Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Discovery Service Error - Authentication Problem RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    In my test environment (CRM 2011 On-Prem), I cannot access the discovery service endpoint when the organization name is not in the URL.  This means I cannot configure the email router, etc.  I have read every post I can find and tried what is applicable, but I still get an authorization error (below).

    • I have only 1 http binding, no SSL.
    • The URL I am using exactly matches the Web Addresses in the CRM Deployment Manager
    • Authentication on the website is the default: Anonymous Enabled, ASP.NET Impersonation Enabled, Forms Authentication Disabled, Windows Authentication Enabled (NTLM, Negotiate)
    • I tried re-ordering the windows auth providers with no result
    • I uninstalled crm completely and reinstalled but still have this problem

    WebHost failed to process a request.
     Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/20974680
     Exception: System.ServiceModel.ServiceActivationException: The service '/XRMServices/2011/Discovery.svc' cannot be activated due to an exception during compilation.  The exception message is: Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.. ---> System.NotSupportedException: Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.
       at System.ServiceModel.Activation.HostedAspNetEnvironment.ValidateHttpSettings(String virtualPath, Boolean isMetadataListener, Boolean usingDefaultSpnList, AuthenticationSchemes& supportedSchemes, ExtendedProtectionPolicy& extendedProtectionPolicy, String& realm)
       at System.ServiceModel.Channels.HttpChannelListener.ApplyHostedContext(String virtualPath, Boolean isMetadataListener)
       at System.ServiceModel.Channels.HttpTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
       at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
       at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)
       at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)
       at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
       at System.ServiceModel.ServiceHostBase.InitializeRuntime()
       at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
       --- End of inner exception stack trace ---
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
       at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
     Process Name: w3wp
     Process ID: 2724

    What am I missing?


    • Edited by lambrite Tuesday, April 3, 2012 7:25 PM more info
    Tuesday, April 3, 2012 6:13 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Setting up a URL rewrite rule to bounce to the org-instantiated service allowed me to configure the email router and connect using other SDK tools.
    • Marked as answer by lambrite Wednesday, May 2, 2012 6:57 PM
    Wednesday, May 2, 2012 6:57 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Lambrite,

    Try enabling IIS AppPool authentication.

    In IIS highlight the CRM website and open the Configuration Editor

    Navigate to:  
    system.webServer > security > authentication > windowsAuthentication

    Set useAppPoolCredentials to True

    to configure the email router you normally need to specify the organization, on which screen you typing the url?

    Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

    Tuesday, April 3, 2012 9:46 PM
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    I must have missed the notification for your response, so a belated thank you.

    Unfortunately, this did not work for me.  In the process of configuring the email router, there is no step that asks for the URL without the organization name.  However, when on the third tab, you click Load Data to get the list of users, the second half of the error message I get is "Additionally, this problem can occur if specified access credentials are insufficient...(Metadata contains a reference that cannot be resolved: 'http://server/XrmServices/2011/Discovery.svc?wsdl'.)

    For me, this URL without the orgname doesn't resolve; it gives the error posted above.  This also prevents me from using many of the SDK tools that are available.

    Tuesday, May 1, 2012 9:02 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Lambrite,

    Regarding the authentication: Do you have kernel mode enabled? do you use a service account? is windows authentication enabled in IIS?

    If you want to configure the email router then you need to definitely add a organization name:

    http://crm/org_name

    When you click load users the email router completes the url: http://crm/org_name/XrmServices/2011/Services.svc what happens when you try this url, do you get authentication errors as well?

    Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

    Wednesday, May 2, 2012 12:09 PM
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi, Nrodi.

    I have tried with both Kernal-mode both off and on.  I have tried both a service account and a domain account.  Currently I'm using NETWORK SERVICE to run all CRM services on this box; the application pool is running as a domain account.  Windows authentication is enabled in IIS, and both NTLM and Negotiate are set up as methods; I have tried reordering them as well.

    When I configure the router, I do set an organization name.  When I click Load Data, I get the error described in my second post.  The discovery service does resolve when the orgname is in the URL; it does not resolve when the org name is absent.  The url you gave, ending in .svc, results in a 404 error.

    Thanks.


    Wednesday, May 2, 2012 1:51 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The services.svc I meant:

    Organization.svc and Discovery.svc

    Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

    Wednesday, May 2, 2012 3:08 PM
    Answerer
  • Question
    Sign in to vote
    0
    Sign in to vote
    Setting up a URL rewrite rule to bounce to the org-instantiated service allowed me to configure the email router and connect using other SDK tools.
    • Marked as answer by lambrite Wednesday, May 2, 2012 6:57 PM
    Wednesday, May 2, 2012 6:57 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi lambrite,

    I am having similar problem while connecting outlook crm client to on premise Dynamics CRM 2011. I never succeeded to connect but I can accesss CRM on win7 client through URL in IE.

    After each failed attempt on client side, I can find following error message logged on Dynamics CRM 2011 server. Please help if you have found any solution.

    many thanks.

    WebHost failed to process a request.
     Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/49538252
     Exception: System.ServiceModel.ServiceActivationException: The service '/xxxxx/XRMServices/2011/Discovery.svc' cannot be activated due to an exception during compilation.  The exception message is: Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.. ---> System.NotSupportedException: Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.
       at System.ServiceModel.Activation.HostedAspNetEnvironment.ValidateHttpSettings(String virtualPath, Boolean isMetadataListener, Boolean usingDefaultSpnList, AuthenticationSchemes& supportedSchemes, ExtendedProtectionPolicy& extendedProtectionPolicy, String& realm)
       at System.ServiceModel.Channels.HttpChannelListener.ApplyHostedContext(String virtualPath, Boolean isMetadataListener)
       at System.ServiceModel.Channels.HttpTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
       at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
       at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)
       at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)
       at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
       at System.ServiceModel.ServiceHostBase.InitializeRuntime()
       at Microsoft.Crm.Sdk.V5.DiscoveryServiceHost.InitializeRuntime()
       at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
       --- End of inner exception stack trace ---
       at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
       at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
     Process Name: w3wp
     Process ID: 1788

    Tuesday, October 16, 2012 9:01 PM