Authorization for snapshot debugging doesn't work anymore

[tfenster]

Describe the issue When trying to initialize a snapshot debugging session, I am asked for username and password, but they aren't accepted. The same username and password work for e.g. downloading symbols. Here is what I do:

1. Create the container (full output see below)
2. Create the launch.json file in my AL project

   {
   "version": "0.2.0",
   "configurations": [
   {
     "type": "al",
     "request": "launch",
     "name": "deleteme",
     "server": "https://snap-test.germanywestcentral.cloudapp.azure.com",
     "serverInstance": "testdev",
     "port": 443,
     "authentication": "UserPassword",
     "startupObjectId": 22,
     "startupObjectType": "Page",
     "tenant": "default",
     "breakOnError": true,
     "launchBrowser": true,
     "enableLongRunningSqlStatements": true,
     "enableSqlInformationDebugger": true
   },
   {
       "name": "snapshotInitialize: deleteme",
       "type": "al",
       "request": "snapshotInitialize",
       "environmentType": "Onprem",
       "server": "https://snap-test.germanywestcentral.cloudapp.azure.com",
       "serverInstance": "testsnap",
       "port": 443,
       "authentication": "UserPassword",
       "breakOnNext": "WebClient"
   },
   ]
   }

3. Run "AL: Download symbols" in VS Code. I get asked for username and password and after providing them, symbols are successfully downloaded
4. Hit F7 in VS Code. Again, I get asked for username and password, but now get the following error:

   [2021-11-04 15:50:43.53] Requesting metadata for a snapshot debugging session. 
   [2021-11-04 15:50:43.53] Targeting server 'https://snap-test.germanywestcentral.cloudapp.azure.com' and server instance 'testsnap'.
   [2021-11-04 15:50:43.54] Using user name and password authentication. User name used is: 'admin'.
   [2021-11-04 15:50:43.54] Sending request to https://snap-test.germanywestcentral.cloudapp.azure.com/testsnap/snapshotdebugger/snapshotendpointmetadata
   [2021-11-04 15:50:43.72] Authorization has failed or the credentials have expired. The credential cache has been cleaned. Any access to reach Business Central would require new authorization.
   The authentication has been cancelled.

Scripts used to create container and cause the issue

New-BcContainer -accept_eula -accept_outdated -containerName test -artifactUrl (Get-BCArtifactUrl -type Sandbox -country fr) -imageName mybc -auth NavUserPassword

Full output of scripts

BcContainerHelper is version 2.0.16
BcContainerHelper is running as administrator
Host is Microsoft Windows Server 2019 Datacenter - ltsc2019
Docker Client Version is 20.10.7
Docker Server Version is 20.10.7
Downloading application artifact /sandbox/19.0.29894.32020/fr
Downloading C:\Users\VM-Administrator\AppData\Local\Temp\2\b361db7e-be51-444d-875e-98dbd9c7758d.zip
Unpacking application artifact to tmp folder using Expand-Archive
Downloading platform artifact /sandbox/19.0.29894.32020/platform
Downloading C:\Users\VM-Administrator\AppData\Local\Temp\2\bf9fca58-7d3c-4546-9a0a-2b93d6e3bd71.zip
Unpacking platform artifact to tmp folder using Expand-Archive
Downloading Prerequisite Components
Downloading c:\bcartifacts.cache\sandbox\19.0.29894.32020\platform\Prerequisite Components\Open XML SDK 2.5 for Microsoft Office\OpenXMLSDKv25.msi
Downloading c:\bcartifacts.cache\sandbox\19.0.29894.32020\platform\Prerequisite Components\IIS URL Rewrite Module\rewrite_2.0_rtw_x64.msi
Downloading c:\bcartifacts.cache\sandbox\19.0.29894.32020\platform\Prerequisite Components\DotNetCore\DotNetCore.1.0.4_1.1.1-WindowsHosting.exe
Fetching all docker images
Fetching all docker volumes
ArtifactUrl and ImageName specified
Building multitenant image mybc:sandbox-19.0.29894.32020-fr-mt based on mcr.microsoft.com/businesscentral:10.0.17763.2237 with https://bcartifacts.azureedge.net/sandbox/19.0.29894.32020/fr
Pulling latest image mcr.microsoft.com/businesscentral:10.0.17763.2237
10.0.17763.2237: Pulling from businesscentral
4612f6d0b889: Already exists
c0698cf91ebd: Already exists
2e69063b2971: Pulling fs layer
eacee1562b40: Pulling fs layer
c1a743bf1d64: Pulling fs layer
74de1fb24035: Pulling fs layer
ef55df48ffbb: Pulling fs layer
5f59cefe76ba: Pulling fs layer
b69d63dfa878: Pulling fs layer
a1095ac233f2: Pulling fs layer
99a4f47c981b: Pulling fs layer
b65ace4027ec: Pulling fs layer
109bf13d5244: Pulling fs layer
657e746d7e2f: Pulling fs layer
bdbb8aa2eb89: Pulling fs layer
a1095ac233f2: Waiting
99a4f47c981b: Waiting
b65ace4027ec: Waiting
109bf13d5244: Waiting
657e746d7e2f: Waiting
bdbb8aa2eb89: Waiting
b69d63dfa878: Waiting
74de1fb24035: Waiting
ef55df48ffbb: Waiting
5f59cefe76ba: Waiting
c1a743bf1d64: Verifying Checksum
c1a743bf1d64: Download complete
2e69063b2971: Verifying Checksum
2e69063b2971: Download complete
74de1fb24035: Verifying Checksum
74de1fb24035: Download complete
ef55df48ffbb: Verifying Checksum
ef55df48ffbb: Download complete
5f59cefe76ba: Verifying Checksum
5f59cefe76ba: Download complete
a1095ac233f2: Verifying Checksum
a1095ac233f2: Download complete
2e69063b2971: Pull complete
99a4f47c981b: Verifying Checksum
99a4f47c981b: Download complete
b65ace4027ec: Verifying Checksum
b65ace4027ec: Download complete
109bf13d5244: Verifying Checksum
109bf13d5244: Download complete
eacee1562b40: Verifying Checksum
eacee1562b40: Download complete
657e746d7e2f: Verifying Checksum
657e746d7e2f: Download complete
bdbb8aa2eb89: Download complete
b69d63dfa878: Verifying Checksum
b69d63dfa878: Download complete
eacee1562b40: Pull complete
c1a743bf1d64: Pull complete
74de1fb24035: Pull complete
ef55df48ffbb: Pull complete
5f59cefe76ba: Pull complete
b69d63dfa878: Pull complete
a1095ac233f2: Pull complete
99a4f47c981b: Pull complete
b65ace4027ec: Pull complete
109bf13d5244: Pull complete
657e746d7e2f: Pull complete
bdbb8aa2eb89: Pull complete
Digest: sha256:b2f4f9c624e03aabdb47676fd20a2e62317f8d00809cc5efbc48be58a6846260
Status: Downloaded newer image for mcr.microsoft.com/businesscentral:10.0.17763.2237
mcr.microsoft.com/businesscentral:10.0.17763.2237
Generic Tag: 1.0.1.8
Container OS Version: 10.0.17763.2237 (ltsc2019)
Host OS Version: 10.0.17763.2237 (ltsc2019)
Using process isolation
Files in c:\bcartifacts.cache\diuoc3qf.a25\my:
Copying Platform Artifacts
Copying Database
Copying Licensefile
Copying ConfigurationPackages
Copying Extensions
Copying Applications.FR
c:\bcartifacts.cache\diuoc3qf.a25
Sending build context to Docker daemon  2.028GB

Step 1/6 : FROM mcr.microsoft.com/businesscentral:10.0.17763.2237
 ---> da3f45b44138
Step 2/6 : ENV DatabaseServer=localhost DatabaseInstance=SQLEXPRESS DatabaseName=CRONUS IsBcSandbox=Y artifactUrl=https://bcartifacts.azureedge.net/sandbox/19.0.29894.32020/fr filesOnly=False
 ---> Running in ec1dcf566588
Removing intermediate container ec1dcf566588
 ---> 5d208dcf0f6e
Step 3/6 : COPY my /run/
 ---> a29dd50ecb1a
Step 4/6 : COPY NAVDVD /NAVDVD/
 ---> d034a699c0cd
Step 5/6 : RUN \Run\start.ps1 -installOnly -multitenant
 ---> Running in 2eeef16ef712
Using installer from C:\Run\150-new
Installing Business Central
Installing from DVD
Starting Local SQL Server
WARNING: Waiting for service 'SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS)' to
start...
Starting Internet Information Server
Copying Service Tier Files
C:\NAVDVD\ServiceTier\Program Files
C:\NAVDVD\ServiceTier\System64Folder
Copying PowerShell Scripts
C:\NAVDVD\WindowsPowerShellScripts\Cloud\NAVAdministration
C:\NAVDVD\WindowsPowerShellScripts\WebSearch
Copying dependencies
Copying ReportBuilder
Importing PowerShell Modules
Determining Database Collation
Changing Database Server Collation to French_100_CS_AS
Restoring CRONUS Demo Database
Setting CompatibilityLevel for tenant on localhost\SQLEXPRESS
Exporting Application to CRONUS
Removing Application from tenant
Modifying Business Central Service Tier Config File for Docker
Creating Business Central Service Tier
Installing SIP crypto provider: 'C:\Windows\System32\NavSip.dll'
Copying Web Client Files
C:\NAVDVD\WebClient\Microsoft Dynamics NAV
Copying Client Files
C:\NAVDVD\LegacyDlls\program files\Microsoft Dynamics NAV
C:\NAVDVD\LegacyDlls\program files\Microsoft Dynamics NAV
C:\NAVDVD\LegacyDlls\systemFolder
Copying ModernDev Files
C:\NAVDVD
C:\NAVDVD\ModernDev\program files\Microsoft Dynamics NAV
Copying additional files
Copying ConfigurationPackages
C:\NAVDVD\ConfigurationPackages
Copying Test Assemblies
C:\NAVDVD\Test Assemblies
Copying Extensions
C:\NAVDVD\Extensions
Copying Applications
C:\NAVDVD\Applications
Copying Applications.FR
C:\NAVDVD\Applications.FR
Starting Business Central Service Tier
Importing CRONUS license file
Copying Database on localhost\SQLEXPRESS from tenant to default
Taking database tenant offline
Copying database files
Attaching files as new Database default
Putting database tenant back online
Mounting tenant database
Mounting Database for default on server localhost\SQLEXPRESS with AllowAppDatabaseWrite = False
Sync'ing Tenant
Tenant is Operational
Stopping Business Central Service Tier
Installation took 360 seconds
Installation complete
Removing intermediate container 2eeef16ef712
 ---> 043cc34b45b7
Step 6/6 : LABEL legal="http://go.microsoft.com/fwlink/?LinkId=837447"       created="202111041427"       nav=""       cu=""       multitenant="Y" country="FR"       version="19.0.29894.32020"       platform="19.0.29884.31932"
 ---> Running in 1c5feea52c9c
Removing intermediate container 1c5feea52c9c
 ---> 126f08b7f9c3
Successfully built 126f08b7f9c3
Successfully tagged mybc:sandbox-19.0.29894.32020-fr-mt
Building image took 1535 seconds
WARNING: useTraefik not specified, but Traefik container was initialized, using Traefik. Specify -useTraefik:$false if you do NOT want to use Traefik.
Enabling SSL as otherwise all clients will see mixed HTTP / HTTPS request, which will cause problems e.g. on the mobile and modern windows clients
Using image mybc:sandbox-19.0.29894.32020-fr-mt
PublicDnsName is snap-test.germanywestcentral.cloudapp.azure.com
Creating Container test
Style: sandbox
Multitenant: Yes
Version: 19.0.29894.32020
Platform: 19.0.29884.31932
Generic Tag: 1.0.1.8
Container OS Version: 10.0.17763.2237 (ltsc2019)
Host OS Version: 10.0.17763.2237 (ltsc2019)
Using process isolation
Using locale fr-FR
Adding special CheckHealth.ps1 to enable Traefik support
Disabling the standard eventlog dump to container log every 2 seconds (use -dumpEventLog to enable)
Additional Parameters:
-e webserverinstance=test
-e publicdnsname=snap-test.germanywestcentral.cloudapp.azure.com
-l "traefik.protocol=https"
-l "traefik.web.frontend.rule=PathPrefix:/test"
-l "traefik.web.port=443"
-l "traefik.soap.frontend.rule=PathPrefix:/testsoap;ReplacePathRegex: ^/testsoap(.*) /BC$1"
-l "traefik.soap.port=7047"
-l "traefik.rest.frontend.rule=PathPrefix:/testrest;ReplacePathRegex: ^/testrest(.*) /BC$1"
-l "traefik.rest.port=7048"
-l "traefik.dev.frontend.rule=PathPrefix:/testdev;ReplacePathRegex: ^/testdev(.*) /BC$1"
-l "traefik.dev.port=7049"
-l "traefik.snap.frontend.rule=PathPrefix:/testsnap;ReplacePathRegex: ^/testsnap(.*) /BC$1"
-l "traefik.snap.port=7083"
-l "traefik.dl.frontend.rule=PathPrefixStrip:/testdl"
-l "traefik.dl.port=8080"
-l "traefik.dl.protocol=http"
-l "traefik.enable=true"
-l "traefik.frontend.entryPoints=https"
--env customNavSettings=PublicODataBaseUrl=https://snap-test.germanywestcentral.cloudapp.azure.com/testrest/odata,PublicSOAPBaseUrl=https://snap-test.germanywestcentral.cloudapp.azure.com/testsoap/ws,PublicWebBaseUrl=https://snap-test.germanywestcentral.cloudapp.azure.com/test
Files in C:\ProgramData\BcContainerHelper\Extensions\test\my:
- AdditionalOutput.ps1
- CheckHealth.ps1
- MainLoop.ps1
- SetupVariables.ps1
- updatecontainerhosts.ps1
Creating container test from image mybc:sandbox-19.0.29894.32020-fr-mt
7d3a5dc2d6352501ef8add603931b3d8c0703ebc9dc26bb107417b18d2f1570b
Waiting for container test to be ready
Initializing...
Setting host.containerhelper.internal to 172.25.48.1 in container hosts file
Starting Container
Hostname is test
PublicDnsName is snap-test.germanywestcentral.cloudapp.azure.com
Using NavUserPassword Authentication
Starting Local SQL Server
Starting Internet Information Server
Creating Self Signed Certificate
Self Signed Certificate Thumbprint 05F33F14784E40CEDBF7084C92AFC1D7DAB6071F
Modifying Service Tier Config File with Instance Specific Settings
Modifying Service Tier Config File with settings from environment variable
Setting PublicODataBaseUrl to https://snap-test.germanywestcentral.cloudapp.azure.com/testrest/odata
Setting PublicSOAPBaseUrl to https://snap-test.germanywestcentral.cloudapp.azure.com/testsoap/ws
Setting PublicWebBaseUrl to https://snap-test.germanywestcentral.cloudapp.azure.com/test
Starting Service Tier
Registering event sources
Creating DotNetCore Web Server Instance
Enabling Financials User Experience
Dismounting Tenant
Mounting Tenant
Mounting Database for default on server localhost\SQLEXPRESS with AllowAppDatabaseWrite = False
Sync'ing Tenant
Tenant is Operational
Creating http download site
Setting SA Password and enabling SA
Creating admin as SQL User and add to sysadmin
Creating SUPER user
Container IP Address: 172.25.61.207
Container Hostname  : test
Container Dns Name  : snap-test.germanywestcentral.cloudapp.azure.com
Web Client          : https://snap-test.germanywestcentral.cloudapp.azure.com/test/?tenant=default
Dev. Server         : https://snap-test.germanywestcentral.cloudapp.azure.com
Dev. ServerInstance : BC
Dev. Server Tenant  : default
Setting test-default to 127.0.0.1 in container hosts file

Files:
http://snap-test.germanywestcentral.cloudapp.azure.com:8080/ALLanguage.vsix
http://snap-test.germanywestcentral.cloudapp.azure.com:8080/certificate.cer

Container Total Physical Memory is 32.0Gb
Container Free Physical Memory is 25.8Gb

Initialization took 130 seconds
Ready for connections!
Reading CustomSettings.config from test
Creating Desktop Shortcuts for test
Container test successfully created
Because of Traefik, the following URLs need to be used when accessing the container from outside your Docker host:
Web Client:        https://snap-test.germanywestcentral.cloudapp.azure.com/test?tenant=default
SOAP WebServices:  https://snap-test.germanywestcentral.cloudapp.azure.com/testsoap
OData WebServices: https://snap-test.germanywestcentral.cloudapp.azure.com/testrest
Dev Service:       https://snap-test.germanywestcentral.cloudapp.azure.com/testdev
Snapshot Service:  https://snap-test.germanywestcentral.cloudapp.azure.com/testsnap
File downloads:    https://snap-test.germanywestcentral.cloudapp.azure.com/testdl

Use:
Get-BcContainerEventLog -containerName test to retrieve a snapshot of the event log from the container
Get-BcContainerDebugInfo -containerName test to get debug information about the container
Enter-BcContainer -containerName test to open a PowerShell prompt inside the container
Remove-BcContainer -containerName test to remove the container again
docker logs test to retrieve information about URL's again
PS C:\Users\VM-Administrator> docker logs test
Initializing...
Setting host.containerhelper.internal to 172.25.48.1 in container hosts file
Starting Container
Hostname is test
PublicDnsName is snap-test.germanywestcentral.cloudapp.azure.com
Using NavUserPassword Authentication
Starting Local SQL Server
Starting Internet Information Server
Creating Self Signed Certificate
Self Signed Certificate Thumbprint 05F33F14784E40CEDBF7084C92AFC1D7DAB6071F
Modifying Service Tier Config File with Instance Specific Settings
Modifying Service Tier Config File with settings from environment variable
Setting PublicODataBaseUrl to https://snap-test.germanywestcentral.cloudapp.azure.com/testrest/odata
Setting PublicSOAPBaseUrl to https://snap-test.germanywestcentral.cloudapp.azure.com/testsoap/ws
Setting PublicWebBaseUrl to https://snap-test.germanywestcentral.cloudapp.azure.com/test
Starting Service Tier
Registering event sources
Creating DotNetCore Web Server Instance
Enabling Financials User Experience
Dismounting Tenant
Mounting Tenant
Mounting Database for default on server localhost\SQLEXPRESS with AllowAppDatabaseWrite = False
Sync'ing Tenant
Tenant is Operational
Creating http download site
Setting SA Password and enabling SA
Creating admin as SQL User and add to sysadmin
Creating SUPER user
Container IP Address: 172.25.61.207
Container Hostname  : test
Container Dns Name  : snap-test.germanywestcentral.cloudapp.azure.com
Web Client          : https://snap-test.germanywestcentral.cloudapp.azure.com/test/?tenant=default
Dev. Server         : https://snap-test.germanywestcentral.cloudapp.azure.com
Dev. ServerInstance : BC
Dev. Server Tenant  : default
Setting test-default to 127.0.0.1 in container hosts file

Files:
http://snap-test.germanywestcentral.cloudapp.azure.com:8080/ALLanguage.vsix
http://snap-test.germanywestcentral.cloudapp.azure.com:8080/certificate.cer

Container Total Physical Memory is 32.0Gb
Container Free Physical Memory is 25.8Gb

Initialization took 130 seconds
Ready for connections!

Screenshots

Additional context

• does it happen all the time? Yes
• did it use to work? Yes, see #1702

I also checked the BC Server configuration, but Snapshot debugging seems enabled and on the right port

[TEST] PS C:\Run> Get-NAVServerConfiguration BC

key                                                         value
---                                                         -----
...
SnapshotDebuggerEnabled                                     true
SnapshotDebuggerServicesPort                                7083
SnapshotDebuggerServicesSSLEnabled                          true

As I get an auth problem and not something like a 404, it also seems to me like it works in general

[tfenster]

Additional note: If I use the BC 19 onprem artifacts, the connection works

1. Create the container

   New-BcContainer -accept_eula -accept_outdated -containerName onprem19fr -artifactUrl (Get-BCArtifactUrl -type onprem -country fr -version 19) -imageName mybc -auth NavUserPassword

2. Download symbols
3. Connect snapshot session -> works

   [2021-11-04 17:21:25.23] Initializing a snapshot debugging request on debugging context :d3e5aa6d-4348-4768-bd49-db98b9b8b19b 
   [2021-11-04 17:21:25.23] Sending request to https://snap-test.germanywestcentral.cloudapp.azure.com/onprem19frsnap/snapshotdebugger/attach?debuggingcontext=d3e5aa6d-4348-4768-bd49-db98b9b8b19b
   [2021-11-04 17:21:26.03] The snapshot debugger initialize request for the debugging context 'd3e5aa6d-4348-4768-bd49-db98b9b8b19b' has succeeded. 
   Check the status of an initialized snapshot by using the 'Show all snapshots' command, or by clicking the snapshot debugger icon in the left corner of the toolbar.

So it seems like this is somehow connected to the sandbox artifacts?

[freddydk]

If you add -runSandboxAsOnPrem does that make it work?

[tfenster]

Yes, that works. Shouldn't it also work without that?

[freddydk]

Yes, it should - but it points to where the error is (in the permission subsystem)

[tfenster]

@freddydk any idea on this yet?

[bydynamics]

hmmm, took me some time to figure out the configuration. This one was working for me.

    {
        "name": "snapshotInitialize: MyServer",
        "type": "al",
        "request": "snapshotInitialize",
        "environmentType": "OnPrem",
        "server": "https://yourserver.westeurope.cloudapp.azure.com",
        "port": 443,             
        "serverInstance": "navserversnap",
        "authentication": "UserPassword",
        "breakOnNext": "WebClient"
    },              

[lippertmarkus]

@freddydk any update on this?

[blrobl]

Hi, adding "tenant": "default" to the Snapshot Debugger configuration in the launch.json should solve the issue. This is because sandbox containers are multitenant by default, so this parameter is required when connecting to the container.