web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / SharePoint Server-Base...
Microsoft Dynamics CRM (Archived)

SharePoint Server-Based Authentication Error (CRM 2016 On-Prem & SharePoint Online)

(1) ShareShare
ReportReport
Posted on by Community Member

I've run the commands in this technet article: https://technet.microsoft.com/en-us/library/mt171421.aspx

Unfrotunately I'm getting this error when I try to run the wizard:

<errorlog><sites>

  <site>

    <url>https://omnisource.sharepoint.com/sites/crmdev</url>

    <exception>The request was aborted: The request was canceled.Access token could not be obtained from: https://accounts.accesscontrol.windows.net/tokens/OAuth/2 for resource: 00000003-0000-0ff1-ce00-000000000000/omnisource.sharepoint.com@c0c098c0-0639-4a17-a7eb-d6f5d49efddb</exception>

    <errorcode>-2147088205</errorcode>

    <correlation>19d4699d-202e-2000-36cf-19425d087443</correlation>

  </site>

</sites></errorlog>

#Install msoidcli_64.msi on CRM front-end
#Install Azure AD module on CRM front-end
#Launch Azure AD module
$msolcred = get-credential
#Login as <globaladmin>@omnisource.onmicrosoft.com
connect-msolservice -credential $msolcred
cd "C:\Program Files\Microsoft Dynamics CRM\tools"
$CertificateScriptWithCommand = “.\CertificateReconfiguration.ps1 -certificateFile C:\Support\omni-cert.pfx -password <password> -updateCrm -certificateType S2STokenIssuer -serviceAccount OMNISOURCE\SRV_CRM2016<asyncservice> -storeFindType FindBySubjectDistinguishedName”
Invoke-Expression -command $CertificateScriptWithCommand
Enable-PSRemoting -force
Import-Module MSOnline -force
Import-Module MSOnlineExtended -force
$STSCertificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList C:\Support\omni-cert.pfx, <password>
$PFXCertificateBin = $STSCertificate.GetRawCertData()
$Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$Certificate.Import(“C:\Support\omni-cert.cer”)
$CERCertificateBin = $Certificate.GetRawCertData()
$CredentialValue = [System.Convert]::ToBase64String($CERCertificateBin)
$RootDomain = “*.omnisourcemarketing.com”
$CRMAppId = "00000007-0000-0000-c000-000000000000"
New-MsolServicePrincipalCredential -AppPrincipalId $CRMAppId -Type asymmetric -Usage Verify -Value $CredentialValue
$CRM = Get-MsolServicePrincipal -AppPrincipalId $CRMAppId
$ServicePrincipalName = $CRM.ServicePrincipalNames
$ServicePrincipalName.Remove("$CRMAppId/$RootDomain")
$ServicePrincipalName.Add("$CRMAppId/$RootDomain")
Set-MsolServicePrincipal -AppPrincipalId $CRMAppId -ServicePrincipalNames $ServicePrincipalName
Add-PSSnapin Microsoft.Crm.PowerShell
$setting = New-Object "Microsoft.Xrm.Sdk.Deployment.ConfigurationEntity"
$setting.LogicalName = "ServerSettings"
$setting.Attributes = New-Object "Microsoft.Xrm.Sdk.Deployment.AttributeCollection"
$attribute1 = New-Object "System.Collections.Generic.KeyValuePair[String, Object]" ("S2SDefaultAuthorizationServerPrincipalId", "00000001-0000-0000-c000-000000000000")
$setting.Attributes.Add($attribute1)
$attribute2 = New-Object "System.Collections.Generic.KeyValuePair[String, Object]" ("S2SDefaultAuthorizationServerMetadataUrl", "accounts.accesscontrol.windows.net/.../1")
$setting.Attributes.Add($attribute2)
Set-CrmAdvancedSetting -Entity $setting

### Gets SharePoint Tenant ID
$CRMContextId = (Get-MsolCompanyInformation).ObjectID
$CRMContextId

------------------------

Am I missing something?

*This post is locked for comments

I have the same question (0)
  • Verified answer
    Community Member Profile Picture
    Community Member on at
    RE: SharePoint Server-Based Authentication Error (CRM 2016 On-Prem & SharePoint Online)

    Hi,

    Hope the below will help you to resolve the issue. Since most of the cases with 401 unauthorized error in sharepoint integration especially for server-based authentication got resolved by the below fix.

    The CRM account should have access to the share point site. Once you configure the sharepoint integration with server based authentication, the email address should be populated in the sharepoint email address field in the systemuser table on the CRM organization database. If the value was null, then we have update the field with the email address.

  • Verified answer
    Community Member Profile Picture
    Community Member on at
    RE: SharePoint Server-Based Authentication Error (CRM 2016 On-Prem & SharePoint Online)

    That's correct Ganesh. I was up all night with Microsoft working on this issue. 

    If anyone else runs into this issue, make sure your Application Pool account is able to manage the private key on your CRM certificate in the Local Computer|Personal store. Also, check and make sure the email address in CRM matches the primary SMTP of the account you're using to set up the server-based authentication. Hopefully this will save someone's day and $500 for a case.

  • Community Member Profile Picture
    Community Member on at
    RE: SharePoint Server-Based Authentication Error (CRM 2016 On-Prem & SharePoint Online)

    This did not work for me. Any other suggestions?

    Thanks!

  • Community Member Profile Picture
    Community Member on at
    RE: SharePoint Server-Based Authentication Error (CRM 2016 On-Prem & SharePoint Online)

    I am getting different issue:

       <exception>The request was aborted: The request was canceled.Sharepoint Realm ID did not match bearer challenge: [Scheme: Bearer, Parameters: [realm: 75f858cc-dd95-40f6-bb75-2616c429d2f6, client_id: 00000003-0000-0ff1-ce00-000000000000, trusted_issuers: 00000007-0000-0000-c000-000000000000@150d2fd6-18f3-e611-80fe-000d3ad09ec4,00000003-0000-0ff1-ce00-000000000000@75f858cc-dd95-40f6-bb75-2616c429d2f6]] with the service principal: [ServicePrincipalName: [PrincipalId: 00000003-0000-0ff1-ce00-000000000000, HostName: , Realm: 616ac38e-a6ec-45c5-a3c8-0d531966730b], TenantId: 00000000-0000-0000-0000-000000000000]</exception>

       <errorcode>-2147088205</errorcode>

       <correlation>c70ae99d-cd50-602f-6636-ff32679f2b4a</correlation>

     </site>

    Any idea how to fix it?

  • wperkinson3 Profile Picture
    wperkinson3 2 on at
    RE: SharePoint Server-Based Authentication Error (CRM 2016 On-Prem & SharePoint Online)

    I am having the same issue.  Updating the email address did not correct the problem.

  • nidnani Profile Picture
    nidnani 285 on at
    RE: SharePoint Server-Based Authentication Error (CRM 2016 On-Prem & SharePoint Online)

    hi, I am getting a similar error. I've also tried the below code.

    $CertificateScriptWithCommand = “.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\CRMAsyncService -storeFindType FindBySubjectDistinguishedName”

    Invoke-Expression -command $CertificateScriptWithCommand

    I got the message in Powershel that it updated certificate successfully. But when i go into CRM and validate my SharePoint site i get below error.

    4606.Unexpected-SP-error.PNG

    <exception>The request was aborted: The request was canceled.Access token could not be obtained from: accounts.accesscontrol.windows.net/.../2 for resource: 00000003-0000-0ff1-ce00-000000000000/constco.sharepoint.com@91b6bde9-1eb1-42d6-8375-b37d6a90df4c</exception>

     <errorcode>-2147088205</errorcode>

     <correlation>e608449f-10d1-b000-c6aa-6f11faef5662</correlation>

    </site>

    I appreciate your help in advance.

  • bigjig Profile Picture
    bigjig 135 on at
    RE: SharePoint Server-Based Authentication Error (CRM 2016 On-Prem & SharePoint Online)

    I have come across the same problem with server side sync mailbox. Did you guys ever manage to fix it?

    >Crm Exception: Message: Access token could not be obtained from: accounts.accesscontrol.windows.net/.../2 for resource: 00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@000000000000-ef50-462f-9d9d-d2ae6cc775ed, ErrorCode: -2147098045, InnerException: System.IdentityModel.RequestFailedException: Token request failed. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
    at System.Net.HttpWebRequest.GetResponse()
    at Microsoft.Crm.Authentication.S2S.Extensions.OAuth2WebRequest.GetResponse()
    at Microsoft.Crm.Authentication.S2S.Extensions.OAuth2S2SClient.Issue(String securityTokenServiceUrl, OAuth2AccessTokenRequest oauth2Request)
    --- End of inner exception stack trace ---
    at Microsoft.Crm.Authentication.S2S.Extensions.OAuth2S2SClient.Issue(String securityTokenServiceUrl, OAuth2AccessTokenRequest oauth2Request)
    at Microsoft.Crm.Authentication.S2S.AuthorizationServerIssuedOAuthCredentials.GetSignedAccessTokenData(ServicePrincipal issuerPrincipal, WebRequest request)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
HR-09070029-0 Profile Picture

HR-09070029-0 2

#2
ED-30091530-0 Profile Picture

ED-30091530-0 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans