Ran IFD tool and e-mail router stopped working RRS feed

  • Question

  • All,
    I have an on-premise deployment. But I have some users that are remote 100% of the time. The answer was to use the IFD deployment tool to update my installation to support the online deployment for those users so that they can hook up with the CRM for Outllook tool on their workstations.

    After doing this update (everything worked perfectly, at least I thought it did); I notice now my event log that I am getting errors from the e-mail router:

    #23379 - Could not verify the version of Microsoft Dynamics CRM at http://<computerhostname>:8091/<orgname>. The request failed with HTTP status 404: Not Found.

    The configuration was perfect until this recent change. I cannot see what is going on after spending a few hours trying various combinations. I suspect it has to do with how the CRM builds the URL in the IFD configuration. But, I don't know what to put into this e-mail router to get it to find the crm service again.

    Please help!! Thanks in advance.

    Tuesday, September 22, 2009 8:58 PM


  • Hi.,
    I had to open a ticket with ms. They got it working...was a combination of security settings because of the new url. On to the next issue.!!

    • Marked as answer by rd_bigdog Wednesday, September 23, 2009 7:45 PM
    Wednesday, September 23, 2009 7:45 PM

All replies

  • Please give a description of your implementation platform,servers,roles and software
    Tiaan van Niekerk http://crmdelacreme.blogspot.com Skype:tiaan.van.niekerk1
    Wednesday, September 23, 2009 3:46 AM
  • Hi,

    when you use IFD you change the authentification from AD authentification to foms based authentification. Be sure, that the server with the e-mail router is in the network you configured in the IFD-Tool, so that he use AD-Authentification.
    Viele Grüße

    Michael Sulz
    axcentro GmbH
    MVP für Microsoft Dynamics CRM
    Wednesday, September 23, 2009 5:51 AM
  • Hi,

    I have one server that is my AD and exchange. I have another server that is my CRM server.
    Both servers are on the same subnet 192.168.0.xxx which was put into the IDF tool as:

    I can't see that there should have been any change to the e-mail router. All internal computers are still accessing CRM with http://computername:8091/

    But, the e-mail router gives a 404. When I change the e-mail router to use the orgname such as http://orgname.domain.com:8091 (orgname was put into DNS as per the IFD doc and works in a browser), I get a 401 unauthorized...so it looks like I am losing the pass through authentication....????
    Wednesday, September 23, 2009 1:02 PM
  • More info...I dug into my IIS logs...interestingly; the router was resolving to my DC computer based on DNS changes that were made and the configuration changes that were made with the IFD tool. So, 404 makes perfect sense. The fix to this ( I thought anyway) was to change my deployment in the e-mail router configuration tool to "online service provider" instead of my company. Then the CRM internal intelligence would detect the requesting IP and determine that it is an in-house computer requesting and resort back to the other computer. Which it did. It is know requesting the correct URL and go to the correct server. So, the 404 is gone.

    New issue (of course there is;). Now, the account that I was using is getting 401: unauthorized. Here is the IIS log.

     2009-09-23 13:47:27 W3SVC2 CHSCRM POST /MSCRMServices/2007/CrmService.asmx - 8091 - HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.3074) - - chscrm:8091 401 5 0 1605 1917 2

    The account that I specified for the deployment is my CRM Administrator account...the one htat gets "First Name Last Name". This is what I've been using since day 1. It is a valid account with e-mail configured and all that....why is it now getting 401!!! I can log in with that account from the internet and the intranet; but e-mail router doesn't...gotta be something with the way the credentials are being passed. My internal deployment is HTTP. My external is HTTPS...

    Any thoughts on this one??? Thanks for your help thus far.
    Wednesday, September 23, 2009 1:57 PM
  • Hi,

    you say that the problem occurred after you have configured the IFD deployment with the configuration tool. Which values do you have entered for 'AD App Root Domain' and 'AD SDK Root Domain'?

    The 401, which you are getting now is imho caused by the authentication strategy which is used for the 'online service provider'. There is another webservice endpoint for the discovery service for 'online service provider' (MSCRMServices/2007/SPLA/CrmDiscoveryService.asmx) as for 'AD' (MSCRMServices/2007/AD/CrmDiscoveryService.asmx).
    I assume it tries to authenticate via AuthenticationType for a SPLA deployment, but because you are calling from you internal network it expects an AD authentication and returns a 401.
    Wednesday, September 23, 2009 2:33 PM
  • Hi,
    I think you are exactly right. I did some testing and it points to exacly that.

    So, the issue obviously now is how to get my e-mail router working...I switched it back to "On Premise" as I need it to be using AD security.

    I am now back to 404. At least I know why it is 404. My AD root domain and AD SDK root are set to <crmserverhostname>:8091. (I did try changing that to some weird values to see what it would do: like blank and just :port -> those didn't work)...

    My e-mail router is on the DC/Exchange box. No matter what I do so far; the CRM is trying to resolve http://crmserver:8091/<orgname> to my domain controller. Based on my settings in the AD root and AD SDK root; I have no idea why it is trying to go to -> domain.com (my internal DC)??? That value is not in the deployment properties anywhere in the sql server either...

    Any thoughts?
    Wednesday, September 23, 2009 3:36 PM
  • Hi,

    where do 'chscrm' or 'crmserver' point to, when you make a nslookup on your dc? If it points to the dc, there is some misconfiguration in your dns.
    Is the DNS-server on your dc also the DNS-server of your external domain?

    The discovery service (the address which you provide at the router configuration) return the appropriate web service endpoint for the requested organization. So there could be two problems:

    - the address for the host of the specified discovery service is resolved to a wrong value
    - the address which is returned by the discovery service is wrong / or is resolved to a wrong value

    Please take a look into the MSCRM_Config database and check the value for 'ADSdkRootDomain' in the table 'DeploymentProperties'

    Just another guess: have you made any changes at the ports after installation? If yes, take a look at this article http://support.microsoft.com/kb/947423
    Wednesday, September 23, 2009 6:57 PM
  • Hi.,
    I had to open a ticket with ms. They got it working...was a combination of security settings because of the new url. On to the next issue.!!

    • Marked as answer by rd_bigdog Wednesday, September 23, 2009 7:45 PM
    Wednesday, September 23, 2009 7:45 PM
  • Hi,

    good to hear you got it working. Was the problem related to SPNs?
    Wednesday, September 23, 2009 8:15 PM
  • Hi,

    Sorry for bothring you. Could you please advise how it was resolved? I have the same problem for a very similar deployment after IFD deployment I got "401: Unauthorized...." error.

    I can return back using IFD and again it works fine. 

    Thank you!

    Thursday, May 13, 2010 12:16 AM