Friday, April 20, 2018

No Microsoft Dynamics CRM user exists with the specified domain name and user ID


A Microsoft Dynamics CRM user record does not exist with the specified domain name and user ID.

Crm Exception: Message: No Microsoft Dynamics CRM user exists with the specified domain name and user ID, ErrorCode: -2147220652

 Error while retrieving userId. Exception: Microsoft.Crm.CrmSecurityException: Unable to find Active Directory object for SID
   at Microsoft.Crm.SecurityUtils.GetGuidFromSidLimitingSearches(String domain, Byte[] sid)
   at Microsoft.Crm.SecurityUtils.GetUserId(String domainName, Boolean limitGlobalCatalogSearches)

We were getting such error for only certain users after we migrated our CRM organization from CRM 2011 to CRM 2016.

Initial Investigation and results.
  • User was enabled.
  • User has all security roles assigned.
  • Even one of Service Account having System Administrative access was not able to login.

Understanding CRM Tables

There are four main tables where CRM user detail must exist for CRM authentication.

MSCRM_CONFIG.dbo.SystemUserOrganizations
MSCRM_CONFIG.dbo.SystemUserAuthentication
MSCRM_CONFIG.dbo.SystemUser
YourOrgName_MSCRM.dbo.SystemUserBase

Here is a query which should give an outcome with important details for a given CRM User.

select DomainName,ActiveDirectoryGuid,AuthInfo,A.UserId
from MSCRM_CONFIG.dbo.SystemUserOrganizations O
join MSCRM_CONFIG.dbo.SystemUserAuthentication A on A.UserId=O.UserId
join Staging.dbo.SystemUserBase B on B.SystemUserId=O.CrmUserId
Where B.DomainName like '%itsit\vipin.jaiswal%'


If you are not getting SQL Result, then it might be possible that there is missing entry for a CRM user in one of the table.

So, we need to verify in which table we are missing the respective crm user entry and verification must be done in specific order as described here.

First :
Please note SystemUserID of the respective user as this would be an input for our second query.

Select DomainName,SystemUserID
From Staging_MSCRM.dbo.SystemUserBase
Where DomainName like '%itsit\vipin.jaiswal%'



Second :
The SystemUserId from above is an input to below query in where clause.

Select CrmUserId,Id,OrganizationId,UserId,IsDeleted
From MSCRM_CONFIG.dbo.SystemUserOrganizations
Where CrmUserId = 'F2B56B91-CE43-E811-9103-005056A83905'



Note the UserId from above it will be an input to our Third and Fourth Query.

Third and Fourth :

Select AuthInfo,Id,UserId,IsDeleted
From MSCRM_CONFIG.dbo.SystemUserAuthentication
Where UserId = 'F9B56B91-CE43-E811-9103-005056A83905'

Select DefaultOrganizationId,Id,IsDeleted
From MSCRM_CONFIG.dbo.SystemUser
Where Id = 'F9B56B91-CE43-E811-9103-005056A83905'




In most cases we have got an entry in table YourOrgName_MSCRM.dbo.SystemUserBase and rest other 3 tables were missing the entry.

I have created a stored Procedure which will create missing entry in the respective table accordingly.

Disclaimer: As always, any direct changes in the CRM tables are unsupported.

Please Note:

SP require an Active Directory ID of  a CRM User and I know two ways to get it.

     1) Get the ID from your any other existing organization  from below query.
Select AuthInfo,Id,UserId,IsDeleted
From MSCRM_CONFIG.dbo.SystemUserAuthentication
Where UserId = @CrmUserConfigId

      2) Get the ID from running power shell command

Get-ADUser -Filter {SamAccountName -eq 'YourUserName'}



-------------Stored Procedure---------------


Create Procedure usp_CreateCrmUser
(@OrgName varchar(100), 
 @CrmUserName varchar(100), 
 @CrmUserACtiveDirectoryID varchar(100))
As

/* 
----Run this Stored Procedure as

Exec CreateCrmUser 'Staging_MSCRM','itsit\Vipin.Jaiswal','W:S-1-5-21-1328376081-1279679187-339368940-342572' 
*/

Begin

Declare @OrganizationID uniqueidentifier
Declare @CrmUserConfigID uniqueidentifier
Declare @SystemUserID uniqueidentifier

Select @OrganizationID = Id
From MSCRM_Config.Dbo.Organization Where DatabaseName = @OrgName

Select @CrmUserConfigID = NEWID()

Select @SystemUserID = SystemUserId
From Staging_MSCRM.dbo.SystemUserBase Where DomainName = @CrmUserName

       If @OrganizationID IS NULL
       Begin
              Select [Output] = 'Organization Name  ''' + @OrgName + '''  does not exists'
              return
       End

       If @SystemUserID IS NULL
       Begin
       Select [Output] = 'User  ''' + @CrmUserName + '''  does not exists in Organization : '' ' + @OrgName + ''''
       return
       End
      
       Insert into MSCRM_CONFIG.dbo.[SystemUser] (DefaultOrganizationId,Id,IsDisabled,Name,IsDeleted)
       Values (@OrganizationID,@CrmUserConfigID,null,null,0)

       Insert into MSCRM_CONFIG.dbo.SystemUserOrganizations (CrmUserId, Id, OrganizationId, UserId, IsDeleted)
       Values (@SystemUserID, NEWID(), @OrganizationID, @CrmUserConfigID, 0)

       Insert into MSCRM_CONFIG.dbo.SystemUserAuthentication (AuthInfo,Id,UserId,IsDeleted)
       Values (@CrmUserACtiveDirectoryID, NEWID(), @CrmUserConfigID, 0)    
             
    Select [Output] = 'User  ''' + @CrmUserName + '''  Created for Organization : '' ' + @OrgName + ''''

       Select DomainName,ActiveDirectoryGuid,AuthInfo,A.UserId
       From MSCRM_CONFIG.dbo.SystemUserOrganizations O
       join MSCRM_CONFIG.dbo.SystemUserAuthentication A on A.UserId=O.UserId
       join Staging_MSCRM.dbo.SystemUserBase B on B.SystemUserId=O.CrmUserId
       Where B.DomainName = @CrmUserName

End

Invoking a stored procedure entered the appropriate missing entry in SQL table and users were able to log-on.

Thanks,
Vipin Jaiswal
vipinjaiswal12@gmail.com


ID3242: The security token could not be authenticated or authorized.



Microsoft Dynamic CRM v9.0 and TLS and SSL protocols.


I was trying to log-on to Dynamic 365 CRM v9.0 from Internet Explorer and getting below error page.



This is because Microsoft is enforcing TLS 1.2 protocol when accessing Dynamics 365 v9.0
As this error message clearly mentioned that one is to edit Internet explorer setting.

I am explaining what exactly needed to be done.
1)  Open the Internet Explorer setting. Go to Tools > Internet Options.
2)  Go to Tab Advanced and scroll down and look for heading Security.


 3)  Under heading Security, look for Use TLS 1.2, check the box as depicted in below image.



Try accessing CRM and I hope without any further error, CRM will be accessible.

From a coding perspective if any application is trying to access Dynamic 365 v9.0 we need to invoke below commands to ensure that application is making use of TLS protocol 1.2.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;



FOR SSRS Report try downloading latest Report Authoring Extension - Click here


I hope this will save a lot of time.

Thanks,
Vipin Jaiswal

Here are some other links for Troubleshooting and learning:

·       Plugin in Dynamic 365 CRM

·       Connect to Dynamic 365 CRM from Console App using Azure Authentication

·       Could not load file or assembly 'System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies

·       Unable to Login to Dynamics CRMOrganizationWebProxyClient is null

·       Assembly 'Microsoft.Crm.Sdk.Proxy' with identity 'Microsoft.Crm.Sdk.Proxy, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' uses 'Microsoft.Xrm.Sdk, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' which has a higher version than referenced assembly 'Microsoft.Xrm.Sdk' with identity 'Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'

·       Could not load file or assembly 'Microsoft.Xrm.Sdk, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference.

·       Could not load file or assembly 'Microsoft.Xrm.Sdk, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies