[In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: twitter.com/pabloperalta] November 2011 - Posts - Pablo Peralta's Blog

November 2011 - Posts

Error “Unable to obtain DNS hostname of Active Directory domain controller with ntdsa object name..” when opening CRM Deployment Manager

Hi,

Just came up with this same error twice so I decided to share what worked for me in both cases.

 

[ERROR]

After installing Dynamics CRM, when opening Deployment Manager, the following Exception arises: “Unable to obtain DNS hostname of Active Directory domain controller with ntdsa object name …

 

mmc

Stack trace

Unable to obtain DNS hostname of Active Directory domain controller with ntdsa object name "CN=NTDS Settings,CN=CRM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com".
Exception type:
System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException
at System.DirectoryServices.ActiveDirectory.Utils.GetReplicaList(DirectoryContext context, String partitionName, String siteName, Boolean isDefaultNC, Boolean isADAM, Boolean isGC)
at System.DirectoryServices.ActiveDirectory.DomainController.FindAllInternal(DirectoryContext context, String domainName, Boolean isDnsDomainName, String siteName)
at System.DirectoryServices.ActiveDirectory.Domain.get_DomainControllers()
at Microsoft.Crm.Admin.AdminService.ConfigDBSecurity.SystemUserService.QueryDomainControllers(Domain currentDomain, String accountName)
at Microsoft.Crm.Admin.AdminService.ConfigDBSecurity.SystemUserService.GetCaseSafeName(String domain, String accountName)
at Microsoft.Crm.Admin.AdminService.ConfigDBSecurity.SystemUserService.GetCaseSafeName(String name)
at Microsoft.Crm.Admin.AdminService.ConfigDBSecurity.SystemUserService.GetIdsFromName(String userName)
at Microsoft.Crm.Admin.AdminService.ConfigDBSecurity.SecurityRoleService.TryVerifyUser(String userName, SecurityRole role)
at Microsoft.Crm.Tools.Admin.SystemUserController.TryVerifyUser()
at Microsoft.Crm.Tools.Admin.DMSnapInHelper.DisplayMessageBoxIfCurrentUserIsNotSystemUser(Console console)
at Microsoft.Crm.Tools.Admin.DMSnapIn.OnInitialize()
at Microsoft.ManagementConsole.SnapInBase.Initialized()
at Microsoft.ManagementConsole.Internal.SnapInClient.Microsoft.ManagementConsole.Internal.ISnapInClient.Initialize(ISnapInPlatform snapInPlatform)
at Microsoft.ManagementConsole.Executive.SnapInInitializationOperation.OnStart()
at Microsoft.ManagementConsole.Executive.RunningOperationsTable.EnqueueOperation(Operation operation)
at Microsoft.ManagementConsole.Advanced.FrameworkSnapInFactory.Microsoft.ManagementConsole.Advanced.ISnapInFactory.CreateSnapIn(Int32 bookkeepingId, String snapInKey, Object& snapIn)

After closing the above window, the following error comes up and the MMC snap-in unloads:

 

mmc2

[SOLUTION]

What worked for me is to add the Preferred Domain Controller  value to MS CRM registry entries:HKLM\Software\Microsoft\MSCRM

For doing so, follow the next steps:

  • Step 1. Right Click and click on NewString value as "PreferredDc"
  • Step 2. Add the value to PreferredDc is YourDomainControllerName you can find this in your AD by typing the command in your cmd prompt echo %logonserver%

Hope it saves you some time,

PP [twitter: @pabloperalta]

Posted Wednesday, November 30, 2011 12:09 AM by pablop | 9 comment(s)
Filed under: , , ,

Error “The signed-in user does not have the appropriate security permissions to view these records or perform the specific action” while setting up dynamics crm outlook client

Hi,

While setting up CRM 2011 Outlook Client I came across the following error:

“The signed-in user does not have the appropriate security permissions to view these records or perform the specific action..”

image

As I could fine almost no information about this issue I decided to share here the steps I went through to sort this out:

 

  • Downloaded CrmDiagTool 2011 from here.
  • Run the tool and Enable Tracing.

image

  • Tried again Configuration Wizard in order to reproduce the error.
  • Once reproduced, I disabled tracing and then click on “Open Trace Directory” within the CRMDiagTool (usually, it will be folder “C:\Program Files\Microsoft Dynamics CRM\Trace”).
  • Opened last modified file with the name “xxx-CRMWeb-xxx” and search for “Checking Privilege” text.

I got several results similar to:

Checking Privilege for UserId: {FB5B699E-754E-46F2-AAD9-2AA98304ECB7}, PrivilegeId: {94C3AC2C-EB23-41CB-A903-4E2E49E910B4}. Returned hr = 0

  • Copied the PrivilegeId GUID.
  • Then, opened SQL Server Management Studio and run the following query against your Organization DB:

select Name,  * from PrivilegeBase where PrivilegeId = 'privilege id without brackets’ , for instance:

select Name,  * from PrivilegeBase where PrivilegeId = '94C3AC2C-EB23-41CB-A903-4E2E49E910B4'

  • In my case, this query returned the following result:

image

  • So, I could see that what the user needs privileges to read sdk messages. So, I opened the role he belongs to and grant that privilege:

image

  • Saved the role and tried again Configuration Wizard.
  • Unfortunately, it failed again Sad smile.

 

  • So, I decided to go over each result in the log file and find out each privilege the system were checking against. I found out that the privileges that were being checked were the following ones:

 

{94C3AC2C-EB23-41CB-A903-4E2E49E910B4} prvReadSdkMessage: Customization –> Sdk Message

{902D70D3-2FF8-4D93-92F9-8EFDCF889AF8} prvReadQuery: Customization –> View

{B9C59CEF-F5D1-46B4-8C3B-8A38906C8C0E} prvReadSystemForm: Customization –> System Form

{7BB3B531-AC45-4977-89C8-B99768E55AB8} prvReadCustomization: Customization –> Customizations

{B64E92C8-5D2A-4052-A026-1B73EFF9CEBF} prvReadSolution: Customization –> Solution

{8CDEBADE-6187-440D-B041-5B3F3D84DB53} prvReadPublisher: Customization –> Publisher

{DB10A828-EC49-4035-8B7E-C58EFAF169EC} prvReadSdkMessageProcessingStep: Customization –> Sdk Message Processing Step

{122E085F-8C52-47E8-8415-875DEE1C961E} prvReadSdkMessageProcessingStepImage: Customization –> Sdk Message Processing Step Image

{F5B50296-A212-488A-BE92-CBCCA8971717} prvReadPluginAssembly: Customization –> Plug-in Assembly

{76FAAD15-BC44-4F4D-84DC-DD1E1DDA74D9} prvReadUser: Business Management –> User

{DBD3AD17-B6BD-46C8-8DB7-179FEC82C937} prvReadOrganization: Business Management –> Organization

{4156DB68-93E2-4A83-8CBB-5BB344EBAF47} prvReadWebResource: Customization –> Web Resource

{8437FA7C-3681-4FC7-BFD8-53A23FDECD65} prvReadUserSettings: Business Management –> User Settings

{663D1920-56E1-4166-89F0-47F3330923A8} prvReadTeam: Business Management –> Team

{222A920A-2778-4564-85CB-E78DDE8E4276} prvReadRole: Business Management –> Security Role

{6B4A9461-0105-4F4A-A047-FE1B4FEF02E7} prvReadWizardAccessPrivilege: Core Records –> Web Wizard Access Privilege

{D55D6EB9-D1E7-4EE9-A492-775015CF2F1F} prvReadWebWizard: Core Records –> Web Wizard

{024CA4FF-65BD-4381-84A5-A531285E9CE1} prvReadWizardPage: Core Records –> Wizard Page

{BD57CFA5-8495-4B3E-B358-DA246BA797B5} prvCreateWebResource: Customization –> Web Resource – create privileges

 

  • So, after granting ALL of the above privileges, I could finally set up CRM Outlook Client.

TIP: You can also look for the string ‘is missing’ to go straight to the lines where the trace says exactly which privileges are missing and preventing from running the operation. Obviously, I found it a bit later but it’s also useful in other cases where appears the same error :p).

Hope it helps to save you some time ;).

PP [twitter: @pabloperalta]

Posted Tuesday, November 01, 2011 9:28 AM by pablop | 3 comment(s)
Filed under: , , ,
More Posts