web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Server Base SharePoint...
Microsoft Dynamics CRM (Archived)

Server Base SharePoint Integration

(0) ShareShare
ReportReport
Posted on by Community Member

Dear All,

I have installed and configured successfully the server-base integration.

For security reason we had to change the service account password.

Now when a user (system administrator included) tries to open a document location CRM returns a 401 unauthorized error.

In detail I obtained this error message:

<errorlog><sites>
  <site>
   <url>https://my-sharepoint-url&lt;/url>
   <exception>Certificate: CN=domain.name with FindType: FindBySubjectDistinguishedName was not found in Store: My at StoreLocation: LocalMachine.</exception>
   <errorcode>-2147088205</errorcode>
  </site>
 </sites></errorlog>

What can I do to fix?

Thank you.

*This post is locked for comments

I have the same question (0)
  • Community Member Profile Picture
    Community Member on at

    Ok, I have fixed this issue, but there is a new one.

    In the meantime I have installed a new certificate because the old was expired.

    I have installed it in my server and configured IIS tu use the new certificate.

    But this action does not update the certificate used during the server base authentication.

    I have used the following script to remove the hold certificate

    Add-PSSnapin Microsoft.Crm.PowerShell
    $Certificates = Get-CrmCertificate;
    $alternativecertificate = "";
    foreach($cert in $Certificates)
    {
     if($cert.CertificateType -eq "S2STokenIssuer")
     {
      $alternativecertificate = $cert;
     }
    }
    Remove-CrmCertificate -Certificate $alternativecertificate

    and add the new one:

    .\CertificateReconfiguration.ps1 -certificateFile C:\certificate.pfx -password <password> -updateCrm -certificateType S2STokenIssuer -serviceAccount Contoso\CrmServiceAccount -storeFindType FindBySubjectDistinguishedName

    Now the certificate is configured but when I try to see the document in SharePoint via CRM, it returns this error:

    <errorlog><sites>
      <site>
       <url>https://my-sharepoint-url&lt;/url>
       <exception>The remote server returned an error: (401) Unauthorized.</exception>
       <errorcode>-2147088205</errorcode>
       <correlation>7fef4e9e-95f3-0041-8d6c-90714f0e63aa</correlation>
      </site>
     </sites></errorlog>

    And looking into the SharePoint log I get this error description:

    SPApplicationAuthenticationModule: Invalid token or signature. Exception: System.IdentityModel.Tokens.SecurityTokenException: Invalid JWT token. Could not resolve issuer token.

    Application error when access /_vti_bin/sites.asmx, Error=Invalid JWT token. Could not resolve issuer token.

    So for me it is ovvious that I have to update the SharePoint Security Token Configuration, but I don't know how. Also in CRM there is not the button to start again the wizard.

    Thanks

  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Ok Guys, I have found the solution also for this step.

    I have to create a new New-SPTrustedSecurityTokenIssuer following the step reported into the official CRM documentation

    New-SPTrustedSecurityTokenIssuer –Name "crm" –IsTrustBroker:$false –MetadataEndpoint https://CrmServer/XrmServices/2015/metadataendpoint.svc/json?orgName=OrganizationName

    This is enought.

    The AppPrincipal is already registered and CRM is configured.

    I had only to register a new Trusted Security Token Issuer and in this way the JWT token is validated.

  • Zaralus Profile Picture
    Zaralus 10 on at

    Hey, we are getting the same issue when setting this up on production environment (We have it working in our UAT environment). I tried the steps you mentioned but I'm still getting the same error. Does the certificate only need to be installed on the async servers or is it required elsewhere as well?

  • Zaralus Profile Picture
    Zaralus 10 on at

    We fixed our issue with the certificate not being in the Store by deleting certificates that we had on the front end servers that had the same distinguished name (Subject). The distinguished name must be unique on the server for your certificate, not just the thumbprint.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans