Unable to create new user in CRM 2011

All replies

• 

  

  0

  Sign in to vote

  Hi,

  Check whether you can able to add user in Deployment Manager as administrator.

  ---

  Thanks & Regards, MS CRM Consultant, V.Surya.

  Tuesday, February 28, 2012 4:45 PM

  Answerer
• 

  

  1

  Sign in to vote

  Hi,

  Search for existing users in CRM for users actividirectoryGUID.

  I guess users current ActivedirectoryGUID is mapped to some other user account which could be disabled user.

  use following script to clean the user data from Config database

  DECLARE @UsersToDelete TABLE

  (

    UserId uniqueidentifier

  )

  Insert Into @UsersToDelete(UserId)

  Select UserId from [MSCRM_CONFIG].[dbo].[SystemUserOrganizations]

  Where CrmuserId Not in (select systemuserid from Organization_MSCRM.dbo.SystemUserBase)

  And OrganizationId = << OrganizationId>> --Id From the Organization table for this instance

  Delete From [MSCRM_CONFIG].[dbo].[SystemUserAuthentication]

  Where UserId in (Select UserId From @UsersToDelete)

  Delete From [MSCRM_CONFIG].[dbo].[SystemUserOrganizations]

  Where UserId in (Select UserId From @UsersToDelete)

  Delete From [MSCRM_CONFIG].[dbo].[SystemUser]

  Where Id in (Select UserId From @UsersToDelete)

  ---

  SKD

  Tuesday, February 28, 2012 7:31 PM
• 

  

  0

  Sign in to vote

  Search for existing users in CRM for users actividirectoryGUID.

  I guess users current ActivedirectoryGUID is mapped to some other user account which could be disabled user.

  [...]

  no luck. this query returns 0 records for me

  
  

  select UserId from MSCRM_CONFIG.dbo.SystemUserOrganizationswhere CrmUserId not in (select systemuserid from xxxx_MSCRM.dbo.SystemUserBase)

  
  

  
  

  Wednesday, February 29, 2012 3:30 PM
• 

  

  0

  Sign in to vote

  any suggestions?

  We're using Dynamics Connector. In Plugin Registration Tool I see that Connector's Plugin is registered to Create and Update events on systemuser entity.

  I thought maybe this is causing my problems, so I disabled both steps and tried to create new user

  but I get same exception  by SecurityUtils.TryGetGuidFromSid
  Error while retrieving GUID  from SID. Exception: System.Runtime.InteropServices.COMException (0x8007202B):A referral was returned from the server

  Can anyone give me some hint? We can't currently create new users in CRM!

  Or can someone tell me exactly how to create new user directly on SQL Server, which tables should I change?

  company_MSCRM.dbo.SystemUserBase
  company_MSCRM.dbo.SystemUserLicenses
  company_MSCRM.dbo.SystemUserProfiles
  company_MSCRM.dbo.SystemUserRoles
  MSCRM_CONFIG.dbo.SystemUser
  MSCRM_CONFIG.dbo.SystemUserAuthentication
  MSCRM_CONFIG.dbo.SystemUserProperties
  MSCRM_CONFIG.dbo.SystemUserRoles

  any other tables?

  I need a way to add new users in CRM.

  Monday, March 5, 2012 1:01 PM
• 

  

  0

  Sign in to vote

  can anyone help me? it's urgent, I'm still gettin same error when I try to add new user in CRM.

  Friday, April 6, 2012 8:45 AM
• 

  

  0

  Sign in to vote

  Does modifing an existing user works well? try changing first name.

  Have you tried creating a new AD user and then adding this user to CRM?

  Friday, April 6, 2012 1:05 PM
• 

  

  0

  Sign in to vote

  I can change firstname and all other fields (except "User Name") on existing CRM users. I tried already to change User Name for some old user to a new user - I get same error.

  User exists already in AD. I just want to add him to CRM.

  Friday, April 6, 2012 1:22 PM
• 

  

  0

  Sign in to vote

  
  

  I try to follow my trace:
  

  
  

  [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | UserManagementFactory.GetActiveDirectoryInformation
  >Domain Name Axxx\Pxxx
  
  [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User: |Level: Info | SecurityUtils.GetSidFromAccount
  >Retrieving SID from account Axxx\Pxxx.
  
  [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.GetSidFromAccount
  >Retrieved SID S-1-5-21-1776310883-3490779271-3800564124-1550 for account Axxx\Pxxx.
  
  [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.TryGetGuidFromSid
  >Searching AD to retrieve GUID from SID.
  
  [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.TryGetGuidFromSid
  >Searching AD using DefaultNamingContext as the search type.
  
  [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.TryGetGuidFromSid
  >Searching AD in the directory entry DC=Axxx, path LDAP://DC=Axxx,DC=local
  
  [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.GetGuidFromSid
  >Searching for SID S-1-5-21-1776310883-3490779271-3800564124-1550 to get AD GUID.
  
  [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User: |Level: Info | SecurityUtils.GetGuidFromSid
  >Query SearchRoot LDAP://DC=Axxx,DC=local with Filter (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\63\5a\e0\69\87\10\11\d0\9c\01\88\e2\0e\06\00\00).
  
  
  [2012-04-06 15:28:26.805] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Error | SecurityUtils.TryGetGuidFromSid
  >Error while retrieving GUID  from SID. Exception: System.Runtime.InteropServices.COMException (0x8007202B): Eine Referenzauswertung wurde vom Server zurückgesendet.
  
     bei System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
     bei System.DirectoryServices.SearchResultCollection.get_InnerList()
     bei System.DirectoryServices.SearchResultCollection.get_Count()
     bei Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
     bei Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
  

  
  

  
  

  As you can see User's SID is retrieved from AD correctly. Problem occurs in method GetGuidFromSid(Microsoft.Crm.ADutility.dll). Here some code:

  
  

  private static Guid GetGuidFromSid(DirectorySearcher searcher, byte[] sid)
  {
      CrmTrace.TraceFormat(CrmTrace.DefaultTraceSetting, TraceCategory.ADUtility, TraceLevel.Info, "Searching for SID {0} to get AD GUID.", new object[] { ConvertSIDFromByteToString(sid) });
      searcher.ReferralChasing = ReferralChasingOption.All;
      searcher.Filter = string.Format(CultureInfo.InvariantCulture, "(objectSid={0})", new object[] { ConvertToOctetString(sid) });
      searcher.PropertiesToLoad.Add("objectGUID");
      CrmTrace.TraceFormat(CrmTrace.DefaultTraceSetting, TraceCategory.ADUtility, TraceLevel.Info, "Query SearchRoot {0} with Filter {1}.", new object[] { (searcher.SearchRoot.Path == null) ? "NULL" : searcher.SearchRoot.Path, searcher.Filter });
      SearchResultCollection results = searcher.FindAll();
      if ((results != null) && (results.Count == 1))
      {
          Guid guid = new Guid(results[0].Properties["objectGUID"][0] as byte[]);
          CrmTrace.TraceFormat(CrmTrace.DefaultTraceSetting, TraceCategory.ADUtility, TraceLevel.Info, "GUID for SID is {0}.", new object[] { guid.ToString() });
          return guid;
      }
      CrmTrace.TraceFormat(CrmTrace.DefaultTraceSetting, TraceCategory.ADUtility, TraceLevel.Info, "GUID for SID is null.", new object[0]);
      return Guid.Empty;
  }
  
   
  

  
  

  Last entry in my trace is "Query SearchRoot {0} with Filter {1}." I don't get any messages like "GUID for SID is..." or "GUID for SID is null". It means that my exception occurs somewhere in this code:

     SearchResultCollection results = searcher.FindAll();
      if ((results != null) && (results.Count == 1))
      {
          Guid guid = new Guid(results[0].Properties["objectGUID"][0] as byte[]);
  

  
  

  Is it possible that DirectorySearcher.FindAll throws this Exception? Or is it this line: Guid guid = new Guid(results[0].Properties["objectGUID"][0] as byte[])?

  I think this could be a problem with our AD, but I really don't know where exactly should I start... can anyone give me a hint on this?
  

  
  

  Friday, April 6, 2012 2:25 PM
• 

  

  0

  Sign in to vote

  Hi,

  Can you try force CRM querying a different DC server, by adding the following registry key to the CRM servers:

  Type: String
  Name: PreferredDC

  Type the name of a global catalog domain controller and reset IIS, see if this makes any difference.

  ---

  Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

  Saturday, April 7, 2012 12:40 PM

  Answerer
• 

  

  0

  Sign in to vote

  Hi,

  can you tell me where exactly should I create this registry key? I tried to add this key under

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM

  but it didn't make any difference.

  Tuesday, April 10, 2012 7:25 AM
• 

  

  0

  Sign in to vote

  Today I got an Information from our Admin, that since 2 months we have two new DC-Servers running. One server "DC2" is main DC (with GC), other server "DC1" is a copy in case of DC2 failure. Could this be a problem for CRM? I tried to set  "PreferredDC" registry-entry to point CRM only to DC2 Server, but with no luck. (PreferredDC = DC2.Axxx.local)

  
  I tried to retrieve AD-user manually with a PowerShell command "get-aduser". Everything works fine, I get User with GUID without any problems. But get-aduser gets only users from DC. As I can see CRM tries to retrieve all objects by SID:

  searcher.Filter = string.Format(CultureInfo.InvariantCulture, "(objectSid={0})", new object[] { ConvertToOctetString(sid) });
  
  is this possible that we have two or more objects in our AD with same SID? Is there any other command than get-aduser to retrieve all objects by SID?

  What I've tested today was to create new Organization, and... I can't create any new organization in CRM!!! I get same exception!

  Everything works fine till Deplyment Wizard tries to set the OrganizationCreator-user - at this moment I get same Exception on GetGuidFromSid.....

  [08:56:07|  Error| Exception occured during Microsoft.Crm.Tools.Admin.OrganizationCreator: Fehler bei der Aktion Microsoft.Crm.Tools.Admin.ProvisionBusinessAction.
  InnerException:
  System.Runtime.InteropServices.COMException (0x8007202B): Eine Referenzauswertung wurde vom Server zurückgesendet.
  
     bei System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
     bei System.DirectoryServices.SearchResultCollection.get_InnerList()
     bei System.DirectoryServices.SearchResultCollection.get_Count()
     bei Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
     bei Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
     bei Microsoft.Crm.SecurityUtils.GetUserId(String domainName, Boolean limitGlobalCatalogSearches)
     bei Microsoft.Crm.Authentication.UserManagementFactory.GetActiveDirectoryInformation(String domainName, Boolean limitGlobalCatalogSearches)
     bei Microsoft.Crm.Authentication.UserManagementFactory.CheckForActiveDirectoryUser(String uniqueName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
     bei Microsoft.Crm.Authentication.UserManagementFactory.ValidateActiveDirectoryUser(String domainName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
     bei Microsoft.Crm.Authentication.UserManagementFactory.CreateUser(IBusinessEntity systemUser, Boolean setupUser, ExecutionContext context)
     bei Microsoft.Crm.ObjectModel.SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext context)
     bei Microsoft.Crm.ObjectModel.OrganizationServiceInternal`1.CreateRootBusiness(IBusinessEntity organization, IBusinessEntity business, IBusinessEntity systemUser, ExecutionContext context)
     bei Microsoft.Crm.Setup.Server.Utility.NewOrgUtility.OrganizationCreateNew(String organizationId, String organizationName, String userAccountName, String userFirstName, String userLastName, String userEmail, String featureSetFile, String languageCode, String privilegedUserGroup, String sqlAccessGroup, String reportingGroup, String privilegedReportingGroup, Boolean grantNetworkServiceAccess, OrganizationResourceHelper orgSettingsHelper)
     bei Microsoft.Crm.Tools.Admin.ProvisionBusinessAction.Do(IDictionary parameters)
     bei Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
  
  08:56:07|   Info| Setting organization state.  New state = Failed
  08:56:07|  Error| Ausnahmefehler beim Erstellen der neuen Organisation (Name=adf61656-a383-e111-bde3-00155d014108, Id=TEST):
  System.Exception: Fehler bei der Aktion Microsoft.Crm.Tools.Admin.ProvisionBusinessAction. ---> System.Runtime.InteropServices.COMException: Eine Referenzauswertung wurde vom Server zurückgesendet.
  
     bei System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
     bei System.DirectoryServices.SearchResultCollection.get_InnerList()
     bei System.DirectoryServices.SearchResultCollection.get_Count()
     bei Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
     bei Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
     bei Microsoft.Crm.SecurityUtils.GetUserId(String domainName, Boolean limitGlobalCatalogSearches)
     bei Microsoft.Crm.Authentication.UserManagementFactory.GetActiveDirectoryInformation(String domainName, Boolean limitGlobalCatalogSearches)
     bei Microsoft.Crm.Authentication.UserManagementFactory.CheckForActiveDirectoryUser(String uniqueName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
     bei Microsoft.Crm.Authentication.UserManagementFactory.ValidateActiveDirectoryUser(String domainName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
     bei Microsoft.Crm.Authentication.UserManagementFactory.CreateUser(IBusinessEntity systemUser, Boolean setupUser, ExecutionContext context)
     bei Microsoft.Crm.ObjectModel.SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext context)
     bei Microsoft.Crm.ObjectModel.OrganizationServiceInternal`1.CreateRootBusiness(IBusinessEntity organization, IBusinessEntity business, IBusinessEntity systemUser, ExecutionContext context)
     bei Microsoft.Crm.Setup.Server.Utility.NewOrgUtility.OrganizationCreateNew(String organizationId, String organizationName, String userAccountName, String userFirstName, String userLastName, String userEmail, String featureSetFile, String languageCode, String privilegedUserGroup, String sqlAccessGroup, String reportingGroup, String privilegedReportingGroup, Boolean grantNetworkServiceAccess, OrganizationResourceHelper orgSettingsHelper)
     bei Microsoft.Crm.Tools.Admin.ProvisionBusinessAction.Do(IDictionary parameters)
     bei Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
     --- Ende der internen Ausnahmestapelüberwachung ---
     bei Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
     bei Microsoft.Crm.Setup.Common.Installer.Install(IDictionary stateSaver)
     bei Microsoft.Crm.Tools.Admin.OrganizationOperation.Install(IDictionary stateSaver)
     bei Microsoft.Crm.Tools.Admin.OrganizationCreator.Install(IDictionary stateSaver)
     bei Microsoft.Crm.Tools.Admin.OrganizationOperation.Execute()
     bei Microsoft.Crm.Tools.Admin.OrganizationCreator.Execute()
     bei Microsoft.Crm.Tools.Admin.CreateOrganizationInstaller.Create(ICreateOrganizationInfo organizationInfo)

  any ideas?

  Wednesday, April 11, 2012 8:05 AM
• 

  

  0

  Sign in to vote

  Hi ToLL_net,

  After setting the preferredDC have you reset IIS? did you do this on all CRM servers if you have more than one?

  If that didn't help, what you need to do is:

  • Run wireshark and capture all the packets when replicating the issue

  Identify the packets that are sending the DNS requests and confirm which servers CRM is using to perform the AD requests.

  Is very possible that they have decommissioned the old DC servers and there is a tombstone record in DNS  that needs to be deleted.

  ---

  Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com

  Wednesday, April 11, 2012 8:19 AM

  Answerer
• 

  

  0

  Sign in to vote

  yes, I did iisreset after setting the PreferredDC. We have only one CRM Server running.

  I will install Wireshark and give it a try. But - if you are right, how is it possible, that I can login to CRM? And when I try to create new user in CRM all user-information like first- lastname, email are retrieved from AD correctly.

  Wednesday, April 11, 2012 10:35 AM
• 

  

  0

  Sign in to vote

  Problem solved - we need to delete TAPI3Directory naming context in our DC. Thanks for help!

  • Marked as answer by toLL_net Tuesday, April 24, 2012 4:53 PM

  Tuesday, April 24, 2012 4:53 PM
• 

  

  0

  Sign in to vote

  Hi

  Please tell me the procedure  "How we  delete TAPI3Directory naming context in our DC"

  please help me ASAP.

  Thanks in Advanced.

  
  

  • Edited by NajeebUllah Tuesday, November 13, 2012 5:29 AM

  Tuesday, November 13, 2012 5:29 AM
• 

  

  0

  Sign in to vote

  i am facing the same error , but TAPI is not exits , could you tell me the thought process , how did you conclude it is TAP issue ? 

  ---

  e-life elife.sy@gmail.com

  Monday, July 13, 2015 8:20 AM