locked
IFD + On Premise.... IFD ok, but On-Premise not working RRS feed

  • Question

  • **** Please read all posts below as this problem has changed slightly (Thanks)****


      Hi,

    I'm using CRM 4.0 on Server 2008 and we are trying to use IFD. I've read that we need to be using SPLA rather than AD when using the CrmService (can anyone confirm this?). When trying to use the DiscoveryService I have had a problem where Server 2008 uses IPv6 addresses, so I put the server name in the Host file with the my local address and that seemed to get rid of the "Request IP Address has different address family from network address." message. But i'm still getting "Operation is not valid due to the current state of the object." when trying to create a web reference.

    I'm not sure what other information will help so will answer any questions.

    Phil

    Below is the code I'm using to get the CrmServer On Premise that works fine:

    private CrmService GetCrmService(HttpContext httpContext)  
            {  
                string organisationName = httpContext.Request.QueryString["OrgName"];  
                if (organisationName == null)  
                    organisationName = "defaultorg";  
                CrmService crmService;  
                CrmAuthenticationToken token;  
     
                if (httpContext.Request.Url.IsDefaultPort == true)  
                {  
                    token = CrmAuthenticationToken.ExtractCrmAuthenticationToken(httpContext, organisationName);  
                }  
                else  
                {  
                    token = new CrmAuthenticationToken();  
                }  
     
                token.OrganizationName = organisationName;  
                token.AuthenticationType = AuthenticationType.AD;  
                crmService = new CrmService();  
                crmService.Url = BuildCrmServiceUrl();  
                crmService.CrmAuthenticationTokenValue = token;  
                crmService.Credentials = System.Net.CredentialCache.DefaultCredentials;  
                return crmService;  
            } 
    • Edited by PhilAC Monday, February 9, 2009 2:23 PM
    Tuesday, February 3, 2009 10:36 AM

Answers

  • It seems as though this is the problem:

    When hosting CRM 4.0 in IFD + On-Premise mode (using the IFD Tool) on Windows Server 2003 or 2008, users may see messages stating that you are unauthorised to view the pages and are unable to use On-Premise authentication. This includes not been able to use the IFD Tool, CRM Plugin Registration Tool and Microsoft CRM Demonstration Tools.
     
    Solution
     
    This may be caused by default security settings on these platforms. By default the loopback check is enabled and can cause problems as described above. This is solved by changing the below registry setting to 1:
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck

     
    If not present, create as new DWORD value and set to 1.
    • Marked as answer by PhilAC Tuesday, April 14, 2009 1:35 PM
    Tuesday, April 14, 2009 1:34 PM

All replies

  •  The following code snippet might be useful. Please try this and let me know how it goes -
            // Initialize an instance of the CrmDiscoveryService Webservice proxy.     
            CrmDiscoveryService disco = new CrmDiscoveryService();     
            disco.Url = server + "/MSCRMServices/2007/SPLA/CrmDiscoveryService.asmx";     
        
            //Retrieve a list of available organizations.     
            RetrieveOrganizationsRequest orgRequest =     
                new RetrieveOrganizationsRequest();     
            orgRequest.UserId = domain + "\\" + username;     
            orgRequest.Password = password;     
            RetrieveOrganizationsResponse orgResponse =     
                (RetrieveOrganizationsResponse)disco.Execute(orgRequest);     
        
            //Find the desired organization.     
            foreach (OrganizationDetail orgdetail in orgResponse.OrganizationDetails)     
            {     
                //organization = organization that we need to connect to  
               if (orgdetail.OrganizationName == organization)       
                {     
                    //Retrieve the ticket.     
                    RetrieveCrmTicketRequest ticketRequest = new RetrieveCrmTicketRequest();     
                    ticketRequest.OrganizationName = organization;     
                    ticketRequest.UserId = domain + "\\" + username;     
                    ticketRequest.Password = password;     
                    RetrieveCrmTicketResponse ticketResponse =     
                        (RetrieveCrmTicketResponse)disco.Execute(ticketRequest);     
        
                    //Create the CrmService Web service proxy.     
                    CrmAuthenticationToken sdktoken = new CrmAuthenticationToken();     
                    sdktoken.AuthenticationType = 2;     
                    sdktoken.OrganizationName = organization;     
                    sdktoken.CrmTicket = ticketResponse.CrmTicket;     
        
                    CrmService = new CrmService();     
                    CrmService.CrmAuthenticationTokenValue = sdktoken;     
                    CrmService.Url = orgdetail.CrmServiceUrl;     
        
                    WebApplicationUrl = orgdetail.WebApplicationUrl;     
                    OrganizationId = orgdetail.OrganizationId;     
        
                    break;     
                }     
            }     
     
    • Proposed as answer by Maruf Tuesday, February 3, 2009 2:51 PM
    • Unproposed as answer by PhilAC Monday, February 9, 2009 2:18 PM
    Tuesday, February 3, 2009 2:50 PM
  • Hi,

    It seems there are other problems.

    I've setup my CRM 4.0 server with the IFD tool so that it's using IFD+On-Premise and the IFD Internal Network Address is the server IP (The server is my local machine, so I set it to my IP address). On-premise does not work for me. If I change the IP slightly so that it thinks i'm always external, I get the sign-in page and it works fine browsing. So, that's the first problem.
    The second, which I think is directly connected to this, is that if I try and use the Plug-in Registration Tool I get a 401: Unauthorised when it's trying to use the discovery services to get the organizations?

    Why would On-Premise not work when using IFD + On-Premise? I'm using Server 2008 (I have already installed Rollup 2).

    Thanks
    Monday, February 9, 2009 12:03 PM
  • It seems as though this is the problem:

    When hosting CRM 4.0 in IFD + On-Premise mode (using the IFD Tool) on Windows Server 2003 or 2008, users may see messages stating that you are unauthorised to view the pages and are unable to use On-Premise authentication. This includes not been able to use the IFD Tool, CRM Plugin Registration Tool and Microsoft CRM Demonstration Tools.
     
    Solution
     
    This may be caused by default security settings on these platforms. By default the loopback check is enabled and can cause problems as described above. This is solved by changing the below registry setting to 1:
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck

     
    If not present, create as new DWORD value and set to 1.
    • Marked as answer by PhilAC Tuesday, April 14, 2009 1:35 PM
    Tuesday, April 14, 2009 1:34 PM