Answered by:
User Login Issues - CRM 4.0 "The Specified user is either disabled or is not a member of any business unit"

Question
-
I have about 100 users who all have a respective business unit and roles, each user has been granted a custom role as well as a role that I created that was one of the out of the box roles. I often get support messages where users are getting an error that states "The Specified user is either disabled or is not a member of any business unit". I then verify the users business unit and roles and they are correct. Usually to fix them immediately I simply reassign their business unit to the parent business unit then grant roles and the user can then access CRM.
Any ideas?
Monday, May 10, 2010 6:39 PM
Answers
-
Hi sixty4,
I saw this problem if user had a custom security role and it wasn't configure properly. Check mainly Business Managment tab.
Here you have a article about mininum rights for a security roles.
http://www.orbitone.com/en/blog/archive/2009/10/06/minimum-dynamics-crm-permissions.aspx
My Dynamics CRM Blog: http://bovoweb.blogspot.com- Proposed as answer by Donna EdwardsMVP Tuesday, May 18, 2010 1:36 PM
- Marked as answer by Jim Glass Jr Tuesday, May 18, 2010 4:13 PM
Monday, May 17, 2010 9:50 AM -
Best Practice for creating new Security Roles is to copy an existing role that was included in the original CRM installation and then tweak the role to meet the secuirty needs. It might be worth your time to go through the installation and take this step for any security role that you created from scratch. It will probably save you and your users a lot of time moving forward.
It is challenging to find all the required minimum settings when creating a new security.
Regards, Donna
        Windows Live Blog
- Proposed as answer by Donna EdwardsMVP Tuesday, May 18, 2010 1:36 PM
- Marked as answer by Jim Glass Jr Tuesday, May 18, 2010 4:13 PM
Tuesday, May 18, 2010 1:35 PM
All replies
-
Hi sixty4,
I saw this problem if user had a custom security role and it wasn't configure properly. Check mainly Business Managment tab.
Here you have a article about mininum rights for a security roles.
http://www.orbitone.com/en/blog/archive/2009/10/06/minimum-dynamics-crm-permissions.aspx
My Dynamics CRM Blog: http://bovoweb.blogspot.com- Proposed as answer by Donna EdwardsMVP Tuesday, May 18, 2010 1:36 PM
- Marked as answer by Jim Glass Jr Tuesday, May 18, 2010 4:13 PM
Monday, May 17, 2010 9:50 AM -
Best Practice for creating new Security Roles is to copy an existing role that was included in the original CRM installation and then tweak the role to meet the secuirty needs. It might be worth your time to go through the installation and take this step for any security role that you created from scratch. It will probably save you and your users a lot of time moving forward.
It is challenging to find all the required minimum settings when creating a new security.
Regards, Donna
        Windows Live Blog
- Proposed as answer by Donna EdwardsMVP Tuesday, May 18, 2010 1:36 PM
- Marked as answer by Jim Glass Jr Tuesday, May 18, 2010 4:13 PM
Tuesday, May 18, 2010 1:35 PM -
I checked his role , and change it for a test with sys admin role.
I can create the entity from new ... but I can't create it using an aspx page in isv
When I use this link, which works for other user :
I've an error :
Error Description:
The specified user is either disabled or is not a member of any business unit.
Error Details:The specified user is either disabled or is not a member of any business unit.
Full Stack:[CrmException: The specified user is either disabled or is not a member of any business unit.] at Microsoft.Crm.BusinessEntities.SecurityLibrary.CheckDisabledStatus(IUser user, IOrganizationContext context) at Microsoft.Crm.BusinessEntities.SecurityLibrary.GetUserInfoInternal(WindowsIdentity identity, IOrganizationContext context, UserAuth& userInfo) at Microsoft.Crm.BusinessEntities.SecurityLibrary.GetCallerAndBusinessGuidsFromThread(WindowsIdentity identity, Guid organizationId) at Microsoft.Crm.Authentication.CrmWindowsIdentity..ctor(WindowsIdentity innerIdentity, Boolean publishCrmUser, Guid organizationId) at Microsoft.Crm.Authentication.WindowAuthenticationProviderBase.Authenticate(HttpApplication application) at Microsoft.Crm.Authentication.AuthenticationStep.Authenticate(HttpApplication application) at Microsoft.Crm.Authentication.AuthenticationPipeline.Authenticate(HttpApplication application) at Microsoft.Crm.Authentication.AuthenticationEngine.Execute(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Other Message:
Error Number: 0x80040225
Source File: Not available
Line Number: Not available
Other information : this is a test environment. I'm testing with an user which as been disabled in the active directory, and activated again for test, I've apply in the active directory the same group as another active user.
Thanks so much for your help
Wednesday, November 10, 2010 9:34 AM -
If i trace one user who is working and this one which doesn't work :
Working :
>MapOrgEngine: Retreived the OrgId[{00000000-0000-0000-0000-000000000000}] for URL[http://vmt-crm4g:5555/ISV/Ascentium/CreateTreatmentCaseFromProfile.aspx?orgname=AlexionPharmaceuticalsInc&userlcid=1033&orglcid=1033&type=3&typename=opportunity&id={4174014F-ECEB-DF11-B622-005056AE151B}].
[2010-11-10 05:24:40.5] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread: 10 |Category: Platform |User: 00000000-0000-0000-0000-000000000000 |Level: Verbose | SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute
at SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at ApplicationStepManager.ResumeSteps(Exception error)
at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
>AUTH: Request [GET http://...:5555/ISV/Ascentium/CreateClientFromOpportunity.aspx?orgname=CRM_Account=1033&orglcid=1033&type=3&typename=opportunity&id={4174014F-ECEB-DF11-B622-005056AE151B}] entered Authentication Pipeline.
[2010-11-10 05:24:40.5] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread: 10 |Category: Platform |User: 00000000-0000-0000-0000-000000000000 |Level: Verbose | AuthenticationPipeline.Authenticate
at AuthenticationPipeline.Authenticate(HttpApplication application)Not Working
>MapOrgEngine: Retreived the OrgId[{00000000-0000-0000-0000-000000000000}] for URL[http://vmt-crm4g:5555/_root/Blank.aspx].
[2010-11-10 05:19:27.6] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread: 19 |Category: Platform |User: 00000000-0000-0000-0000-000000000000 |Level: Verbose | SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute
at SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at ApplicationStepManager.ResumeSteps(Exception error)
at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
>AUTH: Request [GET http://...:5555/_root/Blank.aspx] entered Authentication Pipeline.
[2010-11-10 05:19:27.6] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread: 19 |Category: Platform |User: 00000000-0000-0000-0000-000000000000 |Level: Verbose | AuthenticationPipeline.Authenticate
at AuthenticationPipeline.Authenticate(HttpApplication application)Wednesday, November 10, 2010 12:40 PM -
It looks like my user don't have access to isv folder.
I check security role for this user, but there is no link with that, because I tested with sys admin role and I have the same error. But myself who is sys admin don't have this error, it's like the user is not a member of a active directory group or ....?
Do you know what can I check?
Wednesday, November 10, 2010 12:50 PM -
Another last information, this issue seems to appear just for very old users ...
Wednesday, November 10, 2010 3:09 PM