No users can log into Microsoft Dynamics CRM 2011 (on premise)

Hello experts,

One of our clients has an urgent situation, they are not able to log into Microsoft Dynamics CRM. Everything worked fine yesterday. They log in through IE and are prompted for a password. When they enter their password it is rejected (No error message). It seems somehow they have all lost permission to log in. Where do I check / set their permissions?
Mark RohrbeckOwner - Celera IT ServicesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Feridun KadirPrincipal ConsultantCommented:
In On-premise CRM users are authenticated using their Active Directory account. The URL for the CRM website should be in the Trusted Sites or Local Intranet Zone in IE so that they are not prompted for a username.

Are you using an Internet-facing deployment?
0
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
The users log in via IE with an internal URL. There is one user that logs in via an external URL. Neither of these are working. I have confirmed the site is added to trusted zone. Still rejects the password. They have SBS2011 and Server 2008 R2. The Server 2008 R2 hosts the SQL and IIS for CRM. When I try authenticate locally from the server I get the same problem. Will post screenshot.
Capture.PNG
0
Feridun KadirPrincipal ConsultantCommented:
I see you are using https for the URL. Is it possible that the SSL certificate for the CRM web site has expired?

I recently had this issue with someone that was using an Internet-facing deployment with ADFS and no-one could log in when the SSL certificate expired. But the expiry problem would apply even if you are not using an IFD.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
I guess that is possible, this is a client that I took over so I am still getting a handle on the CRM setup. Where would I check for the expired cert?
0
Feridun KadirPrincipal ConsultantCommented:
In IIS, on the Windows server where the CRM web site is installed (where the CRM server software is installed).
0
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
Looks like the certificate is still valid. I get this error from a client machine when I cancel out the password prompt:

HTTP Error 401 - Unauthorized: Access is denied

<html><body><p>
An error has occurred.
<br/><br/>
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization&#39;s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.
</p></body></html>
0
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
Definitely looks like some permission issue on the server side. When I try run a repair on the CRM server I get the attached error. Any idea on what permissions to add where?
Capture.PNG
0
Feridun KadirPrincipal ConsultantCommented:
The logged on user needs to be a member of the Administrator group on the computer where SQL Server is installed and be a member of the sysadmin role in SQL Server.
0
tmoore1962Commented:
Since SBS probably self sign certs and they've expired?  Check certs on IIS may need to run the connection wizard again to renew the SBS certs.
0
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
Where exactly in IIS do I check the certs and how do i run connection wizard?, when I checked the cert in IE it said it expires in 2016.
0
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
FYI, I got the CRM server repair to sun successfully however that did not help. . . Here is a screenshot of the certificate from Firefox
Capture.PNG
0
Feridun KadirPrincipal ConsultantCommented:
Well I guess the certificate is ok. Please check if an internet-facing deployment is configured. You can check this in CRM deployment manager on the server. If it is there may be an issue with ADFS.
0
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
Yes there is an internet facing deployment configured. Any idea on troubleshooting ADFS, it is ver 2.0
0
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
Even when I browse https://localhost:444/ i get the password prompt that does not accept my password.
0
Feridun KadirPrincipal ConsultantCommented:
Troubleshooting ADFS can be tricky. ADFS also uses SSL certificates but it uses its own certificates which are automatically renewed but there can be a problem.  I wonder if you have the problem described in this link http://support.microsoft.com/kb/2686840 - this is something I have also experienced.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mark RohrbeckOwner - Celera IT ServicesAuthor Commented:
Feridun,

I finally resolved this issue. The issues was between the update messing up my stored procedures and the ADFS issue you described above so I will accept that as a solution. Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Dynamics

From novice to tech pro — start learning today.