locked
CRM 4.0: Deployment Manager Error - DNS Hostname of AD DC

    Question

  •  

    After installing CRM 4.0, I am receiving the following error when attempting to access the Deployment Manager:

     

    Unable to obtain DNS hostname of Active Directory domain controller with ntdsa object name "CN=NTDS Settings,CN=XXXXXXXXXX,CN=XXXX,CN=XXXX,CN=XXXX,CN=XXXX,DC=XXXX,DC=XXXX,DC=XXXX".

     

    The server itself can complete an nslookup and ping successfully without any issues. Anyone ran into this before?

     

    Any assistance would be appreciated.

     

    Thanks-

    Anthony

    Thursday, January 10, 2008 1:26 PM

Answers

  • Thanks Curtis but that wasn't the issue at all. In the end, while the server itself could communicate and authenticate to our AD setup successfully (2 domain controllers in the same datacenter), the CRM 4.0 Deployment Mgr was blowing up because it couldn't communicate with a new domain controller located at a remote site because of a firewall issue. Once the firewall rules were fixed, the error went away. I am not sure why MS CRM 4.0 is this dependant upon communication with the remote domain controllers, thus I am going to follow up with MS.

    Tuesday, January 15, 2008 1:39 PM

All replies

  • Well an IP of a machine is a far cry from a properly configured machine account in AD.

    To begin with it's a good Idea to see if the CRM server, that is the application server is communicating properly with AD.

    Use the netdom command to show where your machine is pointing for Ldap resolution or use the setspn command to see if your server has any SPNs registered in AD. Or you could use ADSIEDIT to look directly at the machine accounts in AD and see their attributes.

     

    Try this.  Reset the account in AD and then unjoin and rejoin the domain.  Then do a reinstall and see if you can communicate with AD.

     

    It's really alot more than an IP address, my friend.

     

    Tuesday, January 15, 2008 6:41 AM
    Moderator
  • Thanks Curtis but that wasn't the issue at all. In the end, while the server itself could communicate and authenticate to our AD setup successfully (2 domain controllers in the same datacenter), the CRM 4.0 Deployment Mgr was blowing up because it couldn't communicate with a new domain controller located at a remote site because of a firewall issue. Once the firewall rules were fixed, the error went away. I am not sure why MS CRM 4.0 is this dependant upon communication with the remote domain controllers, thus I am going to follow up with MS.

    Tuesday, January 15, 2008 1:39 PM
  • Hi Anthony,

     

    Can you share what changes you did to the firewall as I have ISA Server installed in the remote DC & I am facing the same problem during CRM installation

     

    Devesh

    Saturday, December 13, 2008 8:57 AM
  • Did MS get back to you?

    We have a similar issue here with a domain controller to be demoted.
    If it is (testing) off the net (without yet being demoted).
    The MS CRM 4.0 Deployment Manager fails to start with the error message "Invalid Domain Name. Domain is either invalid or unreachable." The Stack Trace displayed shows (top most only) "Microsoft.Crm.CrmArgumentException" ... "at Microsoft.Crm.Admin.Adminservice.ConfigDBSecurity.SystemUserService.GetCaseSafeName(..)".

    We are scared to demote the old DC now, as we fear not to be able to use the Deployment Manager then.

    Situation in short:

    Nuptse (Win 2003, main/new DC, CRM 4.0, SQL, Exchange 2007)
    Everest (Win 2000, old DC, formerly Exchange - to be demoted)

    in the same network.

    Depl. Mgr on nuptse fails if everest is unplugged.
    Tuesday, December 30, 2008 7:10 AM

  • After some more searching, I found this: CRM Update Rollup 1 should fix the issue.

    http://support.microsoft.com/kb/952858/


    Trying it now.
    Works fine (just need to wait a bit longer than if the to be demoted DC is available).
    Tuesday, December 30, 2008 9:04 AM
  • When I try to install the MS CRM 4.0, at last it displays the following error message: Unable to obtain DNS hostname of Active Directory domain controller with ntdsa object name "CN=NTDS Settings,CN=<var>DOMAINCONTROLLER_Name</var>,CN=Servers,CN=<var>MYSITENAME</var>,CN=Sites,CN=Configuration"

    why the DC's are going crazy when installing the CRM. Please let know the solution..

    • Proposed as answer by KumarXRM Friday, April 22, 2011 8:07 PM
    Tuesday, May 11, 2010 7:02 PM
  • Please Add the Preferred Domain Controller  value to MS CRM registry entries: HKLM\Software\Microsoft\MSCRM

    Step 1. Right Click and click on NewString value as "PreferredDc"

    Step 2. Add the value to PreferredDc is YourDomainControllerName you can find this in your AD by typing the command in your cmd prompt echo %logonserver%

    Let me know if you need any help

     

    Wednesday, June 30, 2010 8:09 PM
  • Thanks Pradeep it worked.

    Wednesday, January 12, 2011 9:52 AM
  • Israel Pradeep

    Worked!  Thank you!  I know this hardcodes the DNS server, is there a way around it?

    Wednesday, June 1, 2011 2:27 PM
  • Hi JW,

    1st  install the latest Rollup (17) on your server machine. OR

    2nd Reduce your Firewall setup at domains (forest) level, this can do only by Network admins(Domain Controllers Admin).

    https://xrmxtensibles.wordpress.com/2010/05/28/unable-to-obtain-dns-hostname-of-active-directory-domain-controller-with-ntdsa-object-name/


    Thanks, - Israel Pradeep, - Software Engineer & PMP & B.I - Entrepreneur, - "If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful"".
    Wednesday, July 6, 2011 7:08 PM
  • BTW, faced again this issue and decided to blog the solution here:

    http://weblogs.asp.net/pabloperalta/archive/2011/11/30/error-unable-to-obtain-dns-hostname-of-active-directory-domain-controller-with-ntdsa-object-name-when-opening-crm-deployment-manager.aspx

     

    hope it helps to save time to others.

    PP


    Microsoft MVP Dynamics CRM | My Twitter: http://twitter.com/pabloperalta | My blog: http://weblogs.asp.net/pabloperalta | Blog en Español: http://wwww.elblogdedynamicscrm.com
    Wednesday, November 30, 2011 3:13 AM
  • Thanks Pradeep.  In the middle of an evening production deployment and your answer just saved the day.  Looks like the CRM deployment service grabs hold of a particular DC and if that DC is not currently available you can't run Deployment Manager or delete or import plugins.  That registry key points it at a working DC and you are good to go.  I guess you shouldn't leave the registry key there after as that particular DC may not always be there in the future.  Seems like a bug to me that CRM  is locking onto a particular DC.

    Gareth Tucker +61 406 1234 72

    Saturday, April 20, 2013 2:40 AM