web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / User in trust domain
Microsoft Dynamics CRM (Archived)

User in trust domain

(0) ShareShare
ReportReport
Posted on by Taher Ali

When I want to create users in trusted domain, it gives an error message.

"You are attempting to create a user with an invalid domain logon. Select another domain logon and try again".

Then I  set the registry key AutoGroupManagementOff to value 1 (false) from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM. Now It asks to contact Microsoft Dynamics Community. I have changed the DEVErrors value to ="on" in the web config file to give details of the error. But, it does not give the detailed error.

What should I do?

*This post is locked for comments

I have the same question (0)
  • Community Member Profile Picture
    Community Member on at

    Taher:

    How did you configure/setup your trusted domain?

    Did you use a Domain Admin account to establish the trust?

     

    - Mark

  • Taher Ali Profile Picture
    Taher Ali on at

    Yes, I used the domain admin account to establish the trust. I can give any permission from one domain to other domain. That means, trust relationship is OK.

    The other domain controller has ISA server. And I allowed LDAP and Kerberos protocol in this server. Then it allowed the trust relationship. But, I cannot create users from the trusted domain. Please help.

  • Community Member Profile Picture
    Community Member on at

    OK, can you download the CRM Tool at http://blogs.msdn.com/benlec you'll want the CRMDiagTool for CRM 4.0.

    Turn on Dev Errors and Tracing for the server (you may want to wait until off hours so that you don't see the traffic from normal use.  Then once you have tracing on, try to do the change again. (either way).

    So after you run the trace and dev errors and make it error again, turn off the dev errors and tracing and it should let you zip up the logs.  You should be able to find the logs in the CRM server hive in Program Files  (folder called Trace)

    When you can start looking through them....search for Error: and then Warning:.

    Can you post your results?

    If you do happen to come across an item post about 50 lines before and after the error for analysis.

    - Mark

  • Taher Ali Profile Picture
    Taher Ali on at

    Hi Mark:

    Thank you. The error is given below (within ERROR LINE).

    >Crm Exception: Message: LookupAccountNameW failed with error, ErrorCode: -2147214038
     at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
    >MiniDump: TraceDirectory setting not set or missing. Defaulting to temporary folder.
    [2009-04-08 14:46:38.1] Process: w3wp |Organization:351d45d8-d387-489a-9cb0-e8197ce9746f |Thread:   10 |Category: Platform

    |User: 32097336-ddb8-46ec-a9bd-4d19196ac22d |Level: Warning | SystemUserServiceInternal`1.CreateInternal
     at SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext

    context)
     at SystemUserServiceInternal`1.Create(IBusinessEntity systemuser, ExecutionContext context)
     at RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes

    methodAttributes, RuntimeTypeHandle typeOwner)
     at RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes

    methodAttributes, RuntimeTypeHandle typeOwner)
     at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo

    culture, Boolean skipVisibilityChecks)
     at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo

    culture)
     at LogicalMethodInfo.Invoke(Object target, Object[] values)
     at InternalOperationPlugin.Execute(IPluginExecutionContext context)
     at PluginStep.Execute(PipelineExecutionContext context)
     at Pipeline.Execute(PipelineExecutionContext context)
     at MessageProcessor.Execute(PipelineExecutionContext context)
     at InternalMessageDispatcher.Execute(PipelineExecutionContext context)
     at ExternalMessageDispatcher.Execute(String messageName, Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode,

    PropertyBag fields, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
     at RequestBase.Process(Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, CorrelationToken correlationToken,

    CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
     at RequestBase.Process(CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid

    callerId)
     at CrmServiceInternal.Execute(RequestBase request, CorrelationToken correlationToken, CallerOriginToken originToken,

    UserAuth userAuth, Guid callerId)
     at InProcessCrmService.Execute(Object request)
     at PlatformCommand.ExecuteInternal()
     at CreateCommand.Execute()
     at DataSource.Create(Entity entity, Boolean performDuplicateCheck)
     at EntityProxy.Create(Boolean performDuplicateCheck)
     at SystemUser.Create(Boolean performDuplicateCheck)
     at AppForm.SaveEntity(EntityProxy entity, FormEventId eventType, String redirectPath, Boolean performDuplicateCheck)
     at AppForm.RaiseDataEvent(FormEventId eventId)
     at EndUserForm.Initialize(Entity entity)
     at CustomizableForm.Execute(Entity entity, String formType)
     at CustomizableForm.Execute(Entity entity)
     at SystemUserDetailPage.ConfigureForm()
     at AppUIPage.OnPreRender(EventArgs e)
     at Control.PreRenderRecursiveInternal()
     at Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
     at Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
     at Page.ProcessRequest()
     at Page.ProcessRequestWithNoAssert(HttpContext context)
     at Page.ProcessRequest(HttpContext context)
     at southtechlimited_biz_users_edit_aspx.ProcessRequest(HttpContext context)
     at CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
     at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
     at HttpApplication.ResumeSteps(Exception error)
     at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object

    extraData)
     at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
     at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
     at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)


    -----------------------------ERROR LINE--------------------------------------------


    > SystemUser.Create for user isa.com\hary : CreateInternal : AddPrincipalToGroupByName Starting
    [2009-04-08 14:46:38.1] Process: w3wp |Organization:351d45d8-d387-489a-9cb0-e8197ce9746f |Thread:   10 |Category: Exception

    |User: 32097336-ddb8-46ec-a9bd-4d19196ac22d |Level: Error | CrmException..ctor


    -----------------------------ERROR LINE--------------------------------------------

     

     at CrmException..ctor(String message, Exception innerException, Int32 errorCode, Boolean isFlowControlException,

    Boolean enableTrace)
     at CrmException..ctor(String message, Int32 errorCode)
     at SecurityUtils.GetSidFromAccount(String accountName)
     at SecurityUtils.AddPrincipalToGroupByName(String principalName, Guid groupId)
     at SecurityLibrary.AddPrincipalToGroupByName(String NTName, Guid groupId)
     at SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext

    context)
     at SystemUserServiceInternal`1.Create(IBusinessEntity systemuser, ExecutionContext context)
     at RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes

    methodAttributes, RuntimeTypeHandle typeOwner)
     at RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes

    methodAttributes, RuntimeTypeHandle typeOwner)
     at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo

    culture, Boolean skipVisibilityChecks)
     at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo

    culture)
     at LogicalMethodInfo.Invoke(Object target, Object[] values)
     at InternalOperationPlugin.Execute(IPluginExecutionContext context)
     at PluginStep.Execute(PipelineExecutionContext context)
     at Pipeline.Execute(PipelineExecutionContext context)
     at MessageProcessor.Execute(PipelineExecutionContext context)
     at InternalMessageDispatcher.Execute(PipelineExecutionContext context)
     at ExternalMessageDispatcher.Execute(String messageName, Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode,

    PropertyBag fields, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
     at RequestBase.Process(Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, CorrelationToken correlationToken,

    CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
     at RequestBase.Process(CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid

    callerId)
     at CrmServiceInternal.Execute(RequestBase request, CorrelationToken correlationToken, CallerOriginToken originToken,

    UserAuth userAuth, Guid callerId)
     at InProcessCrmService.Execute(Object request)
     at PlatformCommand.ExecuteInternal()
     at CreateCommand.Execute()
     at DataSource.Create(Entity entity, Boolean performDuplicateCheck)
     at EntityProxy.Create(Boolean performDuplicateCheck)
     at SystemUser.Create(Boolean performDuplicateCheck)
     at AppForm.SaveEntity(EntityProxy entity, FormEventId eventType, String redirectPath, Boolean performDuplicateCheck)
     at AppForm.RaiseDataEvent(FormEventId eventId)
     at EndUserForm.Initialize(Entity entity)
     at CustomizableForm.Execute(Entity entity, String formType)
     at CustomizableForm.Execute(Entity entity)
     at SystemUserDetailPage.ConfigureForm()
     at AppUIPage.OnPreRender(EventArgs e)
     at Control.PreRenderRecursiveInternal()
     at Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
     at Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
     at Page.ProcessRequest()
     at Page.ProcessRequestWithNoAssert(HttpContext context)
     at Page.ProcessRequest(HttpContext context)
     at southtechlimited_biz_users_edit_aspx.ProcessRequest(HttpContext context)
     at CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
     at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
     at HttpApplication.ResumeSteps(Exception error)
     at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object

    extraData)
     at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
     at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
     at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
    >Crm Exception: Message: LookupAccountNameW failed with error, ErrorCode: -2147214038
    [2009-04-08 14:46:38.1] Process: w3wp |Organization:351d45d8-d387-489a-9cb0-e8197ce9746f |Thread:   10 |Category: Platform

    |User: 32097336-ddb8-46ec-a9bd-4d19196ac22d |Level: Info | MiniDumpSettings.Create
     at MiniDumpSettings.Create()
     at MiniDump.CreateDumpInternal(MiniDumpReasons reason, Exception exception)
     at CrmException..ctor(String message, Exception innerException, Int32 errorCode, Boolean isFlowControlException,

    Boolean enableTrace)
     at CrmException..ctor(String message, Int32 errorCode)
     at SecurityUtils.GetSidFromAccount(String accountName)
     at SecurityUtils.AddPrincipalToGroupByName(String principalName, Guid groupId)
     at SecurityLibrary.AddPrincipalToGroupByName(String NTName, Guid groupId)
     at SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext

    context)
     at SystemUserServiceInternal`1.Create(IBusinessEntity systemuser, ExecutionContext context)
     at RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes

    methodAttributes, RuntimeTypeHandle typeOwner)
     at RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes

    methodAttributes, RuntimeTypeHandle typeOwner)
     at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo

    culture, Boolean skipVisibilityChecks)
     at RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo

    culture)
     at LogicalMethodInfo.Invoke(Object target, Object[] values)
     at InternalOperationPlugin.Execute(IPluginExecutionContext context)
     at PluginStep.Execute(PipelineExecutionContext context)
     at Pipeline.Execute(PipelineExecutionContext context)
     at MessageProcessor.Execute(PipelineExecutionContext context)
     at InternalMessageDispatcher.Execute(PipelineExecutionContext context)
     at ExternalMessageDispatcher.Execute(String messageName, Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode,

    PropertyBag fields, CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
     at RequestBase.Process(Int32 primaryObjectTypeCode, Int32 secondaryObjectTypeCode, CorrelationToken correlationToken,

    CallerOriginToken originToken, UserAuth userAuth, Guid callerId)
     at RequestBase.Process(CorrelationToken correlationToken, CallerOriginToken originToken, UserAuth userAuth, Guid

    callerId)
     at CrmServiceInternal.Execute(RequestBase request, CorrelationToken correlationToken, CallerOriginToken originToken,

    UserAuth userAuth, Guid callerId)
     at InProcessCrmService.Execute(Object request)
     at PlatformCommand.ExecuteInternal()
     at CreateCommand.Execute()
     at DataSource.Create(Entity entity, Boolean performDuplicateCheck)
     at EntityProxy.Create(Boolean performDuplicateCheck)
     at SystemUser.Create(Boolean performDuplicateCheck)
     at AppForm.SaveEntity(EntityProxy entity, FormEventId eventType, String redirectPath, Boolean performDuplicateCheck)
     at AppForm.RaiseDataEvent(FormEventId eventId)
     at EndUserForm.Initialize(Entity entity)
     at CustomizableForm.Execute(Entity entity, String formType)
     at CustomizableForm.Execute(Entity entity)
     at SystemUserDetailPage.ConfigureForm()
     at AppUIPage.OnPreRender(EventArgs e)
     at Control.PreRenderRecursiveInternal()
     at Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
     at Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
     at Page.ProcessRequest()
     at Page.ProcessRequestWithNoAssert(HttpContext context)
     at Page.ProcessRequest(HttpContext context)
     at southtechlimited_biz_users_edit_aspx.ProcessRequest(HttpContext context)
     at CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
     at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
     at HttpApplication.ResumeSteps(Exception error)
     at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object

    extraData)
     at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
     at HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
     at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)

  • Community Member Profile Picture
    Community Member on at

    When you add a CRM user, it's added in two groups:

    UserGroup<organizationGUID>

    ReportingGroup<organizationGUID>

    The group's scope is GLOBAL when CRM is installed. You need to change the scope to LOCAL to be able to add user from the other domain, or any trusted domain. To do that we need to create new group and change the record in organisation table in CRM to reference the new GUID associated to these group.

    To finish ,add the user in CRM to these new groups.

    Please give that a try and let me know your results.

    - Mark

  • Community Member Profile Picture
    Community Member on at

    Taher before you try my previous post, can you let me know if you are using a Two-Way or One-Way Trust?

     - Mark

  • Taher Ali Profile Picture
    Taher Ali on at

    Hi Mark:

     The group's scope is set to Domain Local and Global scope is disabled.

    Thanks

  • Taher Ali Profile Picture
    Taher Ali on at

    Hi Mark:

    I am using two way trust.

    Thanks

  • Taher Ali Profile Picture
    Taher Ali on at

    Hi,

    Is there any solutions?

    Thanks

  • gcanivet Profile Picture
    gcanivet 95 on at

    Hello,

    I had a similar issue to this. I could not add users from trusted domains using the CRM interface...As a temporary fix I opened Active Directory, opened the crm UserGroup and added the individual to the group manually in AD. After that, I went back to CRM and I was able to add the user without an error... interestingly, it automatically added the CRM user to the ReportingGroup for me.

    ...I suspect that the cause for this is that the CRM is timing out before it gets a response from the trusted domain over a slow link. AD on the other hand allows more time to respond....

    In general, if anyone has a method to speed up authentication over trusted domains on slow-links, it would be greatly appreciated. Is there a way to replicate trusted domains in external forests?

    Regards,


    G

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans