locked
Error on OrganizationCreator RRS feed

  • Question

  • Hi,

     

    I've stuck installing CRM 2011. Every time I've get this error:

    Exception occured during Microsoft.Crm.Tools.Admin.OrganizationCreator: Action Microsoft.Crm.Tools.Admin.ProvisionBusinessAction failed.
    InnerException:
    System.Runtime.InteropServices.COMException (0x8007202B): A referral was returned from the server.
    
      at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
      at System.DirectoryServices.SearchResultCollection.get_InnerList()
      at System.DirectoryServices.SearchResultCollection.get_Count()
      at Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
      at Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
      at Microsoft.Crm.SecurityUtils.GetUserId(String domainName, Boolean limitGlobalCatalogSearches)
      at Microsoft.Crm.Authentication.UserManagementFactory.GetActiveDirectoryInformation(String domainName, Boolean limitGlobalCatalogSearches)
      at Microsoft.Crm.Authentication.UserManagementFactory.CheckForActiveDirectoryUser(String uniqueName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
      at Microsoft.Crm.Authentication.UserManagementFactory.ValidateActiveDirectoryUser(String domainName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
      at Microsoft.Crm.Authentication.UserManagementFactory.CreateUser(IBusinessEntity systemUser, Boolean setupUser, ExecutionContext context)
      at Microsoft.Crm.ObjectModel.SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext context)
      at Microsoft.Crm.ObjectModel.OrganizationServiceInternal`1.CreateRootBusiness(IBusinessEntity organization, IBusinessEntity business, IBusinessEntity systemUser, ExecutionContext context)
      at Microsoft.Crm.Setup.Server.Utility.NewOrgUtility.OrganizationCreateNew(String organizationId, String organizationName, String userAccountName, String userFirstName, String userLastName, String userEmail, String featureSetFile, String languageCode, String privilegedUserGroup, String sqlAccessGroup, String reportingGroup, String privilegedReportingGroup, Boolean grantNetworkServiceAccess, OrganizationResourceHelper orgSettingsHelper)
      at Microsoft.Crm.Tools.Admin.ProvisionBusinessAction.Do(IDictionary parameters)
      at Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
    
    15:58:08|  Info| Setting organization state. New state = Failed
    15:58:08| Error| Install exception.System.Exception: Action Microsoft.Crm.Tools.Admin.ProvisionBusinessAction failed. ---> System.Runtime.InteropServices.COMException: A referral was returned from the server.
    
      at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
      at System.DirectoryServices.SearchResultCollection.get_InnerList()
      at System.DirectoryServices.SearchResultCollection.get_Count()
      at Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
      at Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
      at Microsoft.Crm.SecurityUtils.GetUserId(String domainName, Boolean limitGlobalCatalogSearches)
      at Microsoft.Crm.Authentication.UserManagementFactory.GetActiveDirectoryInformation(String domainName, Boolean limitGlobalCatalogSearches)
      at Microsoft.Crm.Authentication.UserManagementFactory.CheckForActiveDirectoryUser(String uniqueName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
      at Microsoft.Crm.Authentication.UserManagementFactory.ValidateActiveDirectoryUser(String domainName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
      at Microsoft.Crm.Authentication.UserManagementFactory.CreateUser(IBusinessEntity systemUser, Boolean setupUser, ExecutionContext context)
      at Microsoft.Crm.ObjectModel.SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext context)
      at Microsoft.Crm.ObjectModel.OrganizationServiceInternal`1.CreateRootBusiness(IBusinessEntity organization, IBusinessEntity business, IBusinessEntity systemUser, ExecutionContext context)
      at Microsoft.Crm.Setup.Server.Utility.NewOrgUtility.OrganizationCreateNew(String organizationId, String organizationName, String userAccountName, String userFirstName, String userLastName, String userEmail, String featureSetFile, String languageCode, String privilegedUserGroup, String sqlAccessGroup, String reportingGroup, String privilegedReportingGroup, Boolean grantNetworkServiceAccess, OrganizationResourceHelper orgSettingsHelper)
      at Microsoft.Crm.Tools.Admin.ProvisionBusinessAction.Do(IDictionary parameters)
      at Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
      --- End of inner exception stack trace ---
      at Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
      at Microsoft.Crm.Setup.Common.Installer.Install(IDictionary stateSaver)
      at Microsoft.Crm.Tools.Admin.OrganizationOperation.Install(IDictionary stateSaver)
      at Microsoft.Crm.Tools.Admin.OrganizationCreator.Install(IDictionary stateSaver)
      at Microsoft.Crm.Setup.Common.ComposedInstaller.InvokeInstall(Installer installer, IDictionary stateSaver)
      at Microsoft.Crm.Setup.Common.ComposedInstaller.InternalInstall(IDictionary stateSaver)
      at Microsoft.Crm.Setup.Common.ComposedInstaller.Install(IDictionary stateSaver)
      at Microsoft.Crm.Setup.Server.ServerSetup.Install(IDictionary data)
      at Microsoft.Crm.Setup.Common.SetupBase.ExecuteOperation()
    15:58:08|Verbose| Method exit: Microsoft.Crm.Setup.Server.ServerSetup.ExecuteOperation
    15:58:08|  Info| ActivatePage(ServerSetupFinishPage)
    

     I am logged as a Domain Admin. I see my AD and I can navigate through OU.

     

     

    Regards,

    Marcin Siewnicki

    Monday, August 8, 2011 2:52 PM

Answers

  • To begin with, having domain admin priv, being able to see AD and the OU are ok for starters but it would be better to do a deeper forensic of your AD forest.

    Any issues when you run DCDIAG or Netdiag.

    Which DC is authenticating?

    What kind of DNS resolution are you getting?

    Can the machines see one another on the network?

    Sometimes simple things like a static IP is being used but netbios is using the DHCP resource, or SPNs are not being resolved or the machine account was created the NT 4.0 way rather then the Win2003/2008 way.

    For instance, In windows 2008, a machine account will not join a domain without DNS resolution.  Before the machine would join the domain via netbios or what we call "Shouting".

    So consider the error a way to see that the software is telling you there is something underneath that is not working correctly.

    Make sure you use the SETSPN tool to test resolution of the Service Priincipal Names which are attributes on the machine objects.

    Especially if nework service is being used on the Application pool.

     

    Well that's a start.  Remember, don't shoot the application .........  too fast. /:>

     


    Curtis J Spanburgh
    Monday, August 22, 2011 3:40 PM
    Moderator

All replies

  • This is most likely due a DNS issue. These 2 links give a couple of possible solutions (although they relate to CRM 4, I'd expect the CRM 2011 setup would access AD in the same way)

    http://www.techtalkz.com/microsoft-dynamics-crm/418987-crm-4-installation-error-referral-returned-server-2.html

    http://crm.davidyack.com/journal/2007/12/24/active-directory-and-dns-gotcha.html

     


    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Monday, August 8, 2011 5:48 PM
    Moderator
  • Thank you David.

    I've tried these solutions but installer still throw the same exception. After failed installation I've tried to add a new organization but get the same error:

    I've found that CRM Installer creates CRM groups in AD(PrivReportingGroup etc.).

    I think this issue is definitely related to DNS/AD but these services works on production:)

     

    Regards,

    Marcin Siewnicki

    Wednesday, August 10, 2011 12:20 PM
  •  

    Hi Marcin

     

    I have the same error, so you did solve in some way. I have not succeeded in creating the organization.

     

    Thank you for your experience
    JOSE LUIS

    jota
    Thursday, August 18, 2011 8:49 PM
  • To begin with, having domain admin priv, being able to see AD and the OU are ok for starters but it would be better to do a deeper forensic of your AD forest.

    Any issues when you run DCDIAG or Netdiag.

    Which DC is authenticating?

    What kind of DNS resolution are you getting?

    Can the machines see one another on the network?

    Sometimes simple things like a static IP is being used but netbios is using the DHCP resource, or SPNs are not being resolved or the machine account was created the NT 4.0 way rather then the Win2003/2008 way.

    For instance, In windows 2008, a machine account will not join a domain without DNS resolution.  Before the machine would join the domain via netbios or what we call "Shouting".

    So consider the error a way to see that the software is telling you there is something underneath that is not working correctly.

    Make sure you use the SETSPN tool to test resolution of the Service Priincipal Names which are attributes on the machine objects.

    Especially if nework service is being used on the Application pool.

     

    Well that's a start.  Remember, don't shoot the application .........  too fast. /:>

     


    Curtis J Spanburgh
    Monday, August 22, 2011 3:40 PM
    Moderator
  • Restarting servers with AD and DNS and support from our infrastructure Admin helped and now it works!

    I think that it was something in AD - we found some weird behavior of AD and our Admin is now analyzing logs.

     

     

    Regards,

    Marcin Siewnicki

    Tuesday, August 30, 2011 3:29 PM
  • Hi SQP, i have the same problem, in the same time aprox 8 of august. The same log and same ProvisionBussinesAction problem.

    Can you sharing the "weird behavior of AD and logs" for help us, we have the same problem, but i can not restar our AD and DNS server. Because is production AD.

    Can you ask to your admin, what other action he make. Or only restar server fix the problem?

    Thankyou

    John Avila  

    Monday, September 5, 2011 8:21 PM
  • I really hope you have more than one DC in production and that the DCs are rebooted for maintenance and patches from time to time.

    That being said perhaps you can determine which is the authenticating DC for your CRM instance.  In that way you may determine which DC can be rebooted.

    A more recent trend we have seen is that IP 6 is enabled and causing some problems with certain NICs, HBAs and Switch ports.

    Hard to determine this in the forum but sometimes you have to go down to that layer to determine what is causing a LOB APP to have problems.

     


    Curtis J Spanburgh
    Tuesday, September 6, 2011 4:09 AM
    Moderator
  • Curtis, I am having a simliar problem and could really use your expertise.

    I am having a similar problem as above when installing Dynamics CRM Workstation but I only have 1 Domain Controller (?!?!).

    I am running 1 Windows Server with Win2008 R2 Standard with HyperV .  This has AD, DNS and DHCP on it (easy enough?).

    I then run 3 Virtual Servers (all Windows Server 2008 Enterprise). 

    1. Apps server, where I run my backup software, Anti-virus and others
    2. SQL Server:  Running SQL Server 2008 Enterprise
    3. Dynamics Server:  Which I am trying to install Dynamics on.

    When I install Dynamics on the Server, it passes the tests to both the SQL Server and Active Directory but after it installs the software, sets up the SQL Database and adds the users, it gets the following error:

    Installation has failed

    Microsoft Dynamics CRM Server Setup did not complete successfully.

    Action Microsoft.CRM.Tools.Admin.ProvisionBusinessAction failed.

    Could not find GUID for server.

    Global Catalog not found in forest "EMCE.local".

    I can provide you with the log file if you require more information.


    I cannot run netdiag on the Primary Domain Controller.  I am not sure if that is a windows2008 tool or not, please advise.

    I have run dcdiag on the PDC also and I get the following:

    Directory Server Diagnosis

    Performing Initial setup

    trying to find home server..

    Home server=ecme01

    * Identified AD Forest

    Done gathering initial info

     

    Doing initial required tests

    Testing server:  xxxx\ECME01

    The host fb02b490-2f4d-46c5-8701-f84b751d7634._msdcs.ecme.local could not be resolved to an IP Address. Check the DNS Server, DHCP, server, name, etc.

    .................ECME01 failed test Connectivity

    Doing primary test

    Testing server: Laos\ECME01

    Skipping all tests, because server ECME01 is not responding to directory service requests

     

    Aside from this, everything seems to pass.  I am assuming this is the problem.

    What do you think could've caused this and how can I fix it?

    I am hoping this resolved my issue with installing Dynamics CRM on the 3rd Virtual Server.

     

    For the time being, I have taken down all firewalls to make sure that was not the problem.

    What do you think I am missing here?  Your advice would be greatly appreciated.

     

     

    Tuesday, November 8, 2011 11:10 AM
  • Posted this on your shorter reference from your other post.

    Hope this helps.

    Your DNS error indicates that the host is using an IPV6 address.  I have encountered issues when using virtual servers and IPV6.  Often the behavior of virtual NICs is not the same as Physical NICs.

    Check your DNS zone to see if you have A Records based on IPV4 or IPV6.

     

    I would prefer to use IPV6 but sometimes hardware will not handle the packet sizes of that protocol.

    Check your internal firewalls on the servers.

    But you could go to a IPv4 network.

    To disable IPV6:

    To disable IPv6 on all network interfaces on a computer you must create a DWORD 32-bit registry value named “DisabledComponents” in the following registry key branch:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\

    value data for DisabledComponents must be set to 000000FF

    Try to disable IPV6 on your application and SQL servers first.  If you disable it on the DC you may have DNS issues .

    When you ping your application server, you may see a IPV6 response.

    Get an IPV4 response on all servers and see if the error is solved.

    Hope this helps.

     

    The host fb02b490-2f4d-46c5-8701-f84b751d7634._msdcs.ecme.local could not be resolved to an IP Address.



    Curtis J Spanburgh
    Tuesday, November 8, 2011 5:53 PM
    Moderator
  • hi 

    i am facing the same issue, did you find a solution ? 


    e-life elife.sy@gmail.com

    Monday, July 13, 2015 8:15 AM