Thursday, November 13, 2014

Insufficient Permission error for a User with System Administrator role

A very strange issue indeed. We are using CRM 2013 On-Prem and I was trying to assign an Account record to another user. The user I am logged in as is the CRM admin (with system administrator privileges). The same user who installed CRM 2013.

However, I am receiving Insufficient Permissions error when trying to assign an Account record to another user. Here is the error log:

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #56C416D8Detail:
  System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #56C416D8
    Principal user (Id=3d3d03f5-f73e-e311-b67b-002219609c15, type=8) is missing prvReadContract privilege (Id=8022a167-ea97-4c91-a41c-b77c083f7113)


At first I was baffled as I am logged in as System Administrator and how can I not have the privileges however, this is how I resolved it.

Focus on the tag in the error log above. The Principal User ID is '3d3d03f5-f73e-e311-b67b-002219609c15'

I searched for this ID in SystemUserBase table in SQL Server.

SELECT * FROM SystemUserBase WHERE SystemUserId LIKE '3d3d03f5-f73e-e311-b67b-002219609c15'

When I reviewed the details of this record, it wasn't the System Admin but the Target User to which I was assigning this record to.

I checked his Role in CRM (Setting / Administration / Security Roles) and provided him read privileges for Contracts entity (prvReadContract privilege as mentioned in the error above).

The error was resolved and the Account record now had a new Owner.

Saturday, November 1, 2014

That's why they say, read between the lines

We had a CRM organization up and running for days (we are on Dynamics CRM 2013) and of course it went down. The error was pretty generic:

An error has occurred. Please try again and if it does not work, contact your system administrator.

I clicked on the Try Again button and here is the error detail.

http://CRM_SERVER:5555/_common/error/errorhandler.aspx?B ackUri=&ErrorCode=0x80040216&Parm0=%0d%0a%0d%0aE rror%20Details%3a%20Failed%20to%20get%20priv%20user%20 group%20information.%20k%20%3d%2021a6dcf2-a2d8-4642-9a76-90fce5f1f92a%20privUserGroupId%3a%20d955e0ef-453c-4c63-9cae-a8ac9a28c82f%2c%20localSystemAdGuid%3a%2071ced336-9ba0-49be-9ad7-f6ddb010b085%2c%20Exception%3a%20System.DirectoryS ervices.DirectoryServicesCOMException%20%280x80072030%29% 3a%20There%20is%20no%20such%20object%20on%20the%20 server.%0d%0a%0d%0a%20%20%20at%20System.DirectoryService s.DirectoryEntry.Bind%28Boolean%20throwIfFail%29%0d %0a%20%20%20at%20System.DirectoryServices.Director yEntry.Bind%28%29%0d%0a%20%20%20at%20System.DirectorySer vices.Director yEntry.get_NativeObject%28%29%0d%0a%20%20%20at%20System.DirectoryServices.Director yEntry.Invoke%28String%20methodNae zme%2c%20Object%5b%5d%20args%29%0d%0a%20%20%20at%2 0Microsoft.Crm.SecurityUtils.CheckMembership%28Guid%20princi palId%2c%20Guid%20groupId%29%0d%0a 
%20%20%20at%20Microsoft.Crm.Caching.OrganizationSet tingsCacheLoader.LoadCacheData%28Guidz%20key%2c%20ExecutionContext %20context%29.&RequestUri=%2fdefault.aspx& user_lcid=1033

If you read between the lines, it says : Failed to get priv user group information.......

This is almost always because the CRM Async service is not running. If it is running, then may be due to a restart that the CRM server was up before the AD server.

Restart all the CRM services and also restart the CRM website on the IIS (for your own satisfaction)

Shoot an email to your management. Cuppa coffee! :)

Wednesday, October 29, 2014

Lookup errors on Dynamics CRM 2013 with Google Chrome 38

Google sends in regular updates for Chrome for good and to break Dynamics CRM 2013. Here's a recent error on saving the lookup.

Microsoft does have a KB Article on this which suggests you not to update to Chrome 38. This suggestion is valid if you have not already updated Chrome.

For those who have already updated, here's what you can try. It's an unsupported fix but, its a fix.

For a detailed explanation of why did the lookup functionality break? look no further than this.

Monday, October 27, 2014

How to fix: The resource you are looking for has been removed in CRM 2013

During the installation of Microsoft Dynamics CRM 2013 Server, I received the following error message:

Module IIS Web Core
Notification MapRequestHandler
Error Code 0x80070002

Requested URL

Physical Path
C:\Program Files\Microsoft Dynamics CRM\CRMWeb\****\{635427333390000809}\WebResources\msdyn_\PersonalWall.htm

Logon Method Negotiate

Apparently, this is because the IIS URL Rewrite module is not rewriting the URL correctly. CRM creates rules within the rewrite module; for FederationMetadata and WebResourcesRule.

One of these rules is to load the handlers/FederationMetadata.ashx when Federation Metadata/2007-06/FederationMetadata.xml is requested.

We have to check if the URL Re-write module is available in IIS on the CRM website and if the re-write rules are present. If the re-writing rule is present then URL Re-write is corrupt and we need to re-install it.


  • Navigate to Add/Remove programs
  • Identify Microsoft URL Rewrite Module and uninstall it
  • To re-install the module locate rewrite_1.1_amd64_rtw file in the CRM 2013 Server installation folder “UrlRewriteModule”
This is also true for CRM 2011 just in case you have similar installation issues with CRM 2011.

Thursday, October 9, 2014

Installing Microsoft Dynamics CRM 2013 on Windows Server 2012

You may find many blog posts that will provide you step by step installation procedure to install Dynamics CRM 2013 on Windows Server 2012, so I'm not going to do this here. Instead I shall quickly mention few tips so that you can fly through the installation.

Indexing Service Pre-requisite

I spent some time to find the indexing service in Windows Server 2012. There isn't any. Microsoft now calls in Windows Search Service. Look for it in the Features section in the Server Manager when you are adding roles and features.

Performance Counter Permissions

You might receive these below errors in the final stage of the installation:

"The account specified to run the Microsoft Dynamics CRM application does not have Performance Counter permissions."

"The account specified to run the Microsoft Dynamics CRM Asynchronous Service does not have Performance Counter permissions."

  • Open Server Manager
  • Select Tools and click Computer Management
  • Select Local Users and Groups
  • Select Groups
  • Under Performance Log Users group add CRM App Service user and CRM Async Service user
  • Click back on the CRM installation screen and click next to continue
You are good to go now!

Sunday, January 5, 2014

How to fix: 'The page cannot be displayed' when you browse the Report Server URL

I was at it for hours and every time I tried to browse the URL http://[servername]/ReportServer I was disappointed. The Report Server Logs (at C:\Program Files\Microsoft SQL Server\MSRS10_50.\ReportingService\Logs) says the User does not has access to Report Server Database. Tried all the obvious options:
  1. Checked if SQL Server Reporting Services is started.
  2. Checked if the report server service account user has access to ReportServer database.
  3. Restarted the server (most of the times this is your best resort)
But nothing worked.

You can resolve the issue by following these steps:

1. Open the rsreportserver.config file with a text editor
2. Search for the "SecureConnectionLevel" string.
3. Once found, You should have the related "Value" set to "2"; change it from "2" to "0".

Change the line: [Add Key="SecureConnectionLevel" Value="2"]
To be: [Add Key="SecureConnectionLevel" Value="0"]

For SQL Server 2008 R2, rsreportserver.config default location is:
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer

For SQL Server 2012:
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer