Enterprise Search - Unable to connect to Microsoft Dynamics CRM

Apr 24, 2009 at 11:11 PM
I've configured the Enterprise Search accelerator on our MOSS server. It works great from the MOSS server, but from other machines we're getting the error: "Unable to connect to Microsoft Dynamics CRM." The CRM database is on a different server. On the CRM database server, there are errors that say "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

I think what's happening is that our MOSS server is configured to use NTLM authentication instead of Kerberos, so the MOSS website is unable to impersonate the logged on user when requesting data from the CRM database. So I've read up a little on configuring MOSS for Kerberos, and I'm wondering if anyone has some straightforward experience with this. I'm seeing a lot of articles out there about setting SPNs and trust for delegation, etc., and before I go down that road I'm hoping someone has an easier suggestion.

For example, one SharePoint guy I talked to suggested editing the BDC definition file to include the authentication method, or perhaps setting credentials in the connection string in the def file. This would probably be easier, but I'm not sure if that would work either. Anyone have any tips?
Thanks,
Matt Wittemann
CRM MVP

 

Jun 17, 2009 at 7:50 AM

I'm having the same problem, did you find a solution for it?

 

Regards,

Frode

 

Jun 17, 2009 at 2:05 PM

No, I think it's just a matter of setting SharePoint to use Kerberos and setting SPNs/trust for delegation for the servers. I haven't had time to tackle it though since I suspect that making this change to MOSS will have other ramifications, and we have a working MOSS system at this point. I found this article about the steps required for changing MOSS to use Kerberos: http://blogs.msdn.com/martinkearn/archive/2007/04/23/configuring-kerberos-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx

 

Jun 23, 2009 at 1:06 PM

Problems with crawling CRM server.

Coudl this be caused by problems with trus for deleagtion between the varoius server
(3 servers, 1 SQL, 1 CRM, 1 Sharepoint)

Programserveradministrasjonsjobben mislyktes for tjenesteforekomsten Microsoft.Office.Server.Search.Administration.SearchAdminSharedWebServiceInstance (b247b43e-4e74-4d59-8a73-46c4c559bdd2).

Grunn: Access is denied. 

Kundestøtteinformasjon:

System.Runtime.InteropServices.COMException (0x80070005): Access is denied.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

at System.DirectoryServices.DirectoryEntry.Bind()

at System.DirectoryServices.DirectoryEntry.get_IsContainer()

at System.DirectoryServices.DirectoryEntries.CheckIsContainer()

at System.DirectoryServices.DirectoryEntries.Find(String name, String schemaClassName)

at Microsoft.SharePoint.Metabase.MetabaseObjectCollection`1.Find(String name)

at Microsoft.SharePoint.Metabase.MetabaseObjectCollection`1.get_Item(String name)

at Microsoft.SharePoint.Administration.SPProvisioningAssistant.ProvisionIisApplicationPool(String name, ApplicationPoolIdentityType identityType, String userName, SecureString password, TimeSpan idleTimeout, TimeSpan periodicRestartTime)

at Microsoft.SharePoint.Administration.SPMetabaseManager.ProvisionIisApplicationPool(String name, Int32 identityType, String userName, SecureString password, TimeSpan idleTimeout, TimeSpan periodicRestartTime)

at Microsoft.Office.Server.Administration.SharedWebServiceInstance.Synchronize()

at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

Aug 5, 2009 at 10:47 AM

Hi MattHC,

you must do the following actions :

- check authentication on your moss server, kerberos only (administration parameters) like this :

C:\Inetpub\AdminScripts>adsutil.vbs get w3svc/680202/Root/NTAuthenticationProviders
NTAuthenticationProviders       : (STRING) "Negotiate,NTLM"

- check you spn for your moss AND your sql server with the command setspn -l server name (my server is ccidev02 and my moss site named bdc)

C:\>Setspn.exe -l ccidev02
Registered ServicePrincipalNames for CN=CCIDEV02,OU=Serveurs,DC=cci,DC=pri:
    http/bdc
    http/ccidev02
    http/ccidev02.cci.pri

make sure you have your site name in spn list if not type setspn -A http/your_site_name

- check your spn sql server you must have the following line

C:\>Setspn.exe -l cciprod03
Registered ServicePrincipalNames for CN=CCIPROD03,OU=Serveurs,DC=cci,DC=pri:
    MSSQLSvc/CCIPROD03.cci.pri:1433

- check Active directory delegation, to do this open dsa.msc console, edit moss server properties, delegation and add sql server for http and mssqlsvc service.