Open Forum

Expand all | Collapse all

VOODOO Management Reporter!

  • 1.  VOODOO Management Reporter!

    GPUG ALL STAR
    Posted Mar 23, 2020 04:34 PM
    Dear Working-From-Home Collaborators,

    I've got a conundrum wrapped in a riddle. The riddle is, "How the heck can someone run Management Reporter with just a VPN connection?"

    That is, our CFO, Troy, and our Accounting Manager, Holly, worked on budget vs. actual reports in MR over the weekend. They're both working from their homes (me, too) and they've brought their work laptops home.

    They both have shortcuts to Report Designer in their Task Bars. Let's focus on Troy the CFO.

    He connects to the office VPN which gives him access to our shared drives. I thought that was all!

    But he can open Report Designer, modify a report, and generate it. I only found out about this when he said he was having a problem. He sent me a screen shot showing a Report definition in the background; the "Report Queue Status" window with a report highlighted and Status = "Complete"; and a small message window:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Management Reporter
    Configuration system failed to initialize
    OK
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    So, I was very curious. I thought that MR would suffer the same drawbacks and lack of MS support as GP does. But he'd been merrily generating reports all morning until that "Configuration" message surfaced.

    Troy and Holly use VPN and the RemoteApp capability of our Remote Desktop Server. I use Remote Desktop to log into my work laptop which is still on my desk at work because I like having all my shortcuts and apps available to me, not the limited set available on the RemoteApp menu.

    I have a shortcut for Report Designer, too. When I open it and check the Connection, this is what it looks like:

    I would not have thought that Troy's VPN connection would be able to communicate with port 4712 on our SQL Server!

    What am I missing? Why does this work?

    Sincerely,

    ------------------------------
    "Sparkly" Steve Erbach - Green Bay, WI
    Co-Chair, GPUG WI (Green Bay) Chapter
    Blog: https://www.gpug.com/blogs/steve-erbach
    Twitter: twitter.com/serbach

    ───────────────
    Excel Webinar List as of 12-Nov-2019
    ------------------------------
    Academy - Online Interactive Learning from Experts


  • 2.  RE: VOODOO Management Reporter!

    TOP CONTRIBUTOR
    Posted Mar 24, 2020 09:13 AM
    Hi Steve,

    When I vpn to our network from home (via Cisco AnyConnect), my system "becomes" part of the work network.  It uses my office's dns server and can pickup all of the machine names.  I'm also guessing that the laptops you are using at home are part of your domain, so when you VPN in, you are also part of the domain.  Anything you have access to inside your company, you will probably have access from your VPN'd laptop (assuming IT hasn't put in any special routing restrictions).

    If you are running GP as a fat client and it's installed on your end user's laptops, please make sure they don't run GP!

    Good luck and stay healthy!

    ------------------------------
    John Arnold
    Senior Software Engineer
    US Digital
    Vancouver WA
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 3.  RE: VOODOO Management Reporter!

    GPUG ALL STAR
    Posted Mar 24, 2020 10:35 AM
    @John Arnold,

    Right-o! I'm mainly concerned with that $@#^&*&%*(! Windows error message.

    At the moment​, my only solution for my boss the CFO is to leave his work laptop at work and connect to it from home. Then he wouldn't have to log into the VPN and he'd have all of his apps, including GP on our RDS.

    Thanks for chiming in, John.

    Sincerely,

    ------------------------------
    "Sparkly" Steve Erbach - Green Bay, WI
    Co-Chair, GPUG WI (Green Bay) Chapter
    Blog: https://www.gpug.com/blogs/steve-erbach
    Twitter: twitter.com/serbach

    ───────────────
    Excel Webinar List as of 12-Nov-2019
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 4.  RE: VOODOO Management Reporter!

    GPUG ALL STAR
    Posted Mar 24, 2020 10:06 AM
    @David Laster,

    It is slowly dawning on me that a VPN connection is a bit more capable than I gave it credit for. I certainly have felt the pain of attempting to use GP via VPN.

    And I understand all that you've said about the http address and the Data Mart [shudder!] connection and Legacy. I simply didn't "get" VPN well enough to realize that it should work.

    I've changed my internal metaphor for VPN. I now think of it as a very long network cable from the user's remote location to the office network. This whole VPN "tunnel" terminology didn't do it for me! A cable I can understand!

    What is still not clear is the error the CFO gets (in my original message) when he generates a report from Designer. I've looked up that message online and it appears to be a Windows error... but it happens every time he runs a report.

    I appreciate the response, David!

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Hey Steve!

    As you know the usernames in MR are actually domain users. When the MR Designer app launches, it looks for the server name and http address where the MR Application Service is running to authenticate.  The MR Application Service can also be thought of as the Authentication Service in many ways.  If the VPN is up it should find the domain controller and do that.  It just uses regular Windows AD for that first part.   The Data Mart also uses AD for authentication, so VPN-connected people should be fine there too.

    The Legacy (direct-connect method) in MR prompts for your GP user password to authenticate against each company one time per MR session, but the actual service doing the heavy lifting when running reports is the MR Process Service, which uses a service account.

    GP on the other hand is really chatty with SQL across the network using ODBC to the databases and uses SQL authentication instead (NOT a service).  Any database connectivity issues or data corruption stemming from dropped connections manifests itself in incomplete postings, hung or incomplete records, duplicate keys, etc.  Never use GP with VPN, although I know some do break this rule unfortunately (data clean up is expensive and avoidable in this situation).

    Hope this helps and makes sense!

    David
    ------------------------------
    David Laster
    Director | Software Solutions
    GraVoc
    Peabody MA
    ------------------------------

    Sincerely,​


    ------------------------------
    "Sparkly" Steve Erbach - Green Bay, WI
    Co-Chair, GPUG WI (Green Bay) Chapter
    Blog: https://www.gpug.com/blogs/steve-erbach
    Twitter: twitter.com/serbach

    ───────────────
    Excel Webinar List as of 12-Nov-2019
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 5.  RE: VOODOO Management Reporter!

    Posted Mar 24, 2020 10:47 AM
    Steve:
    Try the FQDN http://our_sql_server.DOMAIN.COM:4712 and see if that works better with the VPN flipped on.

    Best,
    David

    ------------------------------
    David Laster
    Director | Software Solutions
    GraVoc
    Peabody MA
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 6.  RE: VOODOO Management Reporter!

    GPUG ALL STAR
    Posted Mar 24, 2020 03:30 PM
    @David Laster,

    I will pass that on. Thank you.

    Sincerely,​

    ------------------------------
    "Sparkly" Steve Erbach - Green Bay, WI
    Co-Chair, GPUG WI (Green Bay) Chapter
    Blog: https://www.gpug.com/blogs/steve-erbach
    Twitter: twitter.com/serbach

    ───────────────
    Excel Webinar List as of 12-Nov-2019
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 7.  RE: VOODOO Management Reporter!

    GPUG ALL STAR
    Posted Mar 24, 2020 06:14 PM
    Edited by Beat Bucher Mar 24, 2020 06:22 PM
    Steve,
    There are 2 things in the game here.. Windows Authentication and network name resolutions.. actually the 3rd player in the game here is the VPN ..
    I've been using VPN's by the full hand, as at one point I had probably 4 or 5 different ones installed on my workstation, and I'm not even talking about a corporate computer here.. just pure simple Windows Workgroup.

    The VPN creates a secured tunnel between your local computer and a remote network.. The big problem here is often times your VPN will work in "split-tunneling" mode, depending on how the VPN policies are setup. In my previous company the VPN was originally "exclusive" in the network access and once connected, you wouldn't be able to browse the internet, because the name resolution would strictly go thru the VPN, and for security reasons, that content was often times very controlled. So when you have to search something it was a convoluted process to get to the internet search engines.
    With "split-tunneling" your VPN client allows you to resolve names on both sides: the open internet and the internal network. What it can't find on one side, it will try on the other..

    The issue in your case might be simply that the name resolution for the MR server (http://MyMRHost:4712/) is not properly resolved. This could be helped very easily by adding the IP address in your local /etc/hosts file, which is the premier choix for Windows to resolve a name.
    The other day I was supporting a client that was trying to run its GP  while working remotely from home, but everything would be darn slow and login into GP would take up to 3 minutes.. Until I realized that he was actually running the GP fat client locally from his laptop. When I did a quick network speed test, his connection showed a miserable 22Mbs down and 2Mbs up speed.. Think about GP's requirement for a 100Mbs full duplex network connection when operating and compare that.
    That's why I always recommend to anyone who wants to run GP remotely to setup a Citrix or TS server and access either the published app from their laptop or login in full RDP session to work on the server.

    @John Arnold mentioned Cisco Anyconnect, one of the many VPN's I use too, and says that you should have access to all the resources like if you would be in the office.. that is more or less true, and mostly depends on how the network admin configured the Router/Firewall on the entry side and let the traffic inside to the network.​ VPN traffic could be limited to some specific sub-nets which would not give you access to all resources. So this has to be taken into consideration as well.
    The MR Designer client basically suffers from the same issue as the GP client, since it sends requests to the back-end SQL server and waits on the results to come back, which can be slow, based on your connection speed.. From there you have your Windows Credentials that are coming into the play to authenticate against the MR services (which may or not be on the SQL server). Once you're authenticated and let into MR Designer, the next level of authentication is your GP data, which might prompt you for GP credentials if you're setup with the Legacy connector, or just plain let you thru if using the DataMart (which relies on Windows Authentication, as you're not pulling data from the GP companies, but the MR DM cube)
    Good luck mon ami!

    ------------------------------
    Beat Bucher
    Business Analyst, Dynamics GP SME
    Montreal QC/Canada
    @GP_Beat http://www.gp-geek.com
    Montreal QC GPUG Chapter Leader
    MBS MVP (2015-2018)
    All-Star 2013
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 8.  RE: VOODOO Management Reporter!

    GPUG ALL STAR
    Posted Mar 24, 2020 07:36 PM
    @Beat Bucher, mon ami!

    I've recommended to my boss the CFO that he flesh out the connection URL in Report Designer to include our fully qualified domain name, as @David Laster suggested.​​​

    I'm very glad to have the extra detail. None of us running MR have had to use GP credentials, as far as I know... so that means we're using the DataMart? Ack!

    You know, might that error that my boss experienced be due to the DataMart needing a rebuild?

    Regards,

    ------------------------------
    "Sparkly" Steve Erbach - Green Bay, WI
    Co-Chair, GPUG WI (Green Bay) Chapter
    Blog: https://www.gpug.com/blogs/steve-erbach
    Twitter: twitter.com/serbach

    ───────────────
    Excel Webinar List as of 12-Nov-2019
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 9.  RE: VOODOO Management Reporter!

    GPUG ALL STAR
    Posted Mar 24, 2020 07:46 PM
    That could work.. though I never had tried that, since I've also never used MR Designer as a local install from a laptop over a VPN connection :-)

    If no one is prompted to enter credentials when they are in GP, it can mean either 2 things:
    1. they already have done it once and MR saved the credentials, which is good until next time you change pwd in GP
    2. you're setup with the DM, at which point it's never going to prompt for credentials.

    This is fairly easy to quickly figure out: you open your SQL studio management and connect to your GP instance, check for the presence of a database called "ManagementReporterDM" or similar. The name is actually free, so you could call it Houston if you'd like, as is the MR 2012 Database as well.. though I don't suggest that as this might confuse any sysadmin that is looking over your server to assist you.

    One recent partner I worked with had there own GP setup and guess what? the system database (DYNAMICS) was named 'GP'.. and there various companies had 1 or 2 letters only.. Talk about some clarity!

    I doubt the message your boss is getting does come from the DM, but I can't be for sure, as this is quite a strange message.. Would tend to believe it has something to do with web service config file...
    Microsoft has a KB article about most common errors on MR services : https://support.microsoft.com/en-us/help/2862020/error-message-when-you-start-microsoft-management-reporter-2012-can-t
    I'd also check the MR Configuration Console and see if there are any error messages in the log (bottom left) that might provide a hint..


    ------------------------------
    Beat Bucher
    Business Analyst, Dynamics GP SME
    Montreal QC/Canada
    @GP_Beat http://www.gp-geek.com
    Montreal QC GPUG Chapter Leader
    MBS MVP (2015-2018)
    All-Star 2013
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 10.  RE: VOODOO Management Reporter!

    GPUG ALL STAR
    Posted Mar 25, 2020 09:03 AM
    @Beat Bucher, @David Laster, @John Arnold,

    My boss is still getting the "Configuration system" error message... but now he can't seem to get Teams working on his work laptop, either.​​​​

    I've recommended to him that he take his work laptop back to the office (unfortunately 45 minutes away from his house) and use the spiffy new 17" laptop he just bought to log in directly to his work laptop. That's what I do and several other folks that are now working from home here.

    Thank you for the tidbits of extra information. They'll go on my "GPUG Tool Belt" (Remember Nashville 2017!).

    Regards,

    ------------------------------
    "Sparkly" Steve Erbach - Green Bay, WI
    Co-Chair, GPUG WI (Green Bay) Chapter
    Blog: https://www.gpug.com/blogs/steve-erbach
    Twitter: twitter.com/serbach

    ───────────────
    Excel Webinar List as of 12-Nov-2019
    ------------------------------

    Academy - Online Interactive Learning from Experts


If you've found this thread useful, dive deeper into User Group community content by role