CRM 2011 - New server/front end installation with current back end; Multiple servers with IFD and Claims-based Authencation RRS feed

  • Question

  • We have a test CRM server which is currently set up successfully for claims-based authentication and internet-facing deployment (IFD).  We are trying to set up our Production environment on a new CRM server and to point to all the existing instances of SQL, Report server, etc.  However, during setup, we receive this error:

    "the encryption certificate cannot be accessed by the crm service account..."


    Does anyone know how to help with this error?  Also, why isn't there documentation for setting up multiple CRM servers in the Implementation Guide?  Can anyone direct me to a site/documentation which can help?  Thanks

    Thursday, February 28, 2013 7:49 PM

All replies

  • The service account (the account of the application pool I think) needs read permissions on the private key of the certificate you use.

    Start a console (mmc) and load the certificate snap in.
    Go to your certificate, right click it and select 'All Tasks' => 'Manage private keys'.
    Give the service account read privilege
    run IISRESET

    Friday, March 1, 2013 7:55 AM