web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / SSPI negotiation faile...
Customer experience | Sales, Customer Insights,...
Unanswered

SSPI negotiation failed when trying to call the SDK after changing a password

(0) ShareShare
ReportReport
Posted on by Christian Betrisey 30

Hi,

We are encountering a security issue when trying to call the SDK (onPremise 8.2) from a web service. This worked fine until we changed to password of the CRM user USER_A which is used as 'Identity' of the appPool under which the  web service is running.

After changing the password, we re-entered the identity as user USER_A + new password and restarted the appPool.Now we are getting the following exception when calling the SDK

SOAP security negotiation with 'http://crm.xxxx.xxx/org1/XRMServices/2011/Organization.svc' for target 'http://crm.xxxxxx.xxx/org1/XRMServices/2011/Organization.svc' failed. See inner exception for more details.
InnerException = {"The Security Support Provider Interface (SSPI) negotiation failed."}

 

We thought it might be an SPN issue for accessing the SDK service which runs under SVCUSER

>setspn -q http/crm.xxxx.xx
Checking domain DC=xxxxx,DC=org
CN=SVCUSER,OU=Service Accounts,DC=xxxxx,DC=org
        HTTP/crm.xxxx.xxx

We thought we could add USER_A, but this fails (duplicate SPN found) because it already has SVCUSER under which it is running

Any idea why a simple password change would cause this error?
Thanks for your help

Christian

I have the same question (0)
  • Gustavo Longo Profile Picture
    Gustavo Longo on at
    RE: SSPI negotiation failed when trying to call the SDK after changing a password

    Hello Christian,

    Hope you are well.

    Would say to check out if the same service account is configured on another nodes (frontend and backend servers).

    Regards,

  • Christian Betrisey Profile Picture
    Christian Betrisey 30 on at
    RE: SSPI negotiation failed when trying to call the SDK after changing a password

    Hi Gustavo,

    Many thanks for answering to my question.

    I just found out what the issue was and could fix it.

    This service was an old service that was not using the credentials from the appPool to access CRM. I needed to update the credentials stored in another vault temporarily. I will fix the service to use the appPool identity like the other services instead.

    Thanks

    Christian

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Rishabh Kanaskar Profile Picture

Rishabh Kanaskar 258

#2
MVP-Daniyal Khaleel Profile Picture

MVP-Daniyal Khaleel 186

#3
Tom_Gioielli Profile Picture

Tom_Gioielli 130 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans