Sign in
Microsoft.com
 
Microsoft
 
 
 
Microsoft >
SDK pluginregistration tool is not allowing connection to CRM 2011

Answered SDK pluginregistration tool is not allowing connection to CRM 2011

  • Wednesday, 2 May, 2012 10:26 PM
     
     
    Sign In to Vote
    0

    We have CRM 2011 installed on premises.  Our Developers are trying to use the pluginregistration tool from the SDK (which is installed on the same server with CRM), but are getting an error "Unable to retrieve the organizations from the Discovery Service".

    Further details of the error are:

    Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service.

    Server stack trace:
       at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
       at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Security.SecurityProtocol.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
       at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
       at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
       at PluginRegistrationTool.CrmConnection.RetrieveOrganizations() in C:\sdk\tools\pluginregistration\CrmConnection.cs:line 315
       at PluginRegistrationTool.ConnectionsForm.OpenConnection(CrmConnection con) in C:\sdk\tools\pluginregistration\ConnectionsForm.cs:line 940
    Inner Exception: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
       at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
       at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

    I have read other postings which suggest deleting the LiveDevice xml file under the user's profile, but I do not find any such file on the server.

    Can anyone give me some guidance on this?

     

All Replies

  • Wednesday, 2 May, 2012 10:52 PM
     
     
    Sign In to Vote
    0

     deleting the LiveDevice xml file under the user's profile is for connecting CRM 2011 online.

    The person runs the tool need CRM Administrator role, and in your case looks like the person is not authenticated. What's your authentication method in your on premise deployment?

    View Kevin Dan's LinkedIn profileView Kevin Dan's profile Please click "Mark As Answer" on the post if this post answers the question or "Vote as Helpful" when it helps.

     
  • Wednesday, 2 May, 2012 11:18 PM
     
     
    Sign In to Vote
    0

    The Developers are logging onto the CRM server with an account that is a local Administrator and is a Deployment Administrator for CRM.  However that account is NOT a User within the CRM Organization (they have a seperate account for that).  The accounts and the server are all within the same Active Directory domain so I assume it is using Kerberos for authentication.  I am told by the Developers that this was working at one time but now is not.  I don't have enough information to be sure of what changed that might have broken this.

     
  • Wednesday, 2 May, 2012 11:27 PM
     
     
    Sign In to Vote
    0
    I am almost certain it won't work if the account is NOT CRM Orgnaization user. Try CRM User Account with CRM Administrator in the CRM Organization and is Deployment Administrator as well.

    View Kevin Dan's LinkedIn profileView Kevin Dan's profile Please click "Mark As Answer" on the post if this post answers the question or "Vote as Helpful" when it helps.

     
  • Thursday, 3 May, 2012 4:27 PM
     
     
    Sign In to Vote
    0

    No, that's not it.  If I try an account that is a local Admin on the server, a Deployment Admin for CRM and a System Admin within the CRM Organization, I still get the error. 

    I think it has to do with enabling SSL on the CRM install.  We did this to improve performance from our Outlook clients according to a recommendation coming out of a Microsoft Performance Review.  SSL is enabled, not required.    If I enter a non-SSL URL string (i.e. http://servername), it seems to connect okay.  If I try to use the SSL URL it gives the error.  Any thoughts on that?

     
  • Thursday, 3 May, 2012 4:49 PM
     
     
    Sign In to Vote
    0

    Looks like the SSL issue. You can try Web browser, Outlook client, and plugin registration tool using the SSL url to verify and narrow down the issue.

    One thing you can try to solve this, is to install/import SSL digital certificate on the client computer.

    View Kevin Dan's LinkedIn profileView Kevin Dan's profile Please click "Mark As Answer" on the post if this post answers the question or "Vote as Helpful" when it helps.

     
  • Thursday, 3 May, 2012 5:01 PM
     
     
    Sign In to Vote
    0
    We're not really having any problem with our browser clients or Outlook clients.  Both seem to work with either SSL or not.  The problem only came up with this plugin tool.  We're running the tool locally on the server where the SSL cert is installed so I don't think that's it either.  I guess we can work around it by substituting the non-SSL URL even though the CRM service wants to advertise itself as SSL.  Maybe some kind of bug in the tool?
     
  • Thursday, 3 May, 2012 5:07 PM
     
     Answered
    Sign In to Vote
    0
    Good to know web brower and outlook client workes with either url. as for the plugin registration tool, if it works with  non-SSL, it should be fine since no security issue here. It might be a bug in the tool, you have the source code to look into it if you really want to find the root cause.

    View Kevin Dan's LinkedIn profileView Kevin Dan's profile Please click "Mark As Answer" on the post if this post answers the question or "Vote as Helpful" when it helps.

    • Marked As Answer by JWGage Thursday, 3 May, 2012 5:09 PM
    •