Remove From My Forums

CRM 2011 E-mail Router fails to Load data

Question
0

Sign in to vote

Hi,

i have single server, Microsoft Dynamics CRM 2011 5.0.9688.1533 version on premise (on domain joined Windows Server 2008 R2 Standard), also using SQL 2008 R2 standard server (with SP1). All NT services are running as Local System, and computer is in proper AD groups (privusergroup etc.). I have one CRM organization named "crm". We do not use claims-based auth (we use normal NTLM)

The problem is that when i install CRM 2011 E-mail router and configure it , i can not Load Data from the server, i got error:

The E-mail router configuration manager was unable to retrieve user and queue information from the Microsoft Dynamics CRM server. This may indicate that the Microsoft Dynamics CRM server is busy. Verify that URL "http://mycrm/crm" is correct. Additionaly, this problem can occur if specified access credentials are insufficient. To try again click Load Data. (The caller was not authenticated by the service.)

I have configured Deployment to url: http://mycrm/crm with local system account, and I have tried with mydomain\administrator (domain admin, deployment admin) account also - same error.

When i visit in browser my url http://mycrm/crm i can normally login and work as full crm admin.

All clients use https://crm.mycompany.com/crm/

DNS and IP seetings are correctly configured, also as SSL certificate, and IIS binding.

maybe the connected problem is that i can not login from the local machine using IE to https://crm.mycompany.com/crm but using http://mycrm/crm i can. On remote computers and servers i can use both URLs and login normally. In IE my crm urls are in trusted sites.

server hostname: mycrm and AD domain: mydomain.local

The configuration worked few months ago, but previous IT admins have modified some settings and now this email router does not work. I have also tried to reinstall application.

There is nothing in Event viewer, and CRM trace has lot of stuff and I can not find out what is for for this error.

Thank you for your help, Kind regards
-- Hrvoje Kusulja

Friday, June 15, 2012 3:14 PM

Answers

1

Sign in to vote
Yes, solution is:
- as previously explained KB926642
- adding mydomain\myadmin account to the AD Security Group - "PrivUserGrup"

now I can login as system user or myadmin through my E-Mail router to my crm deplyoment.

Kind regards

-- Hrvoje Kusulja
- Marked as answer by Hrvoje KusuljaMVP Tuesday, June 19, 2012 1:09 PM
- Edited by Hrvoje KusuljaMVP Friday, March 8, 2013 9:08 AM fixes
Tuesday, June 19, 2012 1:09 PM

All replies

0

Sign in to vote
Hi Hrvoje,

When you install the CRM which port you have selected? (5555 or 80)

1. Go to Deployment Manager->Web Address

Check which port is there.

2. Create a registry Key: 'DisableSecureDecryptionKey' in '1' in the regedit in the MSCRM directory.

3. You have also deployed certificate for CRM Site, so make sure to check your organization and discovery services from CRM.

Go to CRM->Settings->Customization->Developer Resources

For more information check the below articles.

http://support.microsoft.com/kb/2501732

http://support.microsoft.com/kb/950248

And also check this thread.

http://social.microsoft.com/Forums/lv-LV/crmdeployment/thread/dd3b7759-629b-4633-bb21-46df0f18385d

Regards,

Khaja Mohiddin
http://www.dynamicsexchange.com
http://about.me/KhajaMohiddin
- Edited by Khaja Mohiddin Friday, June 15, 2012 4:19 PM
Friday, June 15, 2012 4:09 PM
0

Sign in to vote

The Org name is case sensitive.

In CRM, click on the following Settings -> Customizations -> Developer Resources. You will see organization unique name. Does the case of the name match exactly to the org name you are using in the e-mail router in the Deployments tab?
Jason Peterson

Friday, June 15, 2012 7:21 PM
0

Sign in to vote

Hi, yes, it is lowercase "crm" exactly as I type in E-Mail router. I will try also what Khaja written. Thank you
-- Hrvoje Kusulja

Saturday, June 16, 2012 4:42 PM
0

Sign in to vote

Hi,

I am not sure about install, since i did not installed it.

However, in IIS, there are two bindings in IIS , https on 443, to name crm.mycompany.com using my wildcard certificate *.mycompany.com that we bought from Thawte CA. Certificate is of course trusted by default from all client computers and servers. And one http 80 without specified header name (all sites). I have also tried with deleted binding 80, no resolults.

in deployment manager on properties>web addresess, there is selected HTTPS as binding type, with all same names (crm.mycompany.com). thare are no settings used in Advanced (NBL and SSL header information).

On CRM Site under Deeloper Resources, there is organization unique name, lowecarse "crm", and all (discovery, organization and organization data) service has ursl beginning with https://crm.mycompany.com

I have also added DisableSecureDecryptionKey DWORD key with value '1', done iisreset and tried to connect using http and/or https, still no success

Regarding to KB2501732:
- i do not have error that is specified in this kb
- i have tried to have only one iis binding (https, 443, crm.mycompany.com) and settings in crm deployment manager are correct

- finally i have removed all other bindings (http) and leaved only one https://crm.mycompany.com as active, and all users access it and e-mail router is also accessing it.

Regarding to KB950248:
- i do not have error that is specified in this kb
- this applies only to crm 4.0 i have crm 2011
- query SELECT Id, ColumnName, NvarCharColumn From DeploymentProperties WHERE ColumnName IN ('ADSdkRootDomain','ADWebApplicationRootDomain') , returns two rows with same right nvcharcolumn = crm.mycompany.com
- i did try to restart all nt services, iisreset and whole server

Again, my error is:

(The caller was not authenticated by the service.)

Maybe the problem is somewhere else, i also have a problem, when i login to CRM server using RDP, run IE9 , and visit https://crm.mycompany.com/crm , i get login window and i can not login (just ask for another login) with my account "mydomain\myadmin" and then i get error Error 401.1 - You do not have permission to view this directory or page using the credentials that you supplied.

Module:WindowsAuthenticationModule
Notification:AuthenticateRequest
Handler:PageHandlerFactory-ISAPI-4.0_64bit
Error Code:0xc000006d
Requested URL:https://crm.mycompany.com:443/crm/default.aspx
Physical Path:C:\Program Files\Microsoft Dynamics CRM\CRMWeb\crm\default.aspx
Logon Method:Not yet determined
Logon User:Not yet determined

The account is local admin on crm server, have full permission on sql server and is crm deployment administrator, also has assigned all roles on crm organization.

However when i visit this url from other computers inside or outside my network, i can normaly loggin to my crm web site and have all permissions.
-- Hrvoje Kusulja

Saturday, June 16, 2012 5:16 PM
0

Sign in to vote

Just to answer to my own problem regarding to login to CRM web site from local server.

I have added DisableLoopbackCheck with value 1 at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. And now I can login from the crm server to my https://crm.mydomain.com/crm url. As descibed in http://support.microsoft.com/kb/926642

Now from E-Mail router, i got different error, ending with: Please select an account that is a member of the PrivUserGroup security group and try again.

Under E-Mail router, deployment configuration, i have tried using my Local System Account and with mydomain\myadmin account with password - same error.

In my AD domain (mydomain.local), I have few PrivUserGroup (with different GUIDs, maybe somewhere else exists some other CRM dev servers, but it does not matter), i have checked one group and there is added computer account - mycrm (crm server), so do not understand why is this error shown.
-- Hrvoje Kusulja

Saturday, June 16, 2012 6:06 PM
0

Sign in to vote

Hrvoje,

The account you need to use must be an account that has CRM permissions to read queues and user settings.

Can you confirm your domain\administrator account is set up in CRM? if not, use an account that has permissions in CRM I would start with an account with sys admin permissions.

With regards to the groups, make sure your Email router server is also listed on the PrivUserGroup.

Hope this helps
Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

Saturday, June 16, 2012 10:16 PM

Answerer
0

Sign in to vote

Hi nrodri,

I do not have access to full Enterprise domain admin (mydomain\administrator) account, however my account, mydomain\myadmin1, is part of local administrators group on the server, have a full sql permissions and is part of crm deployment administrators, also has all system roles assigned inside my crm organization.

My Email router service is installed on the same server and it is running as system user, so nothing to be added to PrivUserGroup
-- Hrvoje Kusulja

Tuesday, June 19, 2012 1:08 PM
1

Sign in to vote
Yes, solution is:
- as previously explained KB926642
- adding mydomain\myadmin account to the AD Security Group - "PrivUserGrup"

now I can login as system user or myadmin through my E-Mail router to my crm deplyoment.

Kind regards

-- Hrvoje Kusulja
- Marked as answer by Hrvoje KusuljaMVP Tuesday, June 19, 2012 1:09 PM
- Edited by Hrvoje KusuljaMVP Friday, March 8, 2013 9:08 AM fixes
Tuesday, June 19, 2012 1:09 PM
0

Sign in to vote

Thanks for this. I have had the same issue, and KB926642 solved my problem!
Mastex Software www.mastex.nl

Thursday, March 7, 2013 1:29 PM

Answered by:

CRM 2011 E-mail Router fails to Load data

Question

Answers

All replies