Header Ads Widget

🔍 Debugging TEST/UAT Data from Dev VM in Dynamics 365 F&O using JIT (Just-in-Time)

Mastering D365FO Team April 28, 2025

 

🧠 Why You Might Need This?

Sometimes in Dynamics 365 Finance & Operations (D365FO), you need to troubleshoot data issues in a TEST or UAT environment using your local DEV VM. You can’t just directly access these databases—but Microsoft provides a secure way to request Just-In-Time (JIT) access using LCS.

This process enables you to:

  • Investigate complex data-related bugs

  • Reproduce TEST/UAT issues in DEV

  • Access remote environments securely for a limited time (usually 8 hours)

🔐 Step 1: Requesting JIT Access from LCS

  1. Log into LCS (Lifecycle Services).

  2. Select the target TEST/UAT environment.

  3. Go to the Maintain > Enable Database Access section.

  4. Add your Dev VM's public IP to the firewall whitelist.



  5. Confirm to enable JIT access.




⏰ You’ll receive an expiry notice (usually valid for 8 hours).

🎯 Step 2: Request SQL Login Credentials

  1. In the same LCS page, scroll to Database accounts.

  2. Select "Troubleshooting tuning for AX" as your reason.




  3. Provide your justification and request access.



  4. Refresh the page after submission.

✅ You’ll get:

  • SQL Server Name

  • Database Name

  • Login Username

  • Login Password

💻 Step 3: Connect from SQL Server Management Studio (SSMS)

Using the above credentials:






  • Open SSMS on your Dev VM.

  • Choose SQL Authentication, not Windows.

  • Paste the JIT credentials.

👤 Step 4: Create Debug SQL User (Optional but Recommended)

You can optionally create a new SQL user for debugging using the following script:

sql
CREATE USER [debugSessionUser] WITH PASSWORD=N'Debug@2025!', DEFAULT_SCHEMA=[dbo];
GO
EXEC sp_addrolemember N'db_owner', 'debugSessionUser';
GO

This ensures isolation and easy revocation post-debugging.

⚙️ Step 5: Modify web.config in AOS Service

  1. Stop the following services before changing config:

    • IIS

    • World Wide Web Publishing

    • Microsoft Dynamics 365 Batch Management Service

    • Microsoft Dynamics 365 Data Import Export Framework (DIXF)

  2. Locate and backup your current web.config:

    • Path: K:\AOSService\WebRoot\web.config

  3. Edit the below keys in the file:

xml
<add key="DataAccess.Database" value="YourJITDatabaseName" />
<add key="DataAccess.DbServer" value="YourJITServerName" />
<add key="DataAccess.SqlUser" value="YourJITUser" />
<add key="DataAccess.SqlPwd" value="YourJITPassword" />
<add key="DataAccess.AxAdminSqlPwd" value="Debug@2025!" />
<add key="DataAccess.AxAdminSqlUser" value="debugSessionUser" />

  1. Restart IIS and services after saving the file.

🔍 Verify the Connection

  1. Open the Dev VM URL.

  2. Navigate to:

    System Administration → Inquiries → Database → Database Information


     

  3. Check if the database name matches the TEST/UAT database.

If yes, you’re now officially connected and ready to debug LIVE TEST data securely.

🛡️ Important Safety Tips

🔒 Best Practice✅ Recommendation
Version MatchDev VM and TEST/UAT must be on the same version
Code SyncEnsure build + sync before connecting
No DB SyncNever run DB sync in Dev while connected to TEST
Revert ChangesRestore original web.config after use
8-Hour LimitAfter expiry, reapply JIT access if needed

📌 Summary

Just-In-Time access through LCS is a powerful feature when you need to securely connect to TEST/UAT environments for debugging in D365FO. Always follow safety best practices and never forget to revert your environment setup post-debugging.

Tags:

Post a Comment

0 Comments