There is a problem communicating with the Microsoft Dynamics CRM Server– Outlook 2010 through VPN –System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

Hi,

Today I was trying to connect CRM Outlook Client with Dynamics CRM 2011 through VPN and got the typical "There is a problem communicating with the Microsoft Dynamics CRM Server...." error.

I clicked on the “View log” link at the end of this “friendly message”, and the log pointed me to the following problem:

Microsoft.Crm.CrmException: Logon failed because credentials are invalid ---> Microsoft.Crm.Passport.IdCrl.IdCrlException: GetAuthState() - Request Status:
   at Microsoft.Crm.Passport.IdCrl.OnlineServicesFederationLogOnManager.LogonOrgId(String policy, String partner, LOGON_FLAG logonFlag)

Now, I found this error pretty odd as it was an On-premises deployment and not Online. Seems it was not the actual error for me. Obviously I tried it via Internet Explorer and it worked fine..

So, I decided to open Microsoft Dynamics Diagnostics tool in my client machine and turn on Tracing (which is much more trustworthy)! (Start –> All Programs –> Microsoft Dynamics CRM 2011 –> Diagnostics).

SNAGHTML8c49f96

Then, run Configuration Wizard again and reproduce the error. Now you will find a new file in the following folder: C:\Users\<user>\AppData\Local\Microsoft\MSCRM\Traces

where <user> = current logged in user in the system

[Problem]

Once opened the tracing file found out the actual cause of the problem which was the following one:

Exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
   at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

 

[Solution]

As I was connecting through VPN and I was outside the company domain, my problem was with Windows Credentials, where credentials were stored for that web url.

So, the steps I followed to solve this problem were:

  1. Close Configuration Wizard.
  2. Open Windows Credentials store (Control Panel –> Credential Manager)
  3. Look for the credentials associated to the organization Url. (typically found under the convention “Microsoft_CRM_http://server:port)
  4. DELETE that record.
  5. Close Windows Credentials
  6. CLOSE Internet Explorer if opened
  7. Open Internet Explorer again
  8. Navigate through the organization Url, credentials will be prompted
  9. Specify the credentials in the format “domain\user” for the username part.
  10. You should be able to enter CRM and work with it in IE.
  11. Now, open again Configuration Wizard
  12. In the Server URL field write http://server:port (where server = your CRM server name and port the specific port if need, i.e. 5555). Do NOT include the name of any oranization here.
  13. Click on “Test Connection..”
  14. You should be able to get through CRM server successfully and choose the organization to connect to from Outlook.

Hope it helps to save somebody else’s time,

Regards,

PP [twitter: @pabloperalta]

UruIT Dynamix | #1 in Dynamics CRM Nearshoring Services.

Co-author The CRM Field Guide

clip_image023logo_crmGamified_invert

1 Comment

  • Hola @Calipso.
    Tienes el Trace? Cual es el error que te aprece en el trace?
    Desde adentro de la empresa se puede acceder perfectamente?
    Si el CRM está en un puerto diferente al 80, comprobaron que no sea un tema de firewall que pueda estar bloqueando?
    saludos,
    PP

Comments have been disabled for this content.