?
Solved

No users can log into Microsoft Dynamics CRM 2011 (on premise)

Posted on 2014-10-21
16
Medium Priority
?
518 Views
Last Modified: 2014-10-22
Hello experts,

One of our clients has an urgent situation, they are not able to log into Microsoft Dynamics CRM. Everything worked fine yesterday. They log in through IE and are prompted for a password. When they enter their password it is rejected (No error message). It seems somehow they have all lost permission to log in. Where do I check / set their permissions?
0
Comment
Question by:Mark Rohrbeck
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
16 Comments
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40394875
In On-premise CRM users are authenticated using their Active Directory account. The URL for the CRM website should be in the Trusted Sites or Local Intranet Zone in IE so that they are not prompted for a username.

Are you using an Internet-facing deployment?
0
 

Author Comment

by:Mark Rohrbeck
ID: 40394929
The users log in via IE with an internal URL. There is one user that logs in via an external URL. Neither of these are working. I have confirmed the site is added to trusted zone. Still rejects the password. They have SBS2011 and Server 2008 R2. The Server 2008 R2 hosts the SQL and IIS for CRM. When I try authenticate locally from the server I get the same problem. Will post screenshot.
Capture.PNG
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40394973
I see you are using https for the URL. Is it possible that the SSL certificate for the CRM web site has expired?

I recently had this issue with someone that was using an Internet-facing deployment with ADFS and no-one could log in when the SSL certificate expired. But the expiry problem would apply even if you are not using an IFD.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Mark Rohrbeck
ID: 40394983
I guess that is possible, this is a client that I took over so I am still getting a handle on the CRM setup. Where would I check for the expired cert?
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40394991
In IIS, on the Windows server where the CRM web site is installed (where the CRM server software is installed).
0
 

Author Comment

by:Mark Rohrbeck
ID: 40395023
Looks like the certificate is still valid. I get this error from a client machine when I cancel out the password prompt:

HTTP Error 401 - Unauthorized: Access is denied

<html><body><p>
An error has occurred.
<br/><br/>
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization&#39;s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.
</p></body></html>
0
 

Author Comment

by:Mark Rohrbeck
ID: 40395084
Definitely looks like some permission issue on the server side. When I try run a repair on the CRM server I get the attached error. Any idea on what permissions to add where?
Capture.PNG
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40395112
The logged on user needs to be a member of the Administrator group on the computer where SQL Server is installed and be a member of the sysadmin role in SQL Server.
0
 
LVL 10

Expert Comment

by:tmoore1962
ID: 40395222
Since SBS probably self sign certs and they've expired?  Check certs on IIS may need to run the connection wizard again to renew the SBS certs.
0
 

Author Comment

by:Mark Rohrbeck
ID: 40395266
Where exactly in IIS do I check the certs and how do i run connection wizard?, when I checked the cert in IE it said it expires in 2016.
0
 

Author Comment

by:Mark Rohrbeck
ID: 40395289
FYI, I got the CRM server repair to sun successfully however that did not help. . . Here is a screenshot of the certificate from Firefox
Capture.PNG
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40395376
Well I guess the certificate is ok. Please check if an internet-facing deployment is configured. You can check this in CRM deployment manager on the server. If it is there may be an issue with ADFS.
0
 

Author Comment

by:Mark Rohrbeck
ID: 40395468
Yes there is an internet facing deployment configured. Any idea on troubleshooting ADFS, it is ver 2.0
0
 

Author Comment

by:Mark Rohrbeck
ID: 40395560
Even when I browse https://localhost:444/ i get the password prompt that does not accept my password.
0
 
LVL 30

Accepted Solution

by:
Feridun Kadir earned 2000 total points
ID: 40396805
Troubleshooting ADFS can be tricky. ADFS also uses SSL certificates but it uses its own certificates which are automatically renewed but there can be a problem.  I wonder if you have the problem described in this link http://support.microsoft.com/kb/2686840 - this is something I have also experienced.
0
 

Author Comment

by:Mark Rohrbeck
ID: 40397735
Feridun,

I finally resolved this issue. The issues was between the update messing up my stored procedures and the ADFS issue you described above so I will accept that as a solution. Thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question