Web Client Error: “A problem occurred creating a session error.”

I’m sure that this has happened to everyone, you follow the steps and you launch your web client web page. Then, after you log in you receive the dreaded error, “A problem occurred creating a session error.” Often the first response is to repair the web client and proceed to check the local certificate. This is followed by checking the services. And alas, nada. None of these processes fix the error.

The problem is not the web client install, but the added feature on the actual Microsoft Dynamics GP installation. One misconception about installing the web client is that multiple Runtime installs exist. You have the Web Client Runtime and the Web Services Runtime. The Web Client Runtime is often missed because it hides in the Microsoft Dynamics GP install.

1. Web Client Runtime: On the Web Client server go to Programs and Features, select Microsoft Dynamics GP 2015 (Desktop Client Install), click Add/Remove Features and check if Web Client Runtime is installed. If this runtime is not installed edit and then try logging into the Web Client.



2. Web Services Runtime: The second Runtime is located in the GP installation. When you open the installer you will see the Web Services Runtime.





1095C Old Employees are Populating in Microsoft Dynamics GP

Payroll in January is the most havoc time of year.  One common problem I see on the help desk in January is the 1095C printing a form for an employee that has not worked this year or has been inactive since before the current year.

To correct this there are two scripts to run. Both of these scripts are from Terry Heley’s ACA post which can be referenced here. In both scripts, please replace XXX for field YEAR1 with the current year.

This script will remove any employee without coverage for the year:

delete from upr10111
where (MonthofCost_1=’0′ AND MonthofCost_2=’0′ AND MonthofCost_3=’0′ AND MonthofCost_4=’0’and
MonthofCost_5=’0′ AND MonthofCost_6=’0′ AND MonthofCost_7=’0′ AND MonthofCost_8=’0′ AND
MonthofCost_9=’0′ AND MonthofCost_10=’0′ and MonthofCost_11=’0′ AND MonthofCost_12=’0′ AND
MonthofCoverage_1=’0′ and MonthofCoverage_2=’0′ and MonthofCoverage_3=’0′ and MonthofCoverage_4=’0’and
MonthofCoverage_5=’0′ AND MonthofCoverage_6=’0′ AND MonthofCoverage_7=’0′ AND MonthofCoverage_8=’0′ AND
MonthofCoverage_9=’0′ AND MonthofCoverage_10=’0′ AND MonthofCoverage_11=’0′ AND MonthofCoverage_12=’0′)
and YEAR1=’XXX’

This script will need to have the year replaced in two places. This will delete users who are older than the current payroll year. For example , n 2016 you would replace the XX with 2016.

AND DEMPINAC <= ‘XXX-01-01 00:00:00.000′) and YEAR1=’XXX’

What these scripts do is update the UPR10111 table where the wage file creates data for the 1095C and 1094C transmittal form.

This information can be found on Terry Heley’s Blog, the payroll ACA information can be found here. Her blog is an amazing source of information and I highly encourage everyone to check it out.

Disclaimer: Always run a new script in your test environment and run a good backup before you run any scripts that will delete or change data.

Microsoft Dynamic GP Security Overview

In Microsoft Dynamics GP, users have access to nothing until security access to windows, reports, and files are granted. There are standard Roles and Tasks are the pre-defined set of windows, reports, and files based on the tasks they are granted. Microsoft built the system in a way that allows Administrators to edit the Roles and Tasks to fit our requirements or even create new ones.

There are specific building blocks that build on one another to create the security in Microsoft Dynamic GP.

  • Operation: Is the base level access to windows or reports. These are assigned to a task.
    • Ie. The Account Maintenance window
  • Task: A Task component is the group of operations that are needed to complete a business task.
    • Task CARD_0101*
  • Role: The Role component is the group of tasks that define a particular job in a company.
    • Account Manager*

A great tool to lookup security Roles and Tasks for specific windows or reports is GP Window.

The roles that are assigned to each user are company-specific and you would be able to assign different roles to different companies if needed.

Setting up a Task
Click Microsoft Dynamics GP, point to Tools, point to Setup, point to System, and then click Security Tasks.
Then lookup or create your task ID. If this is a new task then you would need to fill in the Task Name and Category.
Then Select a Product, Type, and Series and this will bring up a selection to provide access. If it is checked then the task will have access to the window or report.


Setting up a Role
On the Microsoft Dynamics GP menu, point to Tools, point to Setup, point to System, and then click Security Roles.
Then lookup or create your Role ID. If this is a new task then you would need to fill in the Role Name.
You will then be able to select various security tasks to apply to the Role. If it is checked then the Role will have access to the Task.


Applying user security
On the Microsoft Dynamics GP menu, point to Tools, point to Setup, point to System, and then click User Security.
Then look up your user and select the company that you would like to apply the Role. You will need to apply this to each company. If the same permissions are for the same for each company then you can use the copy button on the ribbon to copy the setup between companies.
You will then be able to select various security roles to apply to the user’s security.



Proactive Not Reactive: Top 10 ideas to Protect Yourself From CryptoLocker

1. User Training
This is probably the biggest item. The worst aspect of CryptoLocker is that they are not actively hacking your network. They are sending spam e-mail or having your user’s go to websites that are not for work purposes and download the installer without them seeing it. Train your users to be wary of emails from senders you don’t know and not to go to non-work sites.

2.  Apply a spam filter to your exchange that blocks executable files being attached
This will keep them from accidently activating an executable. They can still receive zip files and will have to know not to extract or unzip them.

3.  Consider Software Restriction Policies and Whitelisting
Locking down what your users can and cannot install will assist with prevention. Also, disable hidden file extensions in Windows to keep them from unintentionally installing something.

4.  Apply a Firewall
Restrict outbound traffic only on ports that you actually use. Apply content filters to keep people honest on the types of sites that they are going on at work. Clock known malware domains.

5.  Apply good antivirus.
I would recommend that any antivirus you do choose has heuristic scanning abilities as these seem to be the best at locating when Cryptolocker is active in a system. Heuristic scanning looks for typical patterns of behavior. Such antivirus includes Kaspersky, Eset, Webroot, etc. Please do your research and find the right antivirus for your organization.

6.  Apply correct security to everyone in your network
If everyone is a domain admin then this provides the keys to the kingdom to all your users. If one of them gets CryptoLocker, then you are essentially giving that virus full range to your network. Give limited domain access to users and restrict access to vital points on your network, such as your SQL server. Also, restrict who is a local admin on the computers.

7.  Strong passwords
Newer versions of CryptoLocker are able to guess at simple passwords. If you only have capitals and lowercase letters then this can be hacked within a short period of time. In 2013. Hackers were able to crack 16-character passwords in less than an hour, to view details of the article go here. It is recommended to make your passwords vary and have capital, lowercase, numbers and atypical symbols (Such as %, &, ^, }). Normally users select ! or @. These are common and more likely to be guessed. The more complicated you make your password, the better your network security will be.

8.  Regularly clean up old logins
Let’s say your users follow your password policy. What about an old login that has been sitting there for years before the password policy has been in place? This is a hacker’s dream and they will take full advantage. I recommend putting a practice into place that cleans up old logins every 3-6 months.

9.  Backup, backup, Backups!
Backups that are on their own backup device is best. You want to backup all of your critical files. Have shares for each user and train them to store their critical files on the server. I tell clients that if it will take more than a week to recreate (if they are able to recreate the file), then to place it on your personal share where it is backed up by the company. Clients that have had CryptoLocker and a backup system were back up and running with minimal downtime.

10.  Apply 3rd party programs that act as preventions
CryptoPrevent Malware Prevention or CryptoLocker Tripwire I have not personally used these two. However, have heard good reviews for the both. I would not rely solely on either and would add them as an additional layer in addition to your antivirus.

Please never pay the ransom. Every time these criminals receive a ransom it only encourages them to target another company or person and continues the cycle.

CryptoLocker and Microsoft Dynamics GP

CryptoLocker is the boogeyman of the IT world.  It is a silent predator until you get an error that says your file is not legible.  It affects a multitude of programs.  It also affects Microsoft Dynamics GP.  Typically, when a computer is a victim of CryptoLocker and has Microsoft Dynamics GP installed it will get an error stating that the dictionary is not loaded.  What has occurred is your Reports Dictionary location has been encrypted and GP will not launch with an encrypted dictionary.

There are several options depending on your setup and preparedness for CryptoLocker about what this means for your data with Microsoft Dynamics GP.

  1. If your Microsoft Dynamics GP’s data is stored on your SQL server and there is limited access to this server. This will minimize risk of the virus spreading to your SQL server.  Meaning the SQL server is separate from the desktops or Terminal Servers.
  2. There are exceptions for businesses that don’t lock down access to their SQL server or do not have a separate machine for their SQL instances. Some companies run SQL express and Microsoft Dynamics GP on the same computer with an external hard drive backup plugged into the computer.  This is the most vulnerable of the setups as CryptoLocker will encrypt and lock down everything the user has access to.
  3. If the user gets CryptoLocker on their local desktop and the user remotes into a terminal server, typically you will not see the virus on the terminal server. This depends on the access the users has in the network.

Steps to take once you realize you have CryptoLocker. 
Once CryptoLocker is discovered there are several steps that I take.

  1. I disconnect all network drives and remove the computer from the network.
  2. I then check the network locations for any damage and see what needs to be restored from a backup
  3. Verify that the user is not a domain administrator. If they are then you need to check the entire network to see what the possible damage may be.
  4. Check all computers in the network for variations of the CryptoLocker files. Depending on the size of the network, I ask managers to assist going to computer to computer to locate all possible infections.
  5. Analyze the problem. It is imperative to analyze the damage done by CryptoLocker.  Where you find the virus may not be where it is originating.  Several newer variations of crypto locker have become more intelligent and have given their bots the ability to hack throughout the networks by guessing simple passwords.
  6. Isolate the malware and then create your plan of action to remove it from your network. You can run scans to remove the virus and after it is removed, you can put the computer back on the network.  I like to use SuperAntiSpyWare, Malwarebytes, Eset Online Scanner.  In extreme cases, we had to complete a complete wipe and reload of the OS.
  7. After the malware is removed from the network, you can then proceed with restoring data from your backups. You don’t want to start restores until you can verify the malware is completely gone.  I made the mistake once of not doing this and the malware encrypted the restored items as we were in the process of restoring the data.

Top Reasons To Love Microsoft Power BI

  1. Direct connection into SQL databases to connect into Microsoft Dynamics GP and also Microsoft Dynamics 365.

This product is designed to work with a variety of data sources.  Including Excel, CSV, XML, Access databases, Microsoft SQL Server, MySQL, etc.  If you have data stored, there is a high chance that Microsoft Power BI will connect to it with little difficulty.  Additionally you can connect multiple data sources into one report.

  1. Access from anywhere

Sharing is caring.  This cloud based solution offers access to anyone you permit at any time of the day and from anywhere.  It has mobile apps on Apple, Android and Windows devices.

  1. Easy to comprehend and create data.

Visual charts and graphs make Power BI useful for all users.  The charts setup is also drag and drop.  Simply select your data and it is there.

  1. Up to 1GB is free

Typically, free users are extremely limited, and in this case they are limited.  However, even with the limitations, users can create dashboards and customized reports.  They can still connect to their data and schedule refreshes.  The cost of $9.99 the paid version offers additional features and flexibility with the software that is not available for the free version, please see their pricing page for more detailed information of the differences.

  1. Designed for the non-technical person.

What you normally see with many reporting systems, is that the person creating the reports has to have hours upon hours of training and trial and error to become competent at creating the reports.  With Microsoft Power BI, they have created a solution that allows the non-technical person to hit the ground running.  Simply install the Power BI Desktop, connect to your data, and start creating.

The pricing in this post is based on the current cost on their website as of 2/6/2017.  Pricing is subject to Microsoft and can change.  For current information, please review their pricing page.

Business Intelligence: When Standard Reporting Is Not Enough

It should be no surprise to anyone that we are living in a digital world and data is being kept on the most mundane items.  Especially in every aspect of a business.  Once a business creates data, it needs to be able put it together in a meaningful, productive way.  Reports once filled this void.  There are many reporting solutions that work with Microsoft Dynamics GP.  Such as Management Reporter, Crystal Reports, Excel Reports, and Jet Reports.  The question becomes, what do you do with the information that you have at your fingertips when that monthly report is not enough?

The next step is Business Intelligence.  Once thought to be a flash in the pan, is now on its way to becoming the standard for driving business decisions for many companies.  As a consultant, I see a constant need to have relevant data and Power Bi create real-time dashboards with your data to make data-driven decisions.  It can connect to wherever you store your information and be made available to you anywhere.  This is the next step to the standard reports and can be used in conjunctions with reporting to drive your business to the next level.

Microsoft has created an extremely powerful tool called Power BI.  Power BI creates dashboards with relevant, constantly updated information that you can have at your fingertips to make business decisions.  You can create a dashboard item for any variety of reasons, such as the current sales for the year, see where your sales are at, or even compare current year sales with past years.