locked
CRM 4 - An error has occured when changind App Pool from netwrok service to domain user RRS feed

  • Question

  • Looking after an old install of CRM 4.

    It was done with the App Pool set to NetworkService.

    We have added an ISV web page which accesses a database,  This does not work and has highlighted that we probably need to change the App Pool user to a domain user to allow all the different parts of the application to talk properly.

    We have the CRM Admin user account and have used setspn to set up the user SPN.

    However, when we change the App Pool account to this user, we get the very helpful "An error has occurred." message for all users trying to log in to the system and have had to change it back to NetworkService.

    Any ideas on what we have missed?

    Monday, December 6, 2010 12:30 PM

Answers

  • Is there anything stored in the Application Log on the CRM server? If not you might need to tun on tracing to find out what's going wrong. I think it's likely to be a permissions problem though. Is the user a member of both the SQL and CRM server local administrators groups and also a member of the SQL Server administrator group?  Does the user have permission to AD?

    Check this article for the minimum permissions required.

    Cheers, Neil.


    Neil - My CRM Blog
    Monday, December 6, 2010 12:45 PM
  • In addition to the posts above, the account that is the identity of the CrmAppPool will need to be in the AD groups PrivUserGroup and SqlAccessGroup
    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Wednesday, December 8, 2010 9:33 PM
    Moderator

All replies

  • Is there anything stored in the Application Log on the CRM server? If not you might need to tun on tracing to find out what's going wrong. I think it's likely to be a permissions problem though. Is the user a member of both the SQL and CRM server local administrators groups and also a member of the SQL Server administrator group?  Does the user have permission to AD?

    Check this article for the minimum permissions required.

    Cheers, Neil.


    Neil - My CRM Blog
    Monday, December 6, 2010 12:45 PM
  • Checked that the user has been added to the Local Admin groups on both servers.  Checked that the user has been added to SQL Server Admin group.  User has been added to the AD group and retested.  Still the same problem.

    I will investigate turning tracing on, will read throught the article you supplied and get back to you.

    Cheers.

    Tuesday, December 7, 2010 11:40 AM
  • Hi,

    Have you added the user to the IIS_WPG on the web application server.?

    If still getting same error after iisreset, try running aspnet_regiis with the -ga flag (ie. mydomain\setspn). This explicitly grants the app pool user some permissions that should be granted by the above role memberhip.

    Hope it helps,

    PP


    Microsoft MVP Dynamics CRM | My Twitter: http://twitter.com/pabloperalta | My blog: http://weblogs.asp.net/pabloperalta
    Wednesday, December 8, 2010 4:23 PM
  • In addition to the posts above, the account that is the identity of the CrmAppPool will need to be in the AD groups PrivUserGroup and SqlAccessGroup
    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Wednesday, December 8, 2010 9:33 PM
    Moderator
  • Did this and, in combination with the other tips above, it now works.

    Friday, December 10, 2010 9:09 AM
  • Managed to turn on tracing (very convoluted having to edit the registry rather than just flick a switch through the application).

    Didn't help me hugely although I am seeing some errors in there that need to be addressed that I wouldn't have otherwize known about.

    Checked through all the groups and settings and in combination with some of the other tips things are now working again.

    Friday, December 10, 2010 9:13 AM