CRM 2015 UR0.2 - MSCRMSandboxService - Access Denied RRS feed

  • Question

  • Hi Everyone,

    I have a problem with a service that is getting an Access Denied. In UAT the installation is working correctly, the production one instead is failing. The installations are mirrored, so the same configuration applies to both UAT and PROD, I have user separation, but the AD names are pretty much the same besides UAT or PROD.

    This is the event viewer error:

    Sandbox Host - Access Denied.

     Host: PROD (correct server name)
     User: APPLICATION_POOL_USER (correct application pool user)

    This is the stack trace:

    Access Denied. Reference number for administrators or support: #8C554168: APPLICATION_POOL_USER is not in PrivUserGroup

    I checked this settings million times and the user is definitively there, i went as far as getting the GUID from the database to check if the ADGroup was wrong (custom ones are in place). I tried to remove and re-add the user to the PrivUserGroup, but nothing changed. I checked all the SPNs for all the service accounts, and I modify the ones that were a little bit off, still the error persist. Is there a manual tweak or check that i can perform manually to confirm that the permissions are set correctly?

    Best Regards 

    Wednesday, October 26, 2016 6:15 AM