locked
invalid user authorization - the user authentication passed to the platform is not valid RRS feed

  • Question

  • Hi

    Can someone help me with the following error message appearing  occasionally for all the CRM users , they cannot login in to the application and not even the administrator account , our production server specs are windows 2008 , 64 bit , roll ups 1 through 12 and SQL server 2008 R2.

    "Invalid user authorization - the user authentication passed to the platform is not valid" . This happened the the day we went live and it has happened again today , Once we restarted the server CRM came up but it cannot be the permanent  solution , can somebody help us with this issue

     

    Monday, December 20, 2010 10:16 AM

Answers

  • At first glance the status 401: Unauthorized looks like a authentication issue.

    Remember that even if the application and the SQL server were on the same server you can still get these, since authentication is not local to the server but rather to network.

    As for page pools and memory, the event log will only reveal symtoms and you will have to use task manager |Processes to view handles/page pools.   Use the View option Processes to expand the viewable process types.

     

     


    Curtis J Spanburgh
    • Proposed as answer by Jim Glass Jr Wednesday, January 5, 2011 11:06 PM
    • Marked as answer by Donna EdwardsMVP Friday, January 7, 2011 7:44 PM
    Wednesday, December 29, 2010 1:18 PM
    Moderator
  • In addition to the things Curt is provided for troubleshooting, can you use a domain login for the Async service log in  account.  I'll assume your using Local or Network service for now.  Just give it a try and let's see what happens.  Even if you are not able to continue using it at least it might narrow down the issue for us.

    Also, on your SQL box, check the error log there and see which log in account is getting denied service.  See if you have any errors there that can point you in the right direction.


    Regards, Donna

    • Proposed as answer by Jim Glass Jr Wednesday, January 5, 2011 11:06 PM
    • Marked as answer by Jim Glass Jr Friday, January 7, 2011 6:22 PM
    Wednesday, December 29, 2010 1:47 PM

All replies

  • It appears that CRM is not the problem but the road it's built on.

    The logs should tell you how authentication is being lost.

    IF I understand correctly, the application server and the SQL server are on the same server?

    The reboot fixing the issue could from where I sit indicate several things. 

    Often a sql server will have a memory leak in the page pool  and non page pool memory pools. Often resulting from excessive counters by a errant piece of code from another application.

    Or there is an issue with the application pool that is being used by the CRM application to authenticate to the OU and it's subgroups in the AD LDAP database.

    A careful look at the logs in AD , SQL Server and CRM should indicate more.

     


    Curtis J Spanburgh
    Monday, December 20, 2010 4:32 PM
    Moderator
  • In addition to Curt's direction, chances are the async service is shutting down.  Rather than a reboot, next time it happens, take a look at the async or SQL services and see if they are running.  Follow Curt's advice to get to the root cause.


    Regards, Donna

    Monday, December 20, 2010 5:48 PM
  • Hi thanks for the reply , this issue came up again the second time in the span of 10 days and i noticed the crm ansyc services has stopped. so i got the log file from event viewer which is below , can somebody throw some light on it ?

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="MSCRMAsyncService" />
      <EventID Qualifiers="49152">17411</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2010-12-26T08:42:14.000000000Z" />
      <EventRecordID>5464</EventRecordID>
      <Channel>Application</Channel>
      <Computer>XXXXXXXXXXX</Computer>
      <Security />
      </System>
    - <EventData>
      <Data>CRMSVR1</Data>
      <Data>System.Net.WebException: The request failed with HTTP status 401: Unauthorized. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.Crm.SdkTypeProxy.CrmService.Execute(Request Request) at Microsoft.Crm.Asynchronous.SdkTypeProxyCrmServiceWrapper.Execute(Object request) at Microsoft.Crm.Asynchronous.IndexInfo.GetQueryExpressionFromFetchXml(String fetchXml, ICrmService crmService) at Microsoft.Crm.Asynchronous.IndexInfo.PopulateSavedQueryAttributes(String fetchXml) at Microsoft.Crm.Asynchronous.IndexManagementOperation.AddToIndexCollection(CrmDbConnection connection, IndexInfo index) at Microsoft.Crm.Asynchronous.IndexManagementOperation.DoIndexManagement(Guid organizationId) at Microsoft.Crm.Asynchronous.IndexManagementOperation.InternalExecute(AsyncEvent asyncEvent) at Microsoft.Crm.Asynchronous.AsyncOperationCommand.Execute(AsyncEvent asyncEvent) at Microsoft.Crm.Asynchronous.JobManager.ProcessAsyncJob(AsyncJob asyncJob) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading._ThreadPoolWaitCallback.PerformWaitCallbackInternal(_ThreadPoolWaitCallback tpWaitCallBack) at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state)</Data>
      </EventData>
      </Event>

    Wednesday, December 29, 2010 6:48 AM
  • Hi thanks for the reply

    1.Application server and SQL server are on the different servers , two box implementation with SAN server and  users hooked up from corporate AD(separate server)

    2.You also pointed out to memory leak and pagepool and non page pool memory pools , will there be any logs generated on this which i could check ?

    3.I noticed on CRMappPool that it uses network service account as Identity , do you think it should domain administrator accout from AD?

    Wednesday, December 29, 2010 6:54 AM
  • You can use network service on the application pool. That is a local account and it represents the machine account in the sub groups of the OU you chose during deployment. Look at your SQL logs as well. On SANs I have encountered at different client sites breaks in the communication between servers and the logical drives on the SAN. I both instances it turned out to be "recommended" hardware from the SAN vendor. One issue had us going for weeks.
    Curtis J Spanburgh
    Wednesday, December 29, 2010 1:11 PM
    Moderator
  • At first glance the status 401: Unauthorized looks like a authentication issue.

    Remember that even if the application and the SQL server were on the same server you can still get these, since authentication is not local to the server but rather to network.

    As for page pools and memory, the event log will only reveal symtoms and you will have to use task manager |Processes to view handles/page pools.   Use the View option Processes to expand the viewable process types.

     

     


    Curtis J Spanburgh
    • Proposed as answer by Jim Glass Jr Wednesday, January 5, 2011 11:06 PM
    • Marked as answer by Donna EdwardsMVP Friday, January 7, 2011 7:44 PM
    Wednesday, December 29, 2010 1:18 PM
    Moderator
  • In addition to the things Curt is provided for troubleshooting, can you use a domain login for the Async service log in  account.  I'll assume your using Local or Network service for now.  Just give it a try and let's see what happens.  Even if you are not able to continue using it at least it might narrow down the issue for us.

    Also, on your SQL box, check the error log there and see which log in account is getting denied service.  See if you have any errors there that can point you in the right direction.


    Regards, Donna

    • Proposed as answer by Jim Glass Jr Wednesday, January 5, 2011 11:06 PM
    • Marked as answer by Jim Glass Jr Friday, January 7, 2011 6:22 PM
    Wednesday, December 29, 2010 1:47 PM
  • I can not log on as administrator to the CRM. I always get the message:

    Invalid User Authorization
    The user authentication passed to the platform is not valid.

    Pls help me. Thanx

    Michal
    Thursday, March 10, 2011 10:52 AM
  • If you look in the application log of the event viewer on the crm server machine, you might find a more helpful error message.  YOu can also turn on dev errors and get a more detailed message.  I've seen this occur for several reasons: it was a trial install and the trial period expired, some change was made to the login account so it is no longer valid, there is a bad login account in the windows accounts on the user machine, etc. 

    Regards, Donna

    Thursday, March 10, 2011 1:01 PM