Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics CRM forum
Unanswered

Dynamics 9.1 on-prem -> Sharepoint 2019 on-prem: Server-based integration

Posted on by 55

Hi all

I'm trying to connect my dynamics 365 organization with a SharePoint 2019 instance.

I was going step by step following the instruction from the MSDN (https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/admin/on-prem-server-based-sharepoint-on-prem?view=op-9-1#other-prerequisites-and-limitations)

There we no errors, everything was successfully, but as result, I got the 401 exception (The remote server returned an error: (401) Unauthorized.)

I've found a lot of solutions in this community regarding it but they didn't helped

All the prerequisites have been met. A domain is the same. ADFS is 3.0

User in the CRM already has the sharepoint email field and value.

When I'm trying to validate the SP site in the Settings -> Document Management -> SharePoint sites, I'm getting the same error.

Here is my PowerShell script on the SP side:


Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> Add-PSSnapin Microsoft.SharePoint.PowerShell
PS C:\Windows\system32> $c = Get-SPSecurityTokenServiceConfig
PS C:\Windows\system32> $c.AllowMetadataOverHttp = $true
PS C:\Windows\system32> $c.AllowOAuthOverHttp= $true
PS C:\Windows\system32> $c.Update()
PS C:\Windows\system32> New-SPTrustedSecurityTokenIssuer -Name "demo91" -IsTrustBroker:$false -MetadataEndpoint demo91.*********.com/.../json
New-SPTrustedSecurityToken

IsSelfIssuer : True
NameId : 00000007-0000-0000-c000-000000000000@066e2dd5-****-****-****-********082e
RegisteredIssuerName : 00000007-0000-0000-c000-000000000000@066e2dd5-****-****-****-********082e
AuthorizationEndPointUri :
EndSessionEndPointUri :
TokenEndPointUri :
DefaultClientIdentifier :
ScopedClientIdentifier : {}
IdentityClaimTypeInformation : Microsoft.SharePoint.Administration.Claims.SPTrustedClaimTypeInformation
Description :
SigningCertificate : [Subject]
CN=*.*********.com

[Issuer]
CN=******** ** - ****** - **, *=********** **-**, *=**

[Serial Number]
************************

[Not Before]
24.10.2021 13:10:06

[Not After]
25.11.2022 12:10:06

[Thumbprint]
****************************************

AdditionalSigningCertificates : {}
MetadataEndPoint : demo91.*********.com/.../json
IsAutomaticallyUpdated : True
Name : demo91
TypeName : Microsoft.SharePoint.Administration.Claims.SPTrustedSecurityTokenService
DisplayName : demo91
Id : d32a4542-****-****-****-********4285
Status : Online
Parent : SPSecurityTokenServiceManager Name=SecurityTokenServiceManager
Version : 693576
DeploymentLocked : False
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}

PS C:\Windows\system32> $CrmRealmId = "066e2dd5--****-****-****-********082e"
PS C:\Windows\system32> $Identifier = "00000007-0000-0000-c000-000000000000@" + $CrmRealmId
PS C:\Windows\system32> $site = Get-SPSite "">dev03.*********.com/.../crmtest"
PS C:\Windows\system32> Register-SPAppPrincipal -site $site.RootWeb -NameIdentifier $Identifier -DisplayName "demo91"

NameIdentifier EncodedNameIdentifier
-------------- ---------------------
00000007-0000-0000-c000-000000000000@066e2dd5-****-****-****-********082e i:0i.t|ms.sp.ext|00000007-0000-0000-c000-0...


PS C:\Windows\system32> $app = Get-SPAppPrincipal -NameIdentifier $Identifier -Site $site.Rootweb
PS C:\Windows\system32> Set-SPAppPrincipalPermission -AppPrincipal $app -Site $site.Rootweb -Scope "sitecollection" -Right "FullControl" -EnableAppOnlyPolicy


Set-SPAppPrincipalPermission -AppPrincipal $app -Site $site.Rootweb -Scope "sitecollection" -Right "FullControl" -EnableAppOnlyPolicy

PS C:\Windows\system32> New-SPClaimTypeMapping -IncomingClaimType "">schemas.xmlsoap.org/.../emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming


DisplayName : EmailAddress
InputClaimType : schemas.xmlsoap.org/.../emailaddress
MappedClaimType : schemas.xmlsoap.org/.../emailaddress
IsIdentityClaim : False
AcceptOnlyKnownClaimValues : False
ClaimValueModificationAction : None
ClaimValueModificationArgument :
KnownClaimValues : {}
UpgradedPersistedProperties :



Could anyone suggest on how to resolve this trouble?

  • ravenstone2k Profile Picture
    ravenstone2k 5 on at
    RE: Dynamics 9.1 on-prem -> Sharepoint 2019 on-prem: Server-based integration

    Hi, did you get to resolve your issue? We are facing the same problem. Can you kindly update us here if you were able to resolve this.

  • PhilipK Profile Picture
    PhilipK 602 on at
    RE: Dynamics 9.1 on-prem -> Sharepoint 2019 on-prem: Server-based integration

    Hi Michael.

    Have you configured User Profile Service Application within SharePoint?
    Be sure that the "work email" is set on on the user's profiles and matches the SharePoint Email Address field in Dynamics 365.

    If you have already done this I would recommend you check the SharePoint ULS log when you've reproduced the 401 Unathorized error.
    It's quite simple to see what is missing there and if i recall correctly the SP correlation id is in the error so you can just copy that from Dynamics 365 and search for all corresponding entries and you will see why SP throws the 401, and if not just go for "401" or the "mail/upn" you have for the user reproducing the error which is the SharePoint Email address field mentioned earlier.

    Hope this helps.
    Philip

Helpful resources

Quick Links

Replay now available! Dynamics 365 Community Call (CRM Edition)

Catch up on the first D365 Community Call held on 7/10

Community Spotlight of the Month

Kudos to Saurav Dhyani!

Congratulations to the June Top 10 community leaders!

These stars go above and beyond . . .

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 287,696 Super User

#2
Martin Dráb Profile Picture

Martin Dráb 225,490 Super User

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans