Microsoft Dynamics GP Web Services - How to setup an Active Directory security store

***Update: If you have upgraded to 18.3.1200 for Microsoft Dynamics GP, you must then use the MDGPFALL2020_DVD_ENUS.zip media to then install/upgrade Web Services to 18.3 as well.  This DVD media has the required KB4527536 patch for Web Services built into it.  

Without using this DVD, when running the Web Services Configuration Wizard, you'll see issues like a blue question mark next to the Functional Currency check, then if you go past that, no companies will be available for selection and you won't be able to continue the install/upgrade.

Another issue we've seen, is that the Microsoft Dynamics GP Service Host service, which is the service that runs Web Services, will not start/run, thus the Dynamics Security Console and Web Services will not run, and the service cannot be started as normal.

It is not enough to just apply the KB4527536 MSP patch on top of an existing Web Services install or use it with a older Dynamics GP DVD media.

Hello everyone,

With the upcoming end of TLS 1.0 and 1.1 support there are some changes that will need to be made in Dynamics GP products in order to maintain compatibility.  In this article I will be covering how to create an authorization store in Active Directory to use with Web Services for Microsoft Dynamics GP.

1. Start > Run type AzMan.msc and click OK to open the Authorization Manager window
2. Click on Action > Options…, click Developer Mode and click OK
3. Click on Action > New Authorization Store… 
   1. Select Active Directory or Active Directory Application Mode (ADAM)
   2. Use either Schema version
   3. Store name is in a format of:

      CN=GPWebServices,CN=Program Data,DC=CONTOSO,DC=COM

      Where contoso.com is the FQDN of the domain.

        4. Click OK to close the window

        5. You’ll automatically be connected to your new store. Otherwise you can connect by going to Action > Open Authorization Store.., selecting Active Directory and entering your string or using the Browse.. button and selecting it there

        6. If someone other than the user who created the store will be installing GP Web Services you’ll need to give them permissions

            a. Right-click on GPWebServices store and select Properties

            b. Select the Security tab and add users to the Administrator role as necessary

When installing Web Services for Dynamics GP choose the Active Directory security store option (ADAM is only viable for upgrades from versions that previously used ADAM) and fill in the blanks:

1. Server: your domain controller
2. Port: 389
3. Partition: The string you entered when creating the security store (e.g. CN=GPWebServices,CN=Program Data,DC=CONTOSO,DC=COM)

After the install completes you will use the same Dynamics Security Console to set Role Assignments and change Policy Behaviors.  The only difference is that behind the scenes Dynamic GP Web Services will be pointing to that partition in Active Directory rather than a SQL Server database.

**NOTE: If you see an error attempting to create the AD authorization store: "Cannot create a new authorization store. The following problem occurred: The system cannot find the file specified." or in the Web Services Configuration Wizard showing "The Authorization Manager store could not be opened. Insufficient access rights to perform this operation.", try creating the AD store and doing the install of Web Services as an Enterprise Administrator, even if already a Domain Administrator with sysadmin rights in SQL Server, as we've seen this resolve these types of errors.