_0.appli....

2. Create a Web.config file in the C:\Program Files\Microsoft SQL Server\MSRS11.instancename\Reporting Services\ReportServer\ReportBuilder folder containing the following

<?xml version="1.0" encoding="utf-8"?>
<compilation tempDirectory="C:\Program Files\Microsoft SQL Server\MSRS11.instancename\Reporting Services\RSTempFiles\"/>

Management Reporter 2012 on GP 2015 Couldn't retrieve the list of available databases: The connection attempt failed.

While trying to configure Management Reporter 2012 on a brand new install of GP 2015 I received the following error:

"Couldn't retrieve the list of available databases: The connection attempt failed."

Configuration is SQL 2012 on Server 2012 R2, GP 2015 on Server 2012 R2.

Solution: Install Dexterity Shared Components 12 from the install disc for GP2013 R2.

I found the answer here:

Thank you to Richard Markham.

Disable / Turn off UAC on Server 2012


While User Access Control can protect our servers from malicious attacks on Server 2012 it is a pain. Setting UAC to Never Notify does not turn it off.

The following link explains how:

Set HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system EnableLUA value = 0

Users cannot see renamed form navigation pane group headings

If you have customized the Group Names (i.e. 'Common', 'Sales', 'Service', 'Marketing', 'processes') located in the form navigation pane of Microsoft Dynamics CRM, you need to assign the appropriate permissions to users so they can actually see these changes. The privilege inside of the security role that needs to be turned on is called 'ISV Extensions' on the Customization tab. This privilege is already given by default to management roles. If a user does not have this privilege they will not be able to see any changes to the headers-- rather it will look like no change has been made at all.

Syndicate content