web 2.0

Friday, October 7, 2011

CRM 2011 Outlook Configuration error: The request for security token could not be satisfied because authentication failed


I ran across an unusual error while configuring CRM 2011 for outlook on a computer not running on the same domain as the CRM server. The configuration wizard just wouldn't connect to the deployment. The client config logs  ( located at %localappdata%\Microsoft\MSCRM\Logs\Crm50ClientConfig.txt) showed the below error message:

Error| Error connecting to URL: http://crmserver:port/XRMServices/2011/Discovery.svc 
Exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service.
 ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)   at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
   --- End of inner exception stack trace ---


The error shows that the client is unable to connect to the discrovery service eventhough i was able to connect to the service when trying to access it through Internet explorer on the same machine!

After spending a couple of hours troubleshooting and trying various scenarios on the client machine i started digging up a bit on the server side i found out that the CRMappPool and the CrmDeploymentServiceAppPool were running in the context of the administrator of the domain.

I was able to configure outlook to connect successfully to the deployment by configuring both application pools to run under the "LocalSystem" identity as shown in the screenshot below.



Cheers,
M.G

3 comments:

Anonymous said...

Thanks

Steve

Anonymous said...

Same error but the change to localsystem breaks my CRM.
Will keep trying.

joni said...

any more info on this? stuck on the same problem :(

Post a Comment