CRM 2011 – 404 Login Error

Background

  • CRM 2011 with Rollup 18
  • Using an existing CRM 2011 database backup, restore a copy of the database with a new name.
  • Import that database using the Deployment Manager to create a new organisation. The small number of existing users were automatically mapped across to the new organisation.

The Problem

When I attempted to login to the organisation I was presented with the following:

404-Login-Error

I knew the problem wasn’t with the domain account because I could use it to log into other CRM organisations on the same server. I could also login to the newly created organisation with a different domain user; doing this allowed me to confirm that the problem domain account did exist in the list of active users. Something was missing for this user in the new organisation.


The solution

After some digging around I got some pointers to the MSCRM_CONFIG database and the SystemUserOrganizations table, which links your System User to Organisations on your CRM server.

Disclaimer: The steps below interact directly with the CRM databases. If you aren’t familiar with these databases, please do not attempt these steps as many things can go wrong if you make a mistake.

  1. Find the OrganizationId and SystemUserId from the SystemUserBase table in the Organisation database.
  2. Use the following query to identify to which Organisations the account is linked;
    select
    sua.AuthInfo
    ,sua.UserId
    ,suo.CrmUserId
    ,suo.OrganizationId
    from SystemUserAuthentication sua
    inner join SystemUserOrganizations suo on sua.UserId = suo.UserId
    where suo.CrmUserId = '<my-systemuserid>'
    order by suo.OrganizationId, sua.UserId, sua.AuthInfo
  3. Each Organisation should have two entries, one for the Active Directory SID and one for the CRM username. In my case there were only two entries for the original organisation and none for the newly imported organisation.
  4. Create the new entry in the SystemUserOrganizations table to link the existing System User to the newly imported Organisation.
    insert into SystemUserOrganizations (
    CrmUserId
    ,DirectoryObjectId
    ,Id
    ,LastAccessTime
    ,OrganizationId
    ,UniqueifierId
    ,UserId
    ,IsDeleted
    ,IsDisabled
    ,IsLicensed)
    values (
    '<SystemUserId-from-SystemUserBase table>'
    ,NULL
    ,NEWID()
    ,NULL
    ,'<OrganizationId-from-SystemUserBase table>'
    ,NULL
    ,'<UserId-from-SystemUserAuthentication table>'
    ,0
    ,NULL
    ,NULL)
  5. The domain account is now able to access the new organisation.
Advertisements

CRM – Creating report attachments for emails in Workflows

I had been asked by a client to generate a report, based on an Account, attach this report to an email and send this email as part of a workflow. My server setup was fairly standard; separate servers for the CRM front-end, back-end, database and reporting. The workflow would consist of a number of steps:

  1. Create an email entity with the necessary content.
  2. Run some custom workflow code to generate the report with the following Inputs. These would include the Email created as part of Step #1, the Report to generate and attach to the email, the Primary Contact for the Account and the URL to the report server.Custom Step Inputs
  3. Run some additional custom code to send the email with the following inputsCustom Step Inputs

The problem I had to solve was that when I tried to generate the report in code using the ServerReport Render method I would get the following error:

An error has occurred during report processing (rsProcessingAborted)  Cannot create a connection to data source ‘CRM.’ (rsErrorOpeningConnection)  Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).

As it turns out, this KB article gave me the clue to solving the problem. This error occurs in Microsoft Dynamics CRM 2011 because the Microsoft Dynamics CRM Reporting Extensions requires the user’s SystemUserId value as the Log in name and the user’s OrganizationId value as the password. When a report runs inside Microsoft Dynamics CRM, these values are passed automatically. The OrganizationId and SystemUserId can be pulled from the IWorkflowContext interface.  I then needed to get details of the DataSource and apply the credentials. This can be done in a few easy steps:

  1. Use the ServerReport GetDataSources method to retrieve the ReportDataSourceInfoCollection; since my reports only have one DataSource we can just pull the first item from the collection.
  2. Create a DataSourceCredentials object to set the username (SystemUserId), password (OrganizationId) of the DataSource. Add that object to the DataSourceCredentialsCollection.
  3. Use the ServerReport SetDataSourceCredentials method to apply the credentials to the ServerReport.

The code snippet below provides a bit more detail on the information from these steps.

ReportViewer viewer = new ReportViewer();
			
Warning[] warnings;
string[] streamids;
string mimeType;
string encoding;
string fileExt;

ActivityMimeAttachment attachment = new ActivityMimeAttachment()
{
    MimeType = "application/octet-stream",
    FileName = attachmentName
};	

viewer.ServerReport.ReportServerUrl = new Uri(reportServerUrl);
viewer.ServerReport.ReportPath = string.Format(@"/{0}_MSCRM/CustomReports/{1}", organisatioName, reportName);

ReportDataSourceInfoCollection reportDataSources = viewer.ServerReport.GetDataSources();
if (reportDataSources == null || reportDataSources.Count == 0)
{
    throw new InvalidPluginExecutionException(string.Format("The report {0} does not contain a valid datasource", reportName));
}
DataSourceCredentials dsc = new DataSourceCredentials() { Name = reportDataSources[0].Name, Password = organisationId.ToString(), UserId = systemUserId.ToString() };
DataSourceCredentialsCollection dscc = new DataSourceCredentialsCollection();
dscc.Add(dsc);

viewer.ServerReport.SetDataSourceCredentials(dscc);
viewer.ServerReport.SetParameters(reportParams);
viewer.ServerReport.Refresh();

byte[] bytes = viewer.ServerReport.Render("PDF", null, out mimeType, out encoding, out fileExt, out streamids, out warnings);
attachment.Body = Convert.ToBase64String(bytes);

CRM 2011 – Error deserializing XAML

I was experiencing this error when trying to update an existing solution with a new version. It didn’t really tell me much and the changes I had made in this version of the solution were only minor. The other odd thing was that a number of my colleagues using the same CRM server were experiencing other issues performing their own operations. A couple of them were receiving this error:

System.ServiceModel.FaultException: The formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://schemas.microsoft.com/xrm/2011/Contracts/Services:request.

After trying the obvious of restarting services, I decided to turn on the trace functionality in CRM, specifically looking at the Platform_Import category, and ran my import process again. As expected it failed, so I searched the trace file for the error shown in my Import log file – Error deserializing XAML – and further along the error I found this message:

System.IO.FileNotFoundException: Could not load file or assembly ‘Microsoft.SharePoint.Client.ServerRuntime, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c’ or one of its dependencies

I have come across this error before when using other assembly’s with CRM so the solution was to add the missing assembly to the CRMWeb\bin folder on the CRM web server. This time, running the import again successfully updated the solution as well as solving other problems that were being experienced by my colleagues using the same server.

CRM 2011 Workflow Registration: Access Denied

During a deployment of a custom workflow to a CRM 2011 server I started to encounter errors in the plugin registration process. The Workflow Assembly would register with CRM but the Workflow activity registration would fail. I would get the following error

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Exception retrieving custom activity info - Could not load file or assembly 'Microsoft.Crm, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Access is denied.

The CRM server I was deploying to was shared with a number of other developers and this particular server had been experiencing other issues during the day. Once the server had been stabilised and the organisations were working once more I found I was still encountering the same issues. I was using the Plugin registration tool, was connected as the CRM Administrator to perform my deployments but it was still telling me that my access was denied.

It turns out that the Server/bin folder on the CRM server was missing some permissions which was why I was getting the Access Denied message. In particular, the CRMServer\User group was missing and once I had reinstated it my Workflows would register the assembly and custom activities successfully.

CRM Anywhere

Ever wondered what CRM would like on an iPad? Your wait may soon be over …

http://crm.dynamics.com/en-us/roadmap

CRM 2011 Email Router & Exchange 2010

As with all things technological the CRM Email Router I have been working with got upset when our Exchange Server  was upgraded from 2007 to 2010. After making the required changes to the Incoming Configuration for the new Exchange server I went to check the configuration using the Test Access option in the Configuration Manager. I ended up with this error;

“Incoming Status: Failure – The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel”

Which pointed me to this KB article about the problem. I could see the problem if I navigated to the Exchange web service listed in my Incoming Configuration – https://<my.exchange.server>/EWS/exchange.asmx – as I was presented with an Invalid Certificate notification.

The change in Exchange Server meant a new Certificate was issued for the new server and this needed to be installed on my CRM Email Router machine, making sure it was added to the Trusted Root Certification Authorities section. Since the certificate cannot be validated by Windows you do get a security warning, but since I know it comes from valid authority (the Exchange Server) I can install it and everything is back to normal.

CRM 2011 Email Router : System.ServiceModel.Channels.ReceivedFault

Having installed the CRM 2011 Email Router on the server and configured the Incoming and Outgoing server options when I came to ‘Test Access’ I got the following error in both test results:

Incoming Status: Failure - Type 'System.ServiceModel.Channels.ReceivedFault' in Assembly
'System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' 
is not marked as serializable.

To solve this problem I had to do two things:

  1. I changed the router service account (the account that is configured to run the email router service) to a valid domain user.
  2. Since I was using the Access Credentials of Other Specified for the profiles the router service account needed to be added to the PrivUserGroup.

Once I had made these changes and restarted my CRM Email Router Service then the Test Access dialog indicated that both Incoming and Outgoing profiles had succeeded.