locked
CRM for Outlook 2007 not connecting to CRM 2011 Server over VPN RRS feed

  • Question

  • Hi,

     

    I have an issue with connecting CRM for oulook on outlook 2007 over VPN to connect to CRM 2011. I do give the Server URL as http://pgcvmcrm:5000 [Curerntly not on HTTPS] and it gives an erro that "There is a problem communicating with the Microsoft Dynamics CRM Server...." Please find below the log generated in the client log file.

    22:27:13|   Info| === Microsoft Dynamics CRM for Outlook Configuration Wizard logging started: 3/25/2011 10:27:13 PM ===
    22:27:13|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ClientConfig.Initialize
    22:27:13|   Info| Client Configuration Wizard Version      : 5.0.9688.583
    22:27:13|   Info| Client Configuration Wizard LanguageID   : 1033
    22:27:13|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.Validator.IsOutlookInitialized
    22:27:13|   Info| Query all rows in profile table
    22:27:13|   Info| Outlook is  initialized
    22:27:13|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.Validator.IsOutlookInitialized
    22:27:13|   Info| Client Configuration Wizard Running Mode : Normal
    22:27:13|   Info| Configuration file Type : OnPremise.
    22:27:13|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.MainForm.MainForm
    22:27:13|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.ConfigInfo
    22:27:13|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetAvailableServiceIds
    22:27:19|   Info| Logon mapi store
    22:27:19|   Info| Logon admin service
    22:27:19|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetServiceIds
    22:27:19|   Info| Query all rows in msg service table
    22:27:19|   Info| Adding service id : {13a10dd4-e6aa-406c-bc20-3b8350043e4c}
    22:27:19|   Info| Adding service id : {2ff1f35d-2b1b-4a26-8ccf-d26378073c4c}
    22:27:19|   Info| Adding service id : {e0adebba-66c5-4378-84cd-0ac725a40bbf}
    22:27:19|   Info| Adding service id : {e53c3a57-edbf-463b-b159-96b79b324498}
    22:27:19|   Info| Adding service id : {47a92269-3e74-4e5a-ab8b-a2c467d425d2}
    22:27:19|   Info| Adding service id : {035f28f0-04d3-406f-9dbe-bda6c067485e}
    22:27:19|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetServiceIds
    22:27:19|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.RemoveOrphanDatastoreIfNeeded
    22:27:24|   Info| Logon mapi store
    22:27:24|   Info| Logon admin service
    22:27:24|   Info| Query crm msg services in msg service table.
    22:27:24|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.RemoveOrphanDatastoreIfNeeded
    22:27:24|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.ConfigInfo
    22:27:24|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.MainForm.MainForm
    22:27:24|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.MainForm.MainForm_Shown
    22:27:24|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.MainForm.AddServer
    22:27:24|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.ServerForm
    22:27:24|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.ServerForm
    22:27:24|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.SetUIData
    22:27:24|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadAvailableUrls
    22:27:24|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadAvailableUrls
    22:27:24|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.SetUIData
    22:27:37|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm._testConnectionButton_Click
    22:27:37|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.TestConnection
    22:27:37|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.TestConnection
    22:27:37|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm._testConnectionButton_Click
    22:27:38|  Error| Error connecting to URL: http://pgcvmcrm:5000/XRMServices/2011/Discovery.svc Exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
       at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
       at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
       --- End of inner exception stack trace ---

    Server stack trace:
       at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
       at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
       at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
       at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
       at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)
       at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)
    22:27:38|  Error| Exception : The caller was not authenticated by the service.
    Server stack trace:
       at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
       at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
       at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
       at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)
       at Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadOrganizations(Boolean forceUI)
       at Microsoft.Crm.Application.Outlook.Config.ServerForm.<InitializeBackgroundWorkers>b__0(Object sender, DoWorkEventArgs e)
       at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
       at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
    22:27:38|  Error| Exception : The request for security token could not be satisfied because authentication failed.    at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
       at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

    when i try connecting through the broswer it prompts me for username and password and i am ble to login successfuly through IE over VPN.

    Hope someone can help me out in resolving this issue.

    Regards

    Rajesh

    Friday, March 25, 2011 6:35 PM

Answers

  • Rajesh, If you're connecting to CRM Server over VPN with no access to Active Directory and deployment is not claims-enabled, you would probably need to cache domain credentials in credential manager.

    Could you please try it? In Windows 7 the steps would be as follows (might differ a little for Vista or XP)

    1. Go to Control Panel
    2. Select User Accounts -> Manager Your Credentials
    3. Under Windows Credentials select 'Add a Windows credential
    4. Enter address pgcvmcrm (no need to add http)
    5. Enter your domain username and password
    Monday, March 28, 2011 5:20 PM

All replies

  • If using the 4.0 client is it at least rollup 7? 

    Did you consult the implementation guide instructions

    http://technet.microsoft.com/en-us/library/gg554865.aspx

    If you are using IFD you need to choose online it seems per the link I sent you. (exerpt below)

    Only users of Microsoft Dynamics CRM for Outlook who will access Microsoft Dynamics CRM remotely over the Internet, without using a VPN connection, should select CRM Online. Selecting this option enables you to configure Microsoft Dynamics CRM for Outlook remotely without being logged in to a domain, provided that the Microsoft Dynamics CRM Server 2011 is configured for Internet-facing deployment (IFD).

     


    Jamie Miley
    http://mileyja.blogspot.com
    Linked-In Profile
    Follow Me on Twitter!

    Friday, March 25, 2011 6:55 PM
    Moderator
  • Hi Rajesh, This is a common problem in CRM 2011. In previous version 4.0 you don't have to put your organization name during the CRM Outlook Client configuration but in 2011 it's needed. Start configuration once again and enter server name with port and organization name and should work. KG
    My Dynamics CRM Blog: http://bovoweb.blogspot.com
    Friday, March 25, 2011 7:01 PM
  • So, to be clear, he is suggesting http://org.servername.com:port (port is optional if it is the default port, but if your case above it would be 5000)

     

    Good luck!


    Jamie Miley
    http://mileyja.blogspot.com
    Linked-In Profile
    Follow Me on Twitter!
    Friday, March 25, 2011 9:00 PM
    Moderator
  • Hi,

    As i said ealrilier i am on vpn connecting t the CRM server. I have not configured IFD on my crm server with AFS. Even certificate [https] is also not installed

    My laptop from where i am connecting is not on the same domain but on workgroup.

    I am configuring the crm 2011 client for outlook 2007 when it asks for the Server URL where i have tried all teh combinations below

    My company domain is platco.com and i have mad the below FQDN entries pointing to the local ip address of my CRM server by placing these entries in the Hosts file.

    http://pgcvmcrm:5000 [local name of crm server]

    http://crm.platco.com:5000 [fqdn for my crm server defualt web site]

    http://org.platco.com:5000 [fqdn for my organization]

    http://crmroot.platco.com:5000 [crmroot is my org name]

    and all of these dont work for me.

    Also on the client while configuring it gives me the option to enter the server URL first and the orgnization name option is greyed out which is belive should be enabled if the server connection is right.

    hope someone could throw more light on this. 

    Regards

    Rajesh


    Saturday, March 26, 2011 2:46 AM
  • I have one other idea.

    In a couple other client applications that touch web services (and the outlook client does) I have gotten around connection issues in CRM by fixing the time and date settings on either the server or the client workstation.  Basically, are the times in sync? and are the correct timezones selected on each machine.  It seems like if the client and server are off by even a couple minutes it can cause issues.

    If you find that either the timezones are wrong or else the clocks are off by any sizable degree, fix them, and then close and reopen outlook on the client and try to configure the outlook client again.

    I brought this up in a blogpost recently:

    http://mileyja.blogspot.com/2011/03/fixed-microsoft-crm-2011-wcf-timing.html

     

     


     


    Jamie Miley
    http://mileyja.blogspot.com
    Linked-In Profile
    Follow Me on Twitter!
    Sunday, March 27, 2011 12:28 AM
    Moderator
  • Rajesh, If you're connecting to CRM Server over VPN with no access to Active Directory and deployment is not claims-enabled, you would probably need to cache domain credentials in credential manager.

    Could you please try it? In Windows 7 the steps would be as follows (might differ a little for Vista or XP)

    1. Go to Control Panel
    2. Select User Accounts -> Manager Your Credentials
    3. Under Windows Credentials select 'Add a Windows credential
    4. Enter address pgcvmcrm (no need to add http)
    5. Enter your domain username and password
    Monday, March 28, 2011 5:20 PM
  • Is this error produced only on clients accessing CRM trough VPN, or you can test the behavior of domain clients within lan, to see if that works?
    Tuesday, March 29, 2011 8:25 AM
  • Hi Rajesh,

     

                  I am also having same problem. Have you solved this issue? I have tried the suggested solution by Alex, but still no success..


    Guru Prasad
    Thursday, July 21, 2011 6:35 AM
  • I've the same issue:

    Exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service (in an IFD under MS CRM 2011)

    Over WEB the access works via https://<OrgName>.<CRM Server>:444 fine.

    Does anyone solves this issue???

    Thursday, August 18, 2011 12:37 PM
  • Error connecting to URL: https://<OrgName>.<CRM Server>:444/XRMServices/2011/Discovery.svc Exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

       at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)

       at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

    Thursday, August 18, 2011 1:43 PM
  • Did anyone get a resolution to this - I'm trying to connect to IFD through Outlook but its not picking up the server - the urld's work fine in IE.

     

    Thanks

    Thursday, December 1, 2011 9:11 PM
  • I have the same problems. I can not connect via Outlook 2007, but with IE it works perfectly via VPN-tunnel. I already tried to cache domain credentials in credential manager, I opened up port 8064, I even deactivated the fire-wall for 5 minutes, just to test whether its because that...



    it seems: Only the direct URL in Internet Explorer works:

    http://servername:5555

    (before it was: http://servername.domain.local:5555 but I already edited the Windows Host file, so I can omit (.domain.local)

    if somebody of you has another input, please tell me! I will be happy about any hint! :)

    Cheers,
    Dan

    Wednesday, August 8, 2012 12:33 PM
  • just a quick update:

    I talked with a coworker and we are now sure, that it is NOT some setting of CRM or Outlook, but of the VPN of the customer. It seems, the VPN tunnels to a different Domain (outside the CRM-Domain).

    When we solved it, I will tell you what it was.

    Cheers,
    Dan

    Thursday, August 9, 2012 12:47 PM
  • Did you get a resolution Dan?
    Monday, November 19, 2012 9:38 AM
  • Hi,
    In my case, problem was related to Windows Credentials, similar solution as Alex.

    I just blogged about the steps that worked for me here:

    http://weblogs.asp.net/pabloperalta/archive/2012/12/12/there-is-a-problem-communicating-with-the-microsoft-dynamics-crm-server-outlook-2010-through-vpn-system-servicemodel-faultexception-the-request-for-security-token-could-not-be-satisfied-because-authentication-failed.aspx 

    Hope it helps,
    PP


    Microsoft MVP Dynamics CRM | My Twitter: http://twitter.com/pabloperalta | My blog: http://weblogs.asp.net/pabloperalta | Blog en Español: http://wwww.elblogdedynamicscrm.com

    Wednesday, December 12, 2012 3:20 AM