locked
Cannot access CRM commands from powershell RRS feed

  • Question

  • Hi,

    I'm trying to integrate a CRM 2011 on-premise instance with Azure AppFabric. I'm following this walkthrough http://msdn.microsoft.com/en-us/library/gg328249.aspx and i got stuck at

    • Configure the Microsoft Dynamics CRM Configuration Database

    I'm logged into the administrator account of the 2008 server, I open powershell and add the CRM snap-in. And that is where I end, because calling the commands Set-CrmCertificate and Get-CrmCertificate ends with an error:

    PS C:\Users\Administrator> Get-CrmCertificate

    Get-CrmCertificate : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.

    At line:1 char:19

    + Get-CrmCertificate <<<<

    + CategoryInfo          : NotSpecified: (:) [Get-CrmCertificate], MessageSecurityException

    + FullyQualifiedErrorId : System.ServiceModel.Security.MessageSecurityException,Microsoft.Crm.PowerShell.GetCrmCer   tificateCmdlet

    I found some posts related to this error message but they were mostly about not having your server and client time synchronized. I am running the command from the server where the CRM instance is installed, so unsynchronized time shouldn't be an issue.

    I've tried running the commands from the service account under which the CRM service is running but the output was an equal error.

    I've run out of ideas.

    Has anyone encountered such a problem?

    Does anyone have a clue what am I doing wrong?

    Thank you for your suggestions.

    Monday, March 14, 2011 4:53 PM

All replies

  • I turned on logging and found this stacktrace (in *w3wp-XRMDeployment*.log) after invoking the Get-CrmOrganization command from powershell:


    <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing an exception.</Description><AppDomain>/LM/W3SVC/1/ROOT/XRMDeployment-1-129451731598847656</AppDomain><Exception><ExceptionType>System.IdentityModel.Tokens.SecurityTokenException, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>The AcceptSecurityContext failed.</Message><StackTrace>   at System.IdentityModel.Tokens.KerberosReceiverSecurityToken.Initialize(SafeFreeCredentials credentialsHandle, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
    >   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.KerberosSecurityTokenAuthenticatorWrapper.ValidateToken(SecurityToken token, ChannelBinding channelBinding, ExtendedProtectionPolicy protectionPolicy)
    >   at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver, IList`1 allowedTokenAuthenticators, SecurityTokenAuthenticator&amp;amp; usedTokenAuthenticator)
    >   at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlDictionaryReader reader, Int32 position, Byte[] decryptedBuffer, SecurityToken encryptionToken, String idInEncryptedForm, TimeSpan timeout)
    >   at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
    >   at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
    >   at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message&amp;amp; message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    >   at System.ServiceModel.Security.SymmetricSecurityProtocol.VerifyIncomingMessageCore(Message&amp;amp; message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    >   at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    >   at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
    >   at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext requestContext, TimeSpan timeout)
    >   at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone()
    >   at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.Start()
    >   at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    >   at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
    >   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
    ></StackTrace><ExceptionString>System.IdentityModel.Tokens.SecurityTokenException: The AcceptSecurityContext failed. ---&amp;gt; System.ComponentModel.Win32Exception: The logon attempt failed
    >   --- End of inner exception stack trace ---</ExceptionString><InnerException><ExceptionType>System.ComponentModel.Win32Exception, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>The logon attempt failed</Message><StackTrace>   at System.IdentityModel.Tokens.KerberosReceiverSecurityToken.Initialize(SafeFreeCredentials credentialsHandle, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
    >   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.KerberosSecurityTokenAuthenticatorWrapper.ValidateToken(SecurityToken token, ChannelBinding channelBinding, ExtendedProtectionPolicy protectionPolicy)
    >   at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver, IList`1 allowedTokenAuthenticators, SecurityTokenAuthenticator&amp;amp; usedTokenAuthenticator)
    >   at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlDictionaryReader reader, Int32 position, Byte[] decryptedBuffer, SecurityToken encryptionToken, String idInEncryptedForm, TimeSpan timeout)
    >   at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
    >   at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
    >   at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message&amp;amp; message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    >   at System.ServiceModel.Security.SymmetricSecurityProtocol.VerifyIncomingMessageCore(Message&amp;amp; message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    >   at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
    >   at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
    >   at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext requestContext, TimeSpan timeout)
    >   at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone()
    >   at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.Start()
    >   at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
    >   at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
    >   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
    ></StackTrace><ExceptionString>System.ComponentModel.Win32Exception (0x80004005): The logon attempt failed</ExceptionString><NativeErrorCode>8009030C</NativeErrorCode></InnerException></Exception></TraceRecord>

    Any idea what do I have to configure to get through this??



    Monday, March 21, 2011 9:54 AM