Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Error 401 and event id 3 accessing newly installed site RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    i just reinstalled my CRM 2011 site and have encountered something really strange. I can get to the site via IP, I can connect via http://crm but when I connect via http://crm.mydomain.com I get prompted to logon 3 times and then get an error 401.

    I noticed this was pretty common in CRM 4.0 but didn't notice any articles covering it for 2011. I have checked the SPN's and IIS to ensure Kerberos is set correctly. What else?

    Just got some new information here too. In trying to resolve this, I found an article that pointed to this: http://support.microsoft.com/kb/887993 I cranked up the logging and sure enough I'm getting a Kerberos error when I try to connect to the site, but I am failing on KRBTGT (Kerberos Ticket Granting Ticket?) and have NO idea how to resolve that one. Anyone got any insights?

    Cheers
    John



    Thursday, July 28, 2011 10:05 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    I ended up solving this last night after pulling most of my hair out. It appears that the issue was resolved by setting an SPN up binding the CRM service account to the FQDN URL for my server (I intend for it to be public facing and so this is the externally available URL) and biding the URL to the machine account itself:

    setspn -A HTTP/CRM.MYDOMAIN.COM MYDOM\CRM_SERVICE

    setspn -A HTTP/CRM.MYDOMAIN.COM MYCRMSERVER$

    The system log was showing Kerberos failures for the machine account every time I tried to connect which is what sent me in this direction.

    Friday, July 29, 2011 2:42 PM