Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Using CrmSvcUtil to generate Dynamics CRM proxy classes from Organization service not threw exception "ID3242: The security token could not be authenticated or authorized." RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi, I am a developer scratching head to figure out what's wrong with the same command I ran only a few weeks ago that worked and now threw this nasty exception:

    C:\Dynamics365Sdk\SDK\Bin>CrmSvcUtil.exe /out:DynamicsCRMProxy.cs /url:https://crm.mycompany.com/devcrm/XRMServices/2011/Organization.svc /domain:mycompany /username:userid /password:pwd /namespace:myns /serviceContextName:DynamicsProxyContext
    CrmSvcUtil : CRM Service Utility [Version 8.2.1.8676]
    c 2015 Microsoft Corporation. All rights reserved

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error: 2 : Source      : System.ServiceModel
    Method  : ReadResponse
    Date    : 9/20/2017
    Time    : 9:41:43 AM
    Error   : ID3242: The security token could not be authenticated or authorized.
    Stack Trace     : at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)
       at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateFederationInternal(AuthenticationCredentials authenticationCredentials)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ClaimsIFDFailOverAuth[T](IServiceManagement`1 servicecfg, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, Int32 depthLevel, Boolean tryNetworkCred)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.CreateAndAuthenticateProxy[T](IServiceManagement`1 servicecfg, Uri ServiceUri, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, String LogString)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.InitCRM2011Service()
    ======================================================================================================================

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error: 2 : Unable to Login to Dynamics CRM
    Unable to Login to Dynamics CRM

    Exiting program with exception: Connection to CRM is not established. Aborting process.
    CrmSvcUtil Error: 2 : Exiting program with exit code 2 due to exception : System.Exception: Connection to CRM is not established. Aborting process.
       at Microsoft.Crm.Services.Utility.SdkMetadataProviderService.LoadMetadata(IServiceProvider service)
       at Microsoft.Crm.Services.Utility.CrmSvcUtil.Run()
       at Microsoft.Crm.Services.Utility.CrmSvcUtil.Main(String[] args)
    CrmSvcUtil Error: 2 : ===== DETAIL ======
    CrmSvcUtil Error: 2 : Source    : CrmSvcUtil
    Method  : LoadMetadata
    Date    : 9:41:43 AM
    Time    : 9/20/2017
    Error   : Connection to CRM is not established. Aborting process.
    Stack Trace     : at Microsoft.Crm.Services.Utility.SdkMetadataProviderService.LoadMetadata(IServiceProvider service)
       at Microsoft.Crm.Services.Utility.CrmSvcUtil.Run()
       at Microsoft.Crm.Services.Utility.CrmSvcUtil.Main(String[] args)
    ==============================================================================================

     The user credential has been verified to be correct. Could this be caused by some recent update to Dynamics365? I did have the latest Dynamics 365 Sdk but I am not involve in Dynamics CRM administration. Only thing I know is we are using the On-Premise version.
    Wednesday, September 20, 2017 2:03 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Steve,

    Can you try specifying the username as either the email or domain\userrname and check

    Chk the following link

    https://community.dynamics.com/crm/b/dynamicscrmpros/archive/2016/03/21/how-to-solve-error-id3242-the-security-token-could-not-be-authenticated-or-authorized-when-connecting-scribe-to-microsoft-dynamics-crm

    Thursday, September 21, 2017 2:37 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Well, as i turned out, this was to do with that our ADFS was upgraded from 2.0 to 3.0 recently, which now requires every username with domain attached.

    This command worked in ADFS 2.0:

    CrmSvcUtil.exe /out:DynamicsCRMProxy.cs /url:https://crm.xcorp.com/mycrm/XRMServices/2011/Organization.svc /domain:xcorp/username:userid password:1234567! /namespace:ns /serviceContextName:DynamicsProxyContext

    But in ADFS 3.0, the same command generated this exception: "ID3242: The security token could not be authenticated or authorized"

    In ADFS 3.0, the userid requires to have domain in it - passing domain to domain switch is not enough!

    Now this works:

    CrmSvcUtil.exe /out:DynamicsCRMProxy.cs /url:https://crm.xcorp.com/mycrm/XRMServices/2011/Organization.svc /domain:xcorp /username:userid@xcorp.com password:1234567! /namespace:ns /serviceContextName:DynamicsProxyContext


    Thursday, September 21, 2017 7:05 PM