Hi,

I posted this in another news group and after 2 days no answer.

I have installed CRM 4.0 on a member server, for approx 30 mins all users on
the network (enabled in CRM) were able to access the server. Then users were
asked for a user name and password which after 3 attempts the 401 IIS error
page appeared (not authorised).

Are there any considerations for installing on a member server or do I need
to do anything in IIS to authenticate the domain users.

I really need help with this please

Hi David,

what's buffling is that users are able to access server for about 30 minutes
(if it were 20 I'd say it's a session expiring but 30? - may be Kerberos
ticket expiring?). Well, anyway:

What's the account CRMAppPool is running under? Is this account member of
PrivUserGroup and SQLAccessGroup groups in AD?
Anything in CRM trace (see http://support.microsoft.com/kb/907490)? I'd
doubt that though because it looks like authentication issue not
application-level one.
Anything interesting in server & DC event logs? Can you enable directory
services logging as per http://support.microsoft.com/kb/232714/ and see if
you get any failed ANONYMOUS LOGON requests which would typically indicate
double-hop authentication issue.
Hve you modified CRM web.config by any chance, especially <authentication>
and <identity> sections?

Hope this helps
--
George Doubinski
CRM Certified Professional - Developer
Blog: http://crm.georged.id.au/


"David Hodgson" <david.hodgson@homenetz.co.uk> wrote in message
news:27DF67AE-9B81-46A7-A23A-A8ECC9FC5E4B@microsoft.com...

Hi,

Well it could have been about 20 minutes, I am new to this so I was
estimating, however, I am now able to access the CRM server but only through
the IP of the server not by the FQDN i.e http://192.168.16.3:5555, not
http://app-server:5555

I have tried doing a CNAME record in DNS pointing to the server but that
does not seem to work.

I am also having trouble with the outlook client, it will not connect on the
IP and I get a 401 error if I use the FQDN.

I have added all sites to the Intranet Zone on IE.

Any advice would be appreciated

Thanks


"George Doubinski" <georged.delete@alexanders.remove.net.au> wrote in
message news:uzBylzlfIHA.6136@TK2MSFTNGP03.phx.gbl...

David,

I think before even tackling authentication problem you should really make
it work with the FQDN not IP address. Can you ping app-server from the
workstations at all? If you can, what error are you getting when connecting
to http://app-server:5555? 401? Without info from the server logs and CRM
trace it's kind of shooting blind but nevertheless - where the SQL server is
installed? Same server? Where reporting services are installed? If the same
server, default site then can you get to http://app-server/ReportServer from
the workstation?

Thanks
--
George Doubinski
CRM Certified Professional - Developer
Blog: http://crm.georged.id.au/


"David Hodgson" <david.hodgson@homenetz.co.uk> wrote in message
news:E7EE51F5-925D-4253-BB14-32FD8ECECD55@microsoft.com...

Hi,

Sorry, i am really heavily relying on help from people at the moment as this
is kinda new to me, I used 3.0 and had none of these problems.

OK to answer your questions...

Yes i can ping app-server from a workstation - no problems
When trying to connect to http://app-server:5555 from a workstation I am
asked for a user name and password (i enter my domain user in the format
DOMAIN\user), i have to enter this 3 times and then I get...

"HTTP Error 401.1 - Unauthorized: Access is denied"

The SQL server is on the same machine as the CRM server as is Reporting
sevices, AD is on a seperate SBS box.

When I try http://app-server/ReportServer I am presented with a log in box,
again I enter a user name and password three times and get...

You are not authorized to view this page
You do not have permission to view this directory or page using the
credentials that you supplied.
--------------------------------------------------------------------------------

Please try the following:

Contact the Web site administrator if you believe you should be able to view
this directory or page.
Click the Refresh button to try again with different credentials.
HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.
Internet Information Services (IIS)

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Go to Microsoft Product Support Services and perform a title search for the
words HTTP and 401.
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for
topics titled Authentication, Access Control, and About Custom Error
Messages.

If you need to see log files please let me know what you need and I may be
able to provide them. I have also in the past allowed people on to my server
to try and resolve the issue if that helps.

I appreciate your help

Regards

"George Doubinski" <georged.delete@alexanders.remove.net.au> wrote in
message news:OPpHTHxfIHA.1824@TK2MSFTNGP02.phx.gbl...

Hi David,

we're getting closer :-) I think it's simply IIS misconfiguration. The
easiest way to tackle the issue is to put CRM aside and get reporting
services up and running first (you'll need it anyway to run the reports).

Check http://msdn2.microsoft.com/en-us/library/ms159778.aspx for possible
causes of 401 error. Most likely it's a problem listed under "Using a local
or domain user account" section. What account IIS pool for reporting
services is running under? Is it a domain account?

--
George Doubinski
CRM Certified Professional - Developer
Blog: http://crm.georged.id.au/


"David Hodgson" <david.hodgson@homenetz.co.uk> wrote in message
news:31F6476D-2EB2-4C18-A4D7-98187AEAE197@microsoft.com...

Could you tell me how I find out what user the app-pool is using? I have a
feeling it is a local machine account rather than a domain one.

Thanks

"George Doubinski" <georged.delete@alexanders.remove.net.au> wrote in
message news:%23xLbknyfIHA.1184@TK2MSFTNGP04.phx.gbl...

Hi David,

in IIS Manager find Report Server virtual directory under Default Web Site
and make a note the application pool selected. Then go to Application Pools,
right-mouse click the pool and click Properties. Identity tab has the
information you're after. In your configuration it should be either NETWORK
SERVICE or a domain account.

Hope this helps
--
George Doubinski
CRM Certified Professional - Developer
Blog: http://crm.georged.id.au/


"David Hodgson" <david.hodgson@homenetz.co.uk> wrote in message
news:B6967802-DB41-4DC5-ACDB-673EA286BA7D@microsoft.com...

Hi,

I have checked this and the ReportServer is running as Network Service.

The default website is also in a stopped state as I have installed
SharePoint on the same box, this creates another site (Sharepoint - 80) that
uses port 80 forcing the default site to stop.

Could this be interfering, can Sharepoint and CRM exist on the same machine?

Thanks


"George Doubinski" <georged.delete@alexanders.remove.net.au> wrote in
message news:eyNXkc4fIHA.3632@TK2MSFTNGP06.phx.gbl...

I bet Sharepoint was installed after CRM otherwise CRM would not install
without RS working.
Stop Sharepoint site, start default, try http://app-server/reportingserver.
Working? Double-check pool account for CRM and try http://app-server:5555
then.

--
George Doubinski
CRM Certified Professional - Developer
Blog: http://crm.georged.id.au/


"David Hodgson" <david.hodgson@homenetz.co.uk> wrote in message
news4FA23C5-7336-41D4-B55E-5B27C5889BAC@microsoft.com...

Hi,

Yes Sharepoint was installed after CRM!

I have stopped the sharepoint site on 80 and started the default on 80.
Default is configured to use SSL so the site does still not work (running
OCS as well), but if I turn off SSL I can get on http://app-server/reports

The CRMAppPool is running as Network Service however when I go to
http://app-server:5555 i get 400 Bad Request, The web page cannot be found

I really appreciate your help with this one George, thanks.


"George Doubinski" <georged.delete@alexanders.remove.net.au> wrote in
message news:OleBj14fIHA.5280@TK2MSFTNGP02.phx.gbl...

Something else to point out is that I am getting alot of errors in the
Application Event log

Source: Ci
Category: CI Service
Type: Error
User: N/A
Event ID: 4136
Computer: APP-SERVER

Indexing Service failed to log on HOMENETZ\RTCGuestAccessUser because of
error 1326

Dont know if this helps with my plight!

Thanks

"George Doubinski" <georged.delete@alexanders.remove.net.au> wrote in
message news:OleBj14fIHA.5280@TK2MSFTNGP02.phx.gbl...

David,

Sharepoint installation to the default site obviously wrecked your RS & CRM.
Cleanest way out of this, IMHO, would be to uninstall Sharepoint and, if
nothing still works, repair/reinstall both RS & CRM. RS is probably going to
be fine but just to be on a safe side...

May be somebody else can chime in with the idea of a quick-fix instead of
repair/reinstall?

Cheers
--
George Doubinski
CRM Certified Professional - Developer
Blog: http://crm.georged.id.au/


"David Hodgson" <david.hodgson@homenetz.co.uk> wrote in message
news:A2E5EF8B-FD07-4A2B-AC48-CB04051DA99A@microsoft.com...

Huh, RTCGuestAccessUser is Office Communication Server account - where does
this come from?! Don't tell me there is also a communication server on that
potpourri box... Anyway, you can probably ignore this error for now.

--
George Doubinski
CRM Certified Professional - Developer
Blog: http://crm.georged.id.au/


"David Hodgson" <david.hodgson@homenetz.co.uk> wrote in message
news:5C2D148E-8466-4615-BF1A-DDB101D86EC5@microsoft.com...

HAHA, yeah it is running all of the applications that the business needs.
Unfortunately the CEO will not pay for lots of seperate machines to run
everything we need to use.

If it is OCS then I will ignore the error for now as it is not causing any
problems.

I am actually waiting for a call from Microsoft Tech Support now to get this
working as it is getting really frrustrating.

Thanks again for all of your help.

Regards


"George Doubinski" <georged.delete@alexanders.remove.net.au> wrote in
message news:O3Daga5fIHA.5752@TK2MSFTNGP03.phx.gbl...

David,

did you get your issue sorted with tech support? I'm having a similar issue
with the 401.1 error from client PC's. thanks.

--
regards,

Mark


"David Hodgson" wrote:

Hi,

The only work around I could find was to add the server IP and name to the
HOSTS file on all of the worksations (C:\windows\system32\drivers\etc).

This as far as I know is overriding DNS and allowed all machines to access
the server from the machine name.

Let me know how you get on!

Regards


"Mark Gullick" <MarkGullick@discussions.microsoft.com> wrote in message
news:04C9DDAF-6E17-4086-A126-642301C3952E@microsoft.com...

Hi David,
I'm having a similar issue, did editing the HOSTS file solve your problem?

Thanks
Mahesh


"David Hodgson" wrote: