Unable to create CRM Organisation using Powershell RRS feed

  • Question

  • Hi,

    I am trying to create a CRM Organisation on-premise using powershell, but I encounter the following error

    New-CrmOrganization : Source    : mscorlib
    Method    : HandleReturnMessage
    Date    : 11:47:29 AM
    Time    : 3/25/2014
    Error    : Message: The Deployment Service cannot process the request because one or more validation checks failed.
    ErrorCode: -2147167645
    Stack Trace    :
    Inner Exception Level 1    :
    ==DeploymentServiceFault Info==========================================================================================
    Error    : The Deployment Service cannot process the request because one or more validation checks failed.
    Time    : 3/25/2014 10:47:29 AM
    ErrorCode    : -2147167645
    Date    : 11:47:29 AM
    Time    : 3/25/2014
    Error Items:
        SysAdminCheck raising error : You do not have sufficient permission to perform this operation on the specified
    organization database
    At line:1 char:1
    + New-CrmOrganization -DisplayName "TestOrg" -SQLServerName "SR12R2" -SrsUrl "http ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidData: (Microsoft.Crm.P...anizationCmdlet:NewCrmOrganizationCmdlet) [New-CrmOrgani
       zation], FaultException`1
        + FullyQualifiedErrorId : CRM Deployment Cmdlet Error,Microsoft.Crm.PowerShell.NewCrmOrganizationCmdlet

    I am using the following command to create the Organisation:

    Add-PSSnapin Microsoft.Crm.PowerShell

    New-CrmOrganization -DisplayName "TestOrg" -SQLServerName "SR12R2" -SrsUrl "http://sr12r2/ReportServer" -Name "TestOrg" -BaseCurrencyCode "USD" -BaseCurrencyName "US Dollar" -BaseCurrencySymbol "$" -BaseCurrencyPrecision "2" -BaseLanguageCode 1033 -SqlCollation "Latin1_General_CI_AI" -SQMOptIn false

    I already have deployment administrator rights, and I can create Organisations using the Deployment Manager, but it doesn't work via powershell. Also, I have tried running the powershell "as administrator" but had no luck.

    Admin QuikView Solution for CRM 2013

    Tuesday, March 25, 2014 10:54 AM

All replies

  • Hi,

    Are you running powershell on your on the server with the on-premise install / your local machine / another machine?

    Tuesday, March 25, 2014 11:40 AM
  • Hi Matt,

    I am running the powershell on the server where I have CRM installed. It's a "everything-in-one-server" topology.

    Admin QuikView Solution for CRM 2013

    Tuesday, March 25, 2014 12:03 PM
  • By the error it looks like you don't have the necessary permissions on the SQL instance

    Is the user you are running the PS with a sysadmin on the SQL instance?

    Tuesday, March 25, 2014 3:00 PM
  • Hi TZ00Kl,

    Yes, I am running the PS with the same user that has sysadmin rights in the SQL instance. It's a single environment scenario, where everything is inside a single box, and there is an administrator account, which has all the necessary rights (deployment administrator, sysadmin, local admin, etc.).

    I was thinking more like if anything's missing from the script, or if anything is not quite right. This is the first time I am using PowerShell for CRM.

    Admin QuikView Solution for CRM 2013

    Tuesday, March 25, 2014 3:05 PM
  • Hi,

    Anybody got anything to share/help? :)

    Admin QuikView Solution for CRM 2013

    Wednesday, March 26, 2014 3:53 PM
  • Hi again 

    Please also check that your user has full permissions over the CRM OU in active directory - make sure that you have delegated rights.

    Thursday, March 27, 2014 8:06 AM
  • Hi TZ00Kl,

    Yes I do! I can create Organisations using the Deployment Manager, it's just that PowerShell doesn't work.

    Also, FYI this issue is different from the one I posted here.

    Admin QuikView Solution for CRM 2013

    Thursday, March 27, 2014 9:30 AM
  • What account is the Deployment Web Service running under? Have you checked that it has the necessary permissions? (the web service will be carrying out the request issued via PowerShell, so it needs the permissions, not just you). Permissions include:

    • Domain User membership
    • That account must be granted the Logon as service permission in the Local Security Policy.
    • Local administrator group membership on the computer where the Deployment Web Service is running.
    • Local administrator group membership on the computer where SQL Server is running.
    • Sysadmin permission on the instance of SQL Server to be used for the configuration and organization databases.
    • Folder read and write permission on the Trace and CRMWeb folders, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.
    • Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSCRMSandboxService subkeys in the Windows Registry.
    • CRM_WPG group membership. This group is used for IIS worker processes. The group is created and the membership is added during Microsoft Dynamics CRM Server Setup.

    Hope this helps.
    Adam Vero, Microsoft Certified Trainer | Microsoft Community Contributor 2011
    UK CRM Guru Blog

    Thursday, March 27, 2014 4:30 PM
  • Hi Adam,

    I have checked each of these permissions and the Deployment Service Account has ALL of them! Still I have the same error every time I try using the PowerShell.

    Also, if I can create via Deployment Manager, it makes no sense why I wouldn't be able to create using PowerShell and why creating via PowerShell would require some extra permissions? Either way, in both cases, the Organisation would be created by the Deployment Service Account.

    Admin QuikView Solution for CRM 2013

    Thursday, March 27, 2014 6:41 PM
  • Adam,

    So, as you can see, it definitely seems like a permissions issue, yet I'm going to take a different spin, so Please do not kill the messenger.  To the best of my knowledge, powershell is not going to execute this under your credentials, rather it's going to execute the call under the system account, which will not have access to the mscrm_config db.  While I understand that it's an all-in-one scenario, there are other items that could cause problems.

    Try and add the server name to the PrivUsersGroup and the sql_access group that you used to install the org.  Grant you, this is a stretch, but in my local trace, the credentials being passed to the db server are not the credentials from me.  Once I added my server name to the AD groups, I was able to perform powershell processes.

    If you received a resolution, make sure you post it here.

    Good Luck. 

    Thursday, May 8, 2014 6:13 PM
  • Hi,

    Has anyone got this working? I'm having the same issue and if the powershell command is not running under my credentials something will not work, of that I am certain. I have also added the -Credential  and -DwsServerUrl flags (since powershell wanted the dwsserverurl when I added -Credential) and I enter my password for the account and it still complains and says that "The permissions granted to user 'NT AUTHORITY\NETWORK SERVICE' are insufficient for performing this operation."


    Rickard Norström Developer CRM-Konsulterna
    Swedish Dynamics CRM Forum: http://www.crmforum.se
    My Blog: http://rickardnorstrom.blogspot.se

    Wednesday, November 23, 2016 1:12 PM