Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Can't access CRM over WAN RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Ran into a real roadblock today. For some reason, we can't access our CRM over our WAN. Anyone who's local here in the main office, where the server is on our LAN, there are no problems. Yet, none of our branch offices can connect. The server responds to pings, etc. I'm not really seeing any errors in the IIS logs, other than 401 (page not found). I'm not finding errors anywhere. Nothing is seen on our firewalls (our offices are connected via branch office VPN connections).

    Been stumped for a few hours now and not sure what else to check.
    Wednesday, June 10, 2009 6:30 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    DevRock, do you have a support agreement with Microsoft? I sounds like the CRM implementation needs to be checked and that probably can't be done well in a forum; there are just too many things to consider.
    CRM Community Guru and Saxophonist
    • Marked as answer by Jim Glass Jr Thursday, August 20, 2009 4:29 PM
    Thursday, August 20, 2009 4:28 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    First, to ensure we are troubleshooting the same error, 401 is unauthorized access and 404 is page not found.  Futher, 401 1 can be caused by a fat-fingered password while a 401 2 can be caused by Windows Authentication not being on in IE so IE attempts to access CRM anonymously.

    When you attempt to access CRM from the branch office, are you prompted for credentials?  Are the workstations in the branch office in the same domain as the CRM server?  Are you attempting to access CRM through the same url as the local users or do you have an Internet Facing deployment?
    Thursday, June 11, 2009 3:46 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    No, there is no prompt for credentials. All workstations are a part of the same domain.  We don't have IFD. It's all internal-only.

    One thing I want to throw out there is we have been testing a new anti-virus product called ESET and it WAS installed on this server. I suspected there was some sort of intrusion detection going on and uninstalled it. Unfortunately, that had no effect.

    Is there some way to view requests on the server to even see if it's getting the requests at all?

    I also should have been more clear about the errors. The 401 error (401 5 0) only shows up on the IIS logs. The users just get "The page cannot be displayed."

    EDIT: Now I'm seeing a different entry in the log file:
    W3SVC2 172.16.15.30 GET /********/loader.aspx - 80 - 172.19.15.4 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 302 0 0

    On the connections that are successful, the last part is 200 0 0, not 302.
    • Edited by DevRock Thursday, June 11, 2009 6:16 PM
    Thursday, June 11, 2009 5:57 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    So, to be clear, the VPN users were at one point able to access CRM?

    The way to see if the request is coming in to the server is the IIS log, which you have already found.  In your above example, the internal server ip is 172.16.15.130 and the client ip is 172.19.15.4.  The 302 is a redirect and I don't think it's a cause for concern just yet.

    Since you don't have an IFD, make sure the only authentication method selected in IIS is Windows Integrated Authentication.

    Does the behavior change if you attempt to access http://172.16.15.30?
    Can you access http://crmserver/reportserver, assuming SQL Reporting Services is on the same server?
    Thursday, June 11, 2009 7:04 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    We actually hadn't tested it until yesterday, as it didn't occur to me that this would even come up as an issue, given all other internal web servers are accessible. Nothing special was done to this one. So I don't know if it was accessible outside our LAN.

    Report server also returns the same error. The SQL box is not the same as the CRM server. Could that be the issue??
    Thursday, June 11, 2009 8:14 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    The fact that the Report Server and the CRM server are different is not relevant; the fact that the branch office users get the same error when they access the report server is.  Are there other web applications which use windows authentication that both the local and branch users can access?

    Do you get a different behavior if you try the fully qualified domain name:  http://crmserver.yourdomain.local? or the ip address:  http://172.16.15.30?
    Thursday, June 11, 2009 9:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    The fact that the Report Server and the CRM server are different is not relevant; the fact that the branch office users get the same error when they access the report server is.  Are there other web applications which use windows authentication that both the local and branch users can access?

    Do you get a different behavior if you try the fully qualified domain name:  http://crmserver.yourdomain.local? or the ip address:  http://172.16.15.30?

    No, it doesn't matter if you use the IP or not. Still get the same error.
    Monday, June 15, 2009 2:20 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    DevRock, do you have a support agreement with Microsoft? I sounds like the CRM implementation needs to be checked and that probably can't be done well in a forum; there are just too many things to consider.
    CRM Community Guru and Saxophonist
    • Marked as answer by Jim Glass Jr Thursday, August 20, 2009 4:29 PM
    Thursday, August 20, 2009 4:28 PM