Last week I had 401.5 error when browsing CRM4 on IIS7 using a host header and was very lucky to have our internet network adminstrator Zubair to resolve this issue for me. Basically, this is what he did.
1.) We checked the spn (use Windows Support Tool) and the service account was associated with all the host headers correctly. Checked CRM website NTAuthenticationProviders (use IISMetaBaseExplorer) and it was setup correctly. Then use Microsoft Network Monitor 3.3 to monitor http traffic from the client and filtered for kerberosv5 error, found KRB_ERR_RESPONSE_TOO_BIG(52). Follow http://support.microsoft.com/kb/244474/en-us and added MaxPacketSize attempt to resolve the issue, did not help
2) Added BackConnectionHostNames regkey as per http://support.microsoft.com/kb/926642 , able to browse crm using host header mscrm from crm server itself. Still having 401.5 error when browsing host header from LAN.
3) Removed and re-added setspn -A http://mscrm crmserver_name
4) Forced Windows Authentication using NTLM by the following 2 cmd line
appcmd set congif /section:windowsAuthentication /enabled:true
appcmd set config /sectionLwindowsAuthentication /-providers.[value='Negotiate']
Finally got around the 401.5 error! Very happy now. What a great start of a week!
This post has a lot of importance to the people and I got some useful information from your blog. I hope you can continue to inspire and post more of this.
ReplyDeleteSharepoint Online Training | Microsoft Dynamics CRM Online Training