1

I created two application instances [Dynamics 365 Finance and Operations] for prod and test environments. I'm now getting the following error.

Unable to get the channel information Detail Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: '0DEC01638DF6D70A2D57DFE338ABFC3D6BD45458', Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and query for 'https://graph.microsoft.com/beta/applications/00000015-0000-0000-c000-000000000000' to see configured keys] Trace ID: afa96f28-9dbe-48cb-a569-431f637b1a00 Correlation ID: 8981ef7c-9bd5-427e-bd33-072fc7faca86 Timestamp: 2020-02-05 07:47:17Z ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 401

This log is from the test environment and now it started giving this error after I started creating the production environment using this AAD_AppId: 00000015-0000-0000-c000-000000000000. So my question is, Is it possible to use the same AAD_AppId for two applications.

Rashed Hasan
  • 3,721
  • 11
  • 40
  • 82
mambo chaminuka
  • 51
  • 10
  • That AppId looks like the tenant id, maybe check what your actual app id is? – bvpb Feb 05 '20 at 22:11
  • `00000015-0000-0000-c000-000000000000` is the app id of internal Microsoft app: Microsoft Dynamics ERP. How are you using it for your applications? Please provide more details. Is there an official document? – Allen Wu Feb 06 '20 at 01:13

1 Answers1

0

No, you can't.

The Application ID of an AD App is a GUID across all the Azure AD tenant, you can just use the same Displayname of the AD App for your prod and test environments at most. Eevn they have the same Displayname, they will have different Application IDs.

Besides, the 00000015-0000-0000-c000-000000000000 is the Application ID of the Microsoft application Microsoft Dynamics ERP, it will appear in the Enterprise applications in the AAD tenant which used it, they will have different Object id in different tenant, but they will have the same Application ID.

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
  • Thank you so much. So in this cas what am I supposed to do to make these two apps work?? Generate another AAD AppId?? – mambo chaminuka Feb 06 '20 at 07:02
  • @mafiguhuggins What do you want to do with the App? In other words, what do you want to achieve? – Joy Wang Feb 06 '20 at 07:05
  • I want to be able to use them [test and prod] with different AAD_AppId because currently they are using the same AAD_AppId and thats where the test env is giving the error. – mambo chaminuka Feb 06 '20 at 07:25
  • @mafiguhuggins With just an error, it is not helpful, could you tell me what do you want to do? – Joy Wang Feb 06 '20 at 07:29
  • @mafiguhuggins If you want to use AD App to access some APIs, you need to [Register an application in AAD](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app), then give the API permissions to it, check this [doc](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis). – Joy Wang Feb 06 '20 at 07:33
  • Ok this is what i did `Remove-AzureRmADSpCredential -ServicePrincipalName '00000015-0000-0000-c000-000000000000' -KeyId 'XXXXXXXXXXXXXXXXXX'` afterit had given me an error saying `Update to an existing credential with keyId 'XXXXXXXXXXXXXXXXXXXXXXXX' is not allowed`. I then lastly ran `.\Add-CertToServicePrincipal.ps1 -CertificateThumbprint 0DEC01638DF6D70A2D57DFE338ABFC3D6BD45458`. The I got into that error. – mambo chaminuka Feb 06 '20 at 07:35
  • @mafiguhuggins Why do you do operations on the Microsoft Application? If you want to use the AD App to access the APIs or azure resources, just register a new AD App in Azure AD, the Microsoft Application should not be used like this, it is managed by Microsoft, even it is existing in your tenant as a service principal, we should not do this. – Joy Wang Feb 06 '20 at 07:39
  • Ok thank you. Just give me an upvote for my question if it was a good question – mambo chaminuka Feb 06 '20 at 07:42
  • Unfortunately my reputation is just below 15. Could have upvoted that one. You helped a lot – mambo chaminuka Feb 06 '20 at 07:45
  • 1
    Ok noted. Accepted – mambo chaminuka Feb 06 '20 at 07:59