CRM 2011: Connect to CRM Server: The caller was not authenticated by the service.

All replies

• 

  

  0

  Sign in to vote

  no idea?

  Tuesday, December 4, 2012 6:19 PM
• 

  

  0

  Sign in to vote

  really anyone?

  thanks for support
  

  • Edited by CRMBE Thursday, December 6, 2012 3:56 PM

  Thursday, December 6, 2012 8:05 AM
• 

  

  0

  Sign in to vote

  Hi CRMBE,

  you say "no domain" that's the problem, you can't install CRM under a server joined to a workgroup domain, CRM is tightly integrated into Active Directory.

  ---

  Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

  Thursday, December 6, 2012 5:01 PM

  Answerer
• 

  

  0

  Sign in to vote

  thanks for the answer!

  of course are the user in an ad, but the computers haven't joined to the domain. so two users exist and thats solved with a custom user logon on the existing account. that's no problem. I did that several times, so this is not the problem. Must be something with the authentication....

  Thursday, December 6, 2012 8:53 PM
• 

  

  0

  Sign in to vote

  you can't install CRM 2011 on a workgroup domain, the server must be a member of an AD domain

  http://msdn.microsoft.com/en-us/library/hh699671.aspx

  The computer on which Microsoft Dynamics CRM 2011 is running must be a domain member in a domain that is running in one of the following Active Directory directory service domain modes:

  • Windows 2000 Mixed
  • Windows 2000 Native
  • Windows Server 2003 Interim
  • Windows Server 2003 Native
  • Windows Server 2008 Interim
  • Windows Server 2008 Native

  ---

  Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

  • Proposed as answer by nrodriEditor Thursday, December 6, 2012 10:00 PM
  • Unproposed as answer by nrodriEditor Friday, December 7, 2012 9:25 AM

  Thursday, December 6, 2012 10:00 PM

  Answerer
• 

  

  0

  Sign in to vote

  Thanks.

  Of course is the server an active directory server with a domain, but the clients aren't in that domain. CRM works perfectly with the browser but not with Outlook Client.

  Friday, December 7, 2012 7:15 AM
• 

  

  0

  Sign in to vote

  Hello Forum

  Unfortunately, the problem is not yet solved. Still the same. I summarize again:

  CRM 2011 onprem (DC) with CRM user (in AD), the clients are just in a workgroup and not joined to the domain (domain credentials have been set locally). The CRM server is hosted externally and the connection has a site to site VPN (no software required on the clients). Webclient works perfectly, but the connect with outlook client cannot connect. Any hints for that?

  Thanks a lot!

  Thursday, December 27, 2012 1:33 PM
• 

  

  0

  Sign in to vote

  anyone? no idea or hint?
  

  • Edited by CRMBE Monday, December 31, 2012 2:05 PM

  Thursday, December 27, 2012 7:29 PM
• 

  

  0

  Sign in to vote

  Hi CRMBE,

  If the scenario is :

  you have a CRM 2011 server - joined to an Active directory domain , and you are trying to configure OL client from a client machine not joined to the domain ,

  what you see is expected behavior.

  When the CRM outlook client tries to connect to the server , if accesses the discovery service endpoint over anonymous auth.

  There , it reads a similar information :

   - <wsdl:service name="DiscoveryService">

  - <wsdl:port name="CustomBinding_IDiscoveryService" binding="i0:CustomBinding_IDiscoveryService">

    <soap12:address location="https://xaptcrm.newfrontier.eu/XrmServices/2011/Discovery.svc" />

  - <wsa10:EndpointReference>

    <wsa10:Address>https://xaptcrm.newfrontier.eu/XrmServices/2011/Discovery.svc</wsa10:Address>

  - <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">

    <Upn>domain\service</Upn>

    </Identity>

    </wsa10:EndpointReference>

    </wsdl:port>

    </wsdl:service>

    </wsdl:definitions>

  The client is expected to get a Kerberos ticket to the CRM appPool account  , pack it into an XML and send it to the CRM server and authenticate itself , to receive any organization specific data .

  if your client is not joined to the domain , you will never obtain the kerb ticket - causing the failure.

  The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

  
  

  • Edited by Alengeo Friday, January 4, 2013 12:27 PM
  • Marked as answer by CRMBE Wednesday, January 9, 2013 7:20 AM
  • Unmarked as answer by CRMBE Wednesday, January 9, 2013 5:02 PM

  Friday, January 4, 2013 12:26 PM
• 

  

  0

  Sign in to vote

  Thanks Alen!

  The error no longer appears after screwing on Windows Authentication (Kerberos).

  Wednesday, January 9, 2013 7:20 AM
• 

  

  0

  Sign in to vote

  We solved the issue without Domain Join or IFD.

  The solution is as follows:

  - Local Hosts Entry with Server Name

  - Equal Username and Passwort in AD and Local Users

  - URL Entry in Local Intranet of IE

  Hope it works for you too!

  Cheers

  • Marked as answer by CRMBE Wednesday, January 9, 2013 5:02 PM

  Wednesday, January 9, 2013 5:02 PM