Thursday, November 13, 2014

Insufficient Permission error for a User with System Administrator role

A very strange issue indeed. We are using CRM 2013 On-Prem and I was trying to assign an Account record to another user. The user I am logged in as is the CRM admin (with system administrator privileges). The same user who installed CRM 2013.

However, I am receiving Insufficient Permissions error when trying to assign an Account record to another user. Here is the error log:

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #56C416D8Detail:
  System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #56C416D8
    Principal user (Id=3d3d03f5-f73e-e311-b67b-002219609c15, type=8) is missing prvReadContract privilege (Id=8022a167-ea97-4c91-a41c-b77c083f7113)


At first I was baffled as I am logged in as System Administrator and how can I not have the privileges however, this is how I resolved it.

Focus on the tag in the error log above. The Principal User ID is '3d3d03f5-f73e-e311-b67b-002219609c15'

I searched for this ID in SystemUserBase table in SQL Server.

SELECT * FROM SystemUserBase WHERE SystemUserId LIKE '3d3d03f5-f73e-e311-b67b-002219609c15'

When I reviewed the details of this record, it wasn't the System Admin but the Target User to which I was assigning this record to.

I checked his Role in CRM (Setting / Administration / Security Roles) and provided him read privileges for Contracts entity (prvReadContract privilege as mentioned in the error above).

The error was resolved and the Account record now had a new Owner.

Saturday, November 1, 2014

That's why they say, read between the lines

We had a CRM organization up and running for days (we are on Dynamics CRM 2013) and of course it went down. The error was pretty generic:

An error has occurred. Please try again and if it does not work, contact your system administrator.

I clicked on the Try Again button and here is the error detail.

http://CRM_SERVER:5555/_common/error/errorhandler.aspx?B ackUri=&ErrorCode=0x80040216&Parm0=%0d%0a%0d%0aE rror%20Details%3a%20Failed%20to%20get%20priv%20user%20 group%20information.%20k%20%3d%2021a6dcf2-a2d8-4642-9a76-90fce5f1f92a%20privUserGroupId%3a%20d955e0ef-453c-4c63-9cae-a8ac9a28c82f%2c%20localSystemAdGuid%3a%2071ced336-9ba0-49be-9ad7-f6ddb010b085%2c%20Exception%3a%20System.DirectoryS ervices.DirectoryServicesCOMException%20%280x80072030%29% 3a%20There%20is%20no%20such%20object%20on%20the%20 server.%0d%0a%0d%0a%20%20%20at%20System.DirectoryService s.DirectoryEntry.Bind%28Boolean%20throwIfFail%29%0d %0a%20%20%20at%20System.DirectoryServices.Director yEntry.Bind%28%29%0d%0a%20%20%20at%20System.DirectorySer vices.Director yEntry.get_NativeObject%28%29%0d%0a%20%20%20at%20System.DirectoryServices.Director yEntry.Invoke%28String%20methodNae zme%2c%20Object%5b%5d%20args%29%0d%0a%20%20%20at%2 0Microsoft.Crm.SecurityUtils.CheckMembership%28Guid%20princi palId%2c%20Guid%20groupId%29%0d%0a 
%20%20%20at%20Microsoft.Crm.Caching.OrganizationSet tingsCacheLoader.LoadCacheData%28Guidz%20key%2c%20ExecutionContext %20context%29.&RequestUri=%2fdefault.aspx& user_lcid=1033

If you read between the lines, it says : Failed to get priv user group information.......

This is almost always because the CRM Async service is not running. If it is running, then may be due to a restart that the CRM server was up before the AD server.

Restart all the CRM services and also restart the CRM website on the IIS (for your own satisfaction)

Shoot an email to your management. Cuppa coffee! :)