web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM 2016 sp1 (on premi...
Microsoft Dynamics CRM (Archived)

CRM 2016 sp1 (on premise) to sharepoint 2013 sp1 (on premise) server to server authentication integration failing

(0) ShareShare
ReportReport
Posted on by Community Member

Hi, 

I followed the article https://technet.microsoft.com/en-us/library/dn949332.aspx about 6 months ago to set up our DEV, UAT and PROD (to be) CRM environment integration that integrates with our Sharepoint Server. I went through all the issue to set the environment correctly such that DEV CRM integrations with DEV Sharepoint, UAT CRM connects to UAT Sharepoint and PROD CRM to PROD Sharepoint.

We were replacing Salesforce so we took a backup of CRM_UAT database and restored it as CRM_UAT_RT, We loaded all the Salesforce data into CRM_UAT_RT and when all the data is loaded we renamed CRM_UAT_RT to CRM_UAT. We did the Organisation import, as a result of this the CRM Realm id changed and I had to re-run below script with new realm Id in Sharepoint.

Get-SPTrustedSecurityTokenIssuer
Remove-SPTrustedSecurityTokenIssuer –Identity {name} where name is the prexisting STS in sharepoint

$i = New-SPTrustedSecurityTokenIssuer –Name "crmprod" –IsTrustBroker:$false –MetadataEndpoint "uat.xyz.com.au/.../json"

$site = Get-SPSite "my.xyz.com.au/.../crm"

$CrmRealmId = "150d2fd6-18f3-e611-80fe-000d3ad09ec5"
$Identifier = "00000007-0000-0000-c000-000000000000@" + $CrmRealmId
Register-SPAppPrincipal -site $site.Rootweb -NameIdentifier $Identifier -DisplayName "crmprod"

We followed this article http://www.techairgroup.com/solution-dynamics-crm-2016-sp1-on-premise-server-integration-to-sharepoint-2013-on-premise-issues/  and it worked in our UAT environment just fine.

Now, we took a backup of CRM_UAT and restored as CRM_PROD in PROD server and did the organisation import and when doing same steps we are getting below error:

<site>

    <url>https://prod.xyz.com.au/sites/crm</url>

    <exception>The request was aborted: The request was canceled.Sharepoint Realm ID did not match bearer challenge: [Scheme: Bearer, Parameters: [realm: 75f858cc-dd95-40f6-bb75-2616c429d2f6, client_id: 00000003-0000-0ff1-ce00-000000000000, trusted_issuers: 00000007-0000-0000-c000-000000000000@150d2fd6-18f3-e611-80fe-000d3ad09ec5,00000003-0000-0ff1-ce00-000000000000@75f858cc-dd95-40f6-bb75-2616c429d2f6]] with the service principal: [ServicePrincipalName: [PrincipalId: 00000003-0000-0ff1-ce00-000000000000, HostName: , Realm: 616ac38e-a6ec-45c5-a3c8-0d531966730b], TenantId: 00000000-0000-0000-0000-000000000000]</exception>

    <errorcode>-2147088205</errorcode>

    <correlation>dfb5e99d-ad83-602f-a91f-ef0f72314a34</correlation>

  </site>

When going to CRM and trying to validate the site it says "Failed Authentication".

Can someone please help me point to right direction.

Thanks

Bikash 

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    cmsheff Profile Picture
    cmsheff on at

    We were experiencing the same issue after restoring our Production CRM and SharePoint site to our DEV and UAT environments.  After opening a ticket with Microsoft we finally found a resolution to this which turned out to be a very frustrating problem but a very easy fix.  First run this command:

    Get-SPAuthenticationRealm

    You will notice it is still set to the previous SharePoint RealmID, so we just had to run this command to set the RealmID (replacing with your actual new SP RealmID)

        Set-SPAuthenticationRealm -Realm "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

    Once we this was set correctly we reran the Configure Server-Based SharePoint Integration in CRM and it came back as valid, all working properly and fixed now!

  • Heart Profile Picture
    Heart 5 on at

    followed this article www.techairgroup.com/.../ , but is not work.

    when i excute $i = New-SPTrustedSecurityTokenIssuer –Name "crmprod" –IsTrustBroker:$false –MetadataEndpoint "uat.xyz.com.au/.../json"

    i will get below error:

    New-SPTrustedSecurityTokenIssuer : 远程服务器返回错误: (400) 错误的请求。

    所在位置 行:1 字符: 6

    + $i = New-SPTrustedSecurityTokenIssuer -Name "crm" -IsTrustBroker:$fal ...

    +      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       + CategoryInfo          : InvalidData: (Microsoft.Share...rityTokenIssuer:SPCmdletNewTrustedSecurityTokenIssuer) [New-SPTrustedSecurityTokenIssuer],WebException

       + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewTrustedSecurityTokenIssuer

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans