Issues connection CRM for Outlook 2011 on-premise

quarta-feira, 27 de abril de 2011 12:58

I successfully deployed CRM 2011 in a single server, single domain scenario and configured Reporting Services, IIS and the Deployment Wizard to use HTTPS. Everything is doing just fine except for the Outlook client not being able to connect to the server stating that "There is a problem communicating with the Microsoft Dynamics CRM server. The server might be unavailable. Try again later. If the problem persists, contact your system administrator.". Using a HTTP connection, i am able to choose an Organization from the list, but afterwards connecting still fails.

Unfortunately, i was unable to fix this issue myself.

The following shows the trace from the Crm50ClientConfig.log (the actual FQDN was replaced with <FQDN>).

14:50:20|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm._testConnectionButton_Click
14:50:20|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.TestConnection
14:50:20|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.TestConnection
14:50:20|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm._testConnectionButton_Click
14:50:20| Error| Error connecting to URL: https://<FQDN>/XRMServices/2011/Discovery.svc Exception: System.ServiceModel.Security.SecurityNegotiationException: SOAP security negotiation with 'https://<FQDN>/XRMServices/2011/Discovery.svc' for target 'https://<FQDN>/XRMServices/2011/Discovery.svc' failed. See inner exception for more details. ---> System.ComponentModel.Win32Exception: Security Support Provider Interface (SSPI) authentication failed. The server may not be running in an account with identity 'host/<FQDN>'. If the server is running in a service account (Network Service for example), specify the account's ServicePrincipalName as the identity in the EndpointAddress for the server. If the server is running in a user account, specify the account's UserPrincipalName as the identity in the EndpointAddress for the server.
 at System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
 at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
 at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetNextOutgoingMessage(Message incomingMessage, T negotiationState)
 at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
 --- End of inner exception stack trace ---

Server stack trace: 
 at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
 at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
 at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
 at System.ServiceModel.Security.SecurityProtocol.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
 at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
 at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
 at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
 at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
 at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
 at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
 at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
 at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)
 at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)
14:50:20| Error| Exception : SOAP security negotiation with 'https://<FQDN>/XRMServices/2011/Discovery.svc' for target 'https://<FQDN>/XRMServices/2011/Discovery.svc' failed. See inner exception for more details. 
Server stack trace: 
 at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
 at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
 at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
 at System.ServiceModel.Security.SecurityProtocol.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
 at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
 at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
 at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
 at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
 at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
 at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)
 at Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadOrganizations(Boolean forceUI)
 at Microsoft.Crm.Application.Outlook.Config.ServerForm.<InitializeBackgroundWorkers>b__0(Object sender, DoWorkEventArgs e)
 at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
 at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
14:50:20| Error| Exception : Security Support Provider Interface (SSPI) authentication failed. The server may not be running in an account with identity 'host/<FQDN>'. If the server is running in a service account (Network Service for example), specify the account's ServicePrincipalName as the identity in the EndpointAddress for the server. If the server is running in a user account, specify the account's UserPrincipalName as the identity in the EndpointAddress for the server. at System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
 at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
 at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetNextOutgoingMessage(Message incomingMessage, T negotiationState)
 at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)

Environment details

Windows Server 2008 R2
SQL Server 2008 R2 Standard
Dynamics CRM 2011 with Update Rollup 1
Email Router with Update Rollup 1

Windows 7 Professional 64bit
Office Outlook 2010 32bit
Dynamics CRM 2011 for Outlook with Update Rollup 1

Windows Server 2008 R2 native domain

Looking forward to your comments

Todas as Respostas

segunda-feira, 9 de maio de 2011 12:21

1

Experiencing the same thing.

Tracked it down to the discovery service not playing ball.

Not found a solution yet.
Don Wiid
- Responder
- Citação
terça-feira, 10 de maio de 2011 23:53

0

Having the same problem connecting over a VPN. I can remote desktop into the intranet, open Outlook and get all the CRM for Outlook features. But using my Dev Machine over the VPN I get the error.

I can be logged into the CRM over the web and using all the CRM features in the background, but CRM for Outlook just won't connect.

Note that when I first installed CRM for Outlook the connection succeeded, but after the first shutdown I have not been able to connect. So I know the connection details are correct, that the ports are open and that the CRM is able to connect, it's just that now it wont.
- Responder
- Citação
quarta-feira, 25 de maio de 2011 14:31

2
This worked for me (and at least one other person who posted on another forum):

In IIS, on the Microsoft Dynamics CRM website => Double-click on Authentication => Windows Authentication => Advanced Settings (On the right) => Check "Kernel Mode Authentication" and click OK.
Don Wiid
- Sugerido como Resposta donwiid domingo, 19 de junho de 2011 17:48
- Responder
- Citação
sábado, 16 de julho de 2011 07:17

0

same problem here, spn's are okay. seems with ssl it wont work?!
- Responder
- Citação
quinta-feira, 15 de setembro de 2011 14:12

0
I am having the same problem, it worked last month. Has anybody found a solution?

08:04:25|   Info| === Microsoft Dynamics CRM for Outlook Configuration Wizard logging started: 9/15/2011 8:04:25 AM ===
08:04:25|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ClientConfig.Initialize
08:04:25|   Info| Client Configuration Wizard Version      : 5.0.9688.1244
08:04:25|   Info| Client Configuration Wizard LanguageID   : 1033
08:04:25|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.Validator.IsOutlookInitialized
08:04:25|   Info| Query all rows in profile table
08:04:25|   Info| Outlook is initialized
08:04:25|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.Validator.IsOutlookInitialized
08:04:25|   Info| Client Configuration Wizard Running Mode : Normal
08:04:25|   Info| Configuration file Type : OnPremise.
08:04:25|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.ConfigInfo
08:04:25|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetAvailableServiceIds
08:04:25|   Info| Logon mapi store
08:04:25|   Info| Logon admin service
08:04:25|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetServiceIds
08:04:25|   Info| Query all rows in msg service table
08:04:25|   Info| Adding service id : {2bf98a85-2597-47cc-bea6-141b59e3da2d}
08:04:25|   Info| Adding service id : {2f46f86a-7784-44be-9202-4580ce1b8124}
08:04:25|   Info| Adding service id : {387cef0b-cf46-4d7f-b47c-a0b8e6a77183}
08:04:25|   Info| Adding service id : {c23be195-4d1d-4097-8972-8c13b49f76f0}
08:04:25|   Info| Adding service id : {ec3838cc-364a-4958-b2a9-6d141a9964ca}
08:04:25|   Info| Adding service id : {d7d2f30b-7aa5-46c7-97ff-4ce50cbb6d2d}
08:04:25|   Info| Adding service id : {d005fe87-89ed-4478-af4c-4688a4a48446}
08:04:25|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetServiceIds
08:04:25|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.RemoveOrphanDatastoreIfNeeded
08:04:25|   Info| Logon mapi store
08:04:25|   Info| Logon admin service
08:04:25|   Info| Query crm msg services in msg service table.
08:04:25|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.RemoveOrphanDatastoreIfNeeded
08:04:25|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.ConfigInfo
08:04:25|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.ServerForm
08:04:25|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.ServerForm
08:04:26|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.SetUIData
08:04:26|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadAvailableUrls
08:04:26|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadAvailableUrls
08:04:26|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.SetUIData
08:04:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm._okButton_Click
08:04:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm._okButton_Click
08:04:58|   Info| Fill organization comboBox with server information.
08:04:59| Error| Exception : SOAP security negotiation with 'https://crm2011:444/xxx/XRMServices/2011/Organization.svc' for target 'https://crm2011:444/xxx/XRMServices/2011/Organization.svc' failed. See inner exception for more details.
Server stack trace:
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityProtocol.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Xrm.Sdk.IOrganizationService.Execute(OrganizationRequest request)
   at Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy.ExecuteCore(OrganizationRequest request)
   at Microsoft.Crm.Application.SMWrappers.ClientOrganizationServiceProxy.ExecuteCore(OrganizationRequest request)
   at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvider`1.VerifyUser()
   at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvider`1.SignIn()
   at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvidersFactory`1.GetAuthProvider(Uri endPoint, Credential credentials, AuthUIMode uiMode, Uri webEndPoint, IClientOrganizationContext context, Form parentWindow)
   at Microsoft.Crm.Application.Outlook.Config.ServerInfo.LoadUserId()
   at Microsoft.Crm.Application.Outlook.Config.ServerInfo.Initialize(Uri discoveryUri, OrganizationDetail selectedOrg, String displayName, Boolean isPrimary)
   at Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadDataToServerInfo()
   at Microsoft.Crm.Application.Outlook.Config.ServerForm.<InitializeBackgroundWorkers>b__2(Object sender, DoWorkEventArgs e)
   at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
   at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
08:04:59| Error| Exception : The Security Support Provider Interface (SSPI) negotiation failed.    at System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetOutgoingBlobProxy.GetOutgoingBlob(ChannelBinding channelBinding)
   at System.ServiceModel.Security.RequestSecurityToken.GetBinaryNegotiation()
   at System.ServiceModel.Security.WSTrust.Driver.WriteRequestSecurityToken(RequestSecurityToken rst, XmlWriter xmlWriter)
   at System.ServiceModel.Security.RequestSecurityToken.OnWriteTo(XmlWriter writer)
   at System.ServiceModel.Security.RequestSecurityToken.WriteTo(XmlWriter writer)
   at System.ServiceModel.Security.RequestSecurityToken.OnWriteBodyContents(XmlDictionaryWriter writer)
   at System.ServiceModel.Channels.BodyWriter.WriteBodyContents(XmlDictionaryWriter writer)
   at System.ServiceModel.Channels.BodyWriterMessage.OnWriteBodyContents(XmlDictionaryWriter writer)
   at System.ServiceModel.Channels.Message.OnWriteMessage(XmlDictionaryWriter writer)
   at System.ServiceModel.Channels.Message.WriteMessage(XmlDictionaryWriter writer)
   at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
   at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
   at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
   at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
08:05:09|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ClientConfig.Terminate
08:05:09|   Info| Exit code: Default
08:05:09|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ClientConfig.Terminate
08:05:09|   Info| === Microsoft Dynamics CRM for Outlook Configuration Wizard logging stopped: 9/15/2011 8:05:09 AM ===
- Sugerido como Resposta doug_porsche quarta-feira, 12 de outubro de 2011 14:25
- Não Sugerido como Resposta doug_porsche quarta-feira, 12 de outubro de 2011 14:25
- Editado doug_porsche quarta-feira, 12 de outubro de 2011 14:27
- Responder
- Citação
quarta-feira, 12 de outubro de 2011 14:25

0

Just got a lead on this.

In my case it was the AntiVirus firewall settings.
- Responder
- Citação
sábado, 28 de janeiro de 2012 23:21

0

Thanks for sharing, can you add any detail on what setting you modified to fix this issue?
- Responder
- Citação
sexta-feira, 13 de abril de 2012 16:28

0

Solution that Worked for me is to remove the "COM_Plus" environment variable from "My Computer" - properties - Advanced settings - Environment Variables - System Variables.
- Responder
- Citação
segunda-feira, 23 de abril de 2012 14:06

0

Solution that worked for me was to remove all bindings that exists for the MS CRM site, but keeping only https. Reset IIS.
- Responder
- Citação
quinta-feira, 18 de outubro de 2012 15:34

0

Was this the firewall on the server or on your client?
- Responder
- Citação
sexta-feira, 2 de novembro de 2012 06:58

0

Hi

Please refer this article

http://support.microsoft.com/kb/2502671

Thanks & Regards Dhamodharan R
- Responder
- Citação
terça-feira, 6 de novembro de 2012 16:48

0
Hi,

1. Please check if you have any duplicate SPN records are created.

Open command prompt and type:

setspn -x (this will display the duplicate SPN records in your CRM server)

2. Make sure your PC time sync with AD

3. Check your bindings in IIS and Deployment Manager are same.

go to Deployment Manger->Properties->Web Address

4. Make sure to have only one http and only https bindings for your CRM Site.

Regards,

Khaja Mohiddin
http://www.crmclub.co
http://about.me/KhajaMohiddin
- Editado Khaja Mohiddin terça-feira, 6 de novembro de 2012 16:48
- Responder
- Citação