locked
Installation issue Dynamics CRM 2011 RRS feed

  • Question

  • Here is my setup:

    Domain controllers: Windows 2000 SP4

    Machine that has CRM 2011: Windows 2008 Enterprise successfully joined to W2K domain, SQL Server 2008 R2, Sharepoint Server 2007

    When the installer does a systems check i get 2 errors which are the same:

    The Kerberos subsystem encountered an error. A service for user protocol request was made against a domain controller which does not support service for user.

    I cannot get past it.  Please help.

    Here is a security log entry from W2K domain controller:

    Event Type:    Failure Audit
    Event Source:    Security
    Event Category:    Account Logon
    Event ID:    675
    Date:        7/15/2011
    Time:        11:05:19 AM
    User:        NT AUTHORITY\SYSTEM
    Computer:    FS-SERVER
    Description:
    Pre-authentication failed:
         User Name:        crm
         User ID:        FUTURESTEEL\crm
         Service Name:        krbtgt/FUTURESTEEL.LOCAL
         Pre-Authentication Type:    0x0
         Failure Code:        0x19
         Client Address:        192.168.80.6
     

    Friday, July 15, 2011 3:23 PM

All replies

  • Did you ever get this resolved?  I am having the same issue.

    Thanks,
    Richard


    Richard Weck Harris Technology
    Monday, August 1, 2011 7:27 PM
  • Do suggestions from this post http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/8dc1c6a1-e9e5-42f5-b88a-1cf39a7e3893/ solve your problems? Are there any other domain controllers in your network?
    -- Kuba Skałbania, Netwise
    Tuesday, August 2, 2011 8:20 PM
  • I resolved it by not using a domain account, but i used the network services account.  See, the thing is this.  Windows 2000 doesn't support S4U kerberos authentication.  With the help of wireshark (filter on kerberos) i did manage to get rid of the kerberos errors that came up in the event viewer on the domain server.  I also added SPNs for the box that runs my crm.  The only way to get it to work is to upgrade your domain to 2003 server or upgrade the domain functional level to 2003.  I would strongly recommend doing a full backup in case something goes wrong.  I didn't go that route. 

    We have 2 domain controllers running W2K server, and i'm not about to go in and upgrade them.  I just want my CRM to run flawlessly. 

    Here is how i got around the error did it and how i managed to get my reports to work with fetch XML and regular sql queries.  After 2 clean installs i was about to give up.

    1.  Install sql server - don't configure the reporting services.  Just install.

    2.  Install crm dynamics.  Use the local service account "network services" to run the CRM services.  If you are running sharepoint as your main site, then create a new site.  Default port is 5555.  If you want to uninstall crm dynamics, it doesn't release port 5555 until you stop reporting services on sql server.  Wierd.

    3.  Configure your reporting server.  Don't use the same port as CRM cause you'll get naming violation errors when your run any report (i think this is where SPNs are needed so that it can login to your crm to get the data when you create a custom report).  In my example i used port 6565 because when i was running the install for crm reporting extensions it told me that port 5555 was taken.  When i turned off the report server, the installation validated.  So thats why i changed the ports on the report server.

    Follow the usual process, but change your ports whatever you picked.

    Go into your CRM deployment administrator and check that the report server was registered under the same port as the sql reporting services.  If not, disable the organization and then go into properties to make the changes, then enable the organization. 

    Install reporting extensions.  Install report authoring extensions.  That's it. 

    Adding SPNs:

    1.  Start run -> ADSI.MSC

    2.  Find the name of the computer that is running the CRM.

    3.  Right click on the computer and select the properties. 

    4.  Find the property called "setprovidername".

    Add your SPNS.  Here is a good article for reference (http://rc.crm.dynamics.com/rc/regcont/en_us/op/articles/configurespn.aspx)

    but basically all you need to do is remove. (replace the variables to match your settings)

    HTTP/CRM

    HTTP/CRM.yourdomain.whatever

    And add:

    HTTP/CRMAppServer:5555

    HTTP/CRMAppServer.cont:5555

    HTTP/CRM

    HTTP/CRM.contoso.com

     

    Wednesday, August 3, 2011 3:20 AM