Tuesday, October 13, 2009

Last week I had 401.5 error when browsing CRM4 on IIS7 using a host header and was very lucky to have our internet network adminstrator Zubair to resolve this issue for me. Basically, this is what he did.

1.) We checked the spn (use Windows Support Tool) and the service account was associated with all the host headers correctly. Checked CRM website NTAuthenticationProviders (use IISMetaBaseExplorer) and it was setup correctly. Then use Microsoft Network Monitor 3.3 to monitor http traffic from the client and filtered for kerberosv5 error, found KRB_ERR_RESPONSE_TOO_BIG(52). Follow http://support.microsoft.com/kb/244474/en-us and added MaxPacketSize attempt to resolve the issue, did not help

2) Added BackConnectionHostNames regkey as per http://support.microsoft.com/kb/926642 , able to browse crm using host header mscrm from crm server itself. Still having 401.5 error when browsing host header from LAN.

3) Removed and re-added setspn -A http://mscrm crmserver_name

4) Forced Windows Authentication using NTLM by the following 2 cmd line
appcmd set congif /section:windowsAuthentication /enabled:true
appcmd set config /sectionLwindowsAuthentication /-providers.[value='Negotiate']

Finally got around the 401.5 error! Very happy now. What a great start of a week!

Wednesday, October 7, 2009

CRM4 Installation error parsing config file

Installed Microsoft Dynamic CRM4 (64bit) on Windows Server 2008, IIS7, SQL 2005, SSRS2008, ISA2006 environment with IFD enabled using a config file last week and experienced a few errors:

1. Error parsing config file - The config file was very simple. I pretty much just copied and pasted the parameters from the implementation guide. Found out to be the actual copy and paste caused the problem. When copy and past from Microsoft Word document to notepad, it did not translate the " properly. Replaced all the funny " from the config.xml file, re-ran the installation, this error did not pop up again.

2. Error Active Directory groups and an organisational unit cannot be specified in the configuration file - found out to be I don't need to use the Active Directory group parameter if the security groups are pre-created. Removed the parameter referencing to the Active Directory groups resolved this problem.

3. Followed every word on KB950100 and avoided 7 potential errors listed on the article.

4. After the installation, had a blank crm web.config file. Backed up the web.config, copied from another web.config from the CRM4 Demo VPC and it worked.

5. IIS error 401.5 when browsing CRM using a host header. Still troubleshooting this issue. Confirmed it is not related to NTAuthenticationProviders, setspns. Performed a Network Monitor trace, found to be Response Too Big for UDP. Will let you know later when this is resolved.