Remove From My Forums

Random Duplicate Windows Authentication Request

Question
0

Sign in to vote
Hey all,

Since about the time UR8 was installed on our client's server a few months ago, we've been plagued by intermittent, random Windows Authentication Request; a logi request that pops up when the user is logged into CRM. This client has multiple org's, and the problem strangely enough goes away if we give a user a login to all org's. For business reasons, that is not a solution, so I'm hoping somebody has found this before and can give us a hand.

We haven't had a need for reports yet, and so the reporting server has never been properly set up. Users are using HTTPS to access the CRM servers, although deployment manager says CBA is NOT configured (nor is IFD)... Hopefully these hints will enable somebody well-versed in IIS secruity to come to the rescue...

Each time a user gets this authentication request, a log entry is generated in the Event Viewer similar to the following. Any ideas greatly appreciated, thanks in advance,

Dave

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 10/10/2012 8:43:12 AM
Event time (UTC): 10/10/2012 3:43:12 PM
Event ID: 25cf213e7a5b4ecfb07481ab57efbdfe
Event sequence: 18393
Event occurrence: 11
Event detail code: 0

Application information:
    Application domain: /LM/W3SVC/2/ROOT-1-129943447460422753
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\
    Machine name: <Our IIS Server Name, removed>

Process information:
    Process ID: 5460
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE

Exception information:
    Exception type: CrmException
    Exception message: The specified user is either disabled or is not a member of any business unit.
   at Microsoft.Crm.BusinessEntities.SecurityLibrary.CheckDisabledStatus(IUser user, IOrganizationContext context)
   at Microsoft.Crm.BusinessEntities.SecurityLibrary.GetUserInfoCommon(IOrganizationContext context, Guid userGuid, LocatorServiceContext locatorServiceContext)
   at Microsoft.Crm.BusinessEntities.SecurityLibrary.GetCallerAndBusinessGuidsFromThread(WindowsIdentity identity, Guid organizationId, LocatorServiceContext locatorServiceContext)
   at Microsoft.Crm.Authentication.CrmWindowsIdentity..ctor(WindowsIdentity innerIdentity, Boolean publishCrmUser, Guid organizationId)
   at Microsoft.Crm.Authentication.WindowsAuthenticationProviderBase.Authenticate(HttpApplication application, WindowsIdentity userIdentity)
   at Microsoft.Crm.Authentication.AuthenticationStep.Authenticate(HttpApplication application)
   at Microsoft.Crm.Authentication.AuthenticationPipeline.Authenticate(HttpApplication application)
   at Microsoft.Crm.Authentication.AuthenticationEngine.Execute(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Request information:
    Request URL: <a href="https:///AppWebServices/MetricsReportingService.asmx/Report">https://<our company org and :port>/AppWebServices/MetricsReportingService.asmx/Report
    Request path: /AppWebServices/MetricsReportingService.asmx/Report
    User host address: 12.169.218.... <removed>
    User: <DomainName\LoginName removed...
    Is authenticated: True
    Authentication Type: Negotiate
    Thread account name: NT AUTHORITY\NETWORK SERVICE

Thread information:
    Thread ID: 134
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Is impersonating: True
    Stack trace:    at Microsoft.Crm.BusinessEntities.SecurityLibrary.CheckDisabledStatus(IUser user, IOrganizationContext context)
   at Microsoft.Crm.BusinessEntities.SecurityLibrary.GetUserInfoCommon(IOrganizationContext context, Guid userGuid, LocatorServiceContext locatorServiceContext)
   at Microsoft.Crm.BusinessEntities.SecurityLibrary.GetCallerAndBusinessGuidsFromThread(WindowsIdentity identity, Guid organizationId, LocatorServiceContext locatorServiceContext)
   at Microsoft.Crm.Authentication.CrmWindowsIdentity..ctor(WindowsIdentity innerIdentity, Boolean publishCrmUser, Guid organizationId)
   at Microsoft.Crm.Authentication.WindowsAuthenticationProviderBase.Authenticate(HttpApplication application, WindowsIdentity userIdentity)
   at Microsoft.Crm.Authentication.AuthenticationStep.Authenticate(HttpApplication application)
   at Microsoft.Crm.Authentication.AuthenticationPipeline.Authenticate(HttpApplication application)
   at Microsoft.Crm.Authentication.AuthenticationEngine.Execute(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Custom event details:
- Moved by Andrii ButenkoMVP, Moderator Friday, October 12, 2012 7:27 AM (From:CRM)
Wednesday, October 10, 2012 5:21 PM

All replies

0

Sign in to vote

Hi,

Please check the IIS authentication type, do you have Windows Authentication enabled?

Check to the Application Pool authentication.

Kind Regards,

Pedro Airo

Wednesday, October 24, 2012 8:45 AM
0

Sign in to vote

I've also go this problem. did you find a solution?

Monday, November 12, 2012 10:28 PM
0

Sign in to vote

Phil,

We found a workaround, but not a real solution. We are actually building out new servers and setting up CBA and IFD on them for our https access (one theory: https without CBA not working too well). We have multiple tenants on one IIS/CRM Server, and our workaround is a strange one: by adding a user with a security role to EACH tenant on the server, the multiple authentication prompts have gone away... (We're also getting an error pointing to some reporting asmx, and our reporting has never been fully built out, so we're doing that this time too.) I will update it if the new server install worked, without the kludge of adding users everywhere. (We also built these servers from Beta up, and were wondering if some old Beta bits were causing problems..)

Please let me know if any of these scenarios sound like a match (I'm particularly interested if you started from Beta; have multiple tenants; use https without CBA; or don't have reporting set up)... Thanks,

Dave

Monday, November 12, 2012 11:51 PM
0

Sign in to vote

I'm having problems having to authenticate 3 times (sometimes) - and references to this link in the event log:

Request URL: http://my-server/AppWebServices/MetricsReportingService.asmx/Report

Friday, November 16, 2012 2:59 AM
0

Sign in to vote

Yep, Phil, that's one of em... Very strange...

Do you have nultiple org's in your company?

Friday, November 16, 2012 5:52 AM
0

Sign in to vote

Yes this is on a development server with multiple orgs

Sunday, November 18, 2012 7:26 PM
0

Sign in to vote
I found this page http://marcellotonarelli.wordpress.com/2010/02/02/crmdiscoveryservice-asmx-not-found-error-when-installing-crm-4-0-outlook-client-for-enterprise-edition/ which seems to talk about a similar problem

So I'm trying this:

on the application server:

go to C:\Program Files\Microsoft Dynamics CRM\CRMWeb

find the MSCRMServices directory and copy it

copy to C:\inetpub\wwwroot\crmweb

I'm a bit confused about the crmweb directory/website. There isn't one on my production server (but you seem to have one). I have a couple of ASP.Net applications hanging of this site on my development server. However my production environment has a single organisation (and doesn't have the problem). I'll watch the error logs to see if the problem reappears, however the user that always seems to trigger the problem isn't here today...

Update: this didn't solve the problem
- Edited by Phil98765 Tuesday, November 20, 2012 9:45 PM update
Sunday, November 18, 2012 10:28 PM

Asked by:

Random Duplicate Windows Authentication Request

Question

All replies