web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / On-Premise 9.1 updated...
Customer experience | Sales, Customer Insights,...
Unanswered

On-Premise 9.1 updated and now IFD is not working

(0) ShareShare
ReportReport
Posted on by MyAmazingD365Name 25

We upgraded our development on-premise environment to 9.1 last night and while we can login as a service account using domain\user our IFD using user@UPN is no longer working. We receive the generic "An error has occurred. Try this action again. If the problem continues, check...." message.

We have refreshed the ADFS metadata and rebooted the front and back ends and verified the databases/organization in deployment manager are all on version 9.1.1.914.

In event viewer on our front-end we see one error referencing this (I have verified there is no object called "ScaleGroup" in the MSCRM_Config database that I can find).

The locator service failed to connect to the configuration database (MSCRM_CONFIG). The error was: System.Data.SqlClient.SqlException (0x80131904): Invalid object name 'ScaleGroup'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at Microsoft.Crm.CrmDbConnection.LockConnectionAndExecuteMethod[TResult](IDbConnection connection, Func`1 executeMethod)
at Microsoft.Crm.CrmDbConnection.InternalExecuteWithRetry[TResult](Func`1 ExecuteMethod, IDbCommand command, ICrmTransaction crmTransaction)
at Microsoft.Crm.CrmDbConnection.<>c__DisplayClass157_0.<InternalExecuteReader>b__0()
at Microsoft.PowerApps.CoreFramework.ActivityLoggerExtensions.Execute[TResult](ILogger logger, EventId eventId, ActivityType activityType, Func`1 func, IEnumerable`1 additionalCustomProperties)
at Microsoft.Xrm.Telemetry.XrmTelemetryExtensions.Execute[TResult](ILogger logger, XrmTelemetryActivityType activityType, Func`1 func)
at Microsoft.Crm.CrmDbConnection.InternalExecuteReader(IDbCommand command, Nullable`1 commandBehavior, ICrmTransaction crmTransaction, Int32 sourceLineNumber, String memberName, String sourceFilePath)
at Microsoft.Crm.CrmDbConnection.ExecuteReader(IDbCommand command, Boolean impersonate, Int32 sourceLineNumber, String memberName, String sourceFilePath)
at Microsoft.Crm.SharedDatabase.DatabaseService.ExecuteBaseReader(CrmDbConnection connection, IDbCommand command, String[] columns, IDictionary collectionToFill)
ClientConnectionId:91192699-73ef-492f-abd2-056ac2f6bc3a
Error Number:208,State:1,Class:16.

 

I have the same question (0)
  • PhilipK Profile Picture
    PhilipK 613 on at

    Check the Eventlogs on both CRM FE and ADFS server(AD FS, Admin log under Application and Services logs) when you authenticate against the IFD endpoint for issues.

    Other than that, try reseting the Claims as well as IFD configuration via Deployment Manager, it's such a quick and easy task and you will see if any new errors have come up during the Pre-check tests it does.

    Regarding the event log error: The locator service failed to connect to the configuration database (MSCRM_CONFIG). The error was: System.Data.SqlClient.SqlException (0x80131904): Invalid object name 'ScaleGroup'.

    I've got this to along with another similar one:

    The locator service failed to connect to the configuration database (MSCRM_CONFIG). The error was: System.Data.SqlClient.SqlException (0x80131904): Invalid object name 'OrganizationLifecycle'.

    I would assume these entries are side-effect/leftovers when Microsoft put together their package from "Online" and forget to remove some features and functions that only are available online and is now missing in the On-Premise installation.

    Basically they removed the object from the MSCRM_Config but dit not exclude it from the service itself which continue to query for that object..

    Hopefully, they'll address it in a future update.

  • MyAmazingD365Name Profile Picture
    MyAmazingD365Name 25 on at

    We believe it's an issue with the claims auth. We've reconfigured it in deployment manager, and it appears to be authenticating against the Active Directory but after reaching D365 we're seeing an "Unknown user name or bad password" in the front end security event viewer. So I guess the AD is authenticating but D365 isn't thinking it's a valid user. We've rebooted all servers, refreshed metadata, even set up a brand new user in both AD and D365 to eliminate any caching issues but it still persists.

    Not sure what we're missing as this was working fine on 9.0. We've re-checked our claims rules, etc, but no luck thus far. We may end up having to revert back to 9.0 but we've opened a ticket with MS which we hope to hear about today.

  • PhilipK Profile Picture
    PhilipK 613 on at

    Did you check the specific AD FS, Admin log under Application and Services logs for any errors during sign-on?

    Kind of strange that you get "Unknow user name or bad password" on the D365 FE as when using claims-based autentication as you would get this in ADFS Admin log mentioned above if the supplied credentials were to be incorrect..

    You should be seeing something like this on the ADFS:

    Token validation failed.  

    Additional Data

    Token Type:

    schemas.microsoft.com/.../UserName

    %Error message:

    <username>-The user name or password is incorrect

    Exception details:

    System.IdentityModel.Tokens.SecurityTokenValidationException: <username>

    Can you confirm this is related to the sign-on processes for that specific user or might it be some other account(e.g. service account) that has trouble authenticating?

  • MyAmazingD365Name Profile Picture
    MyAmazingD365Name 25 on at

    That's why I was thinking it was authenticating against Active Directory fine as I don't see the error there, but rather on the front end (so I'm thinking D365 doesn't think the logged in user is a valid D365 user.

    I enabled ADFS tracing and I do see one warning during the sign on: "Event 78: SSO token is null or empty. Cannot write SSO token to Cookies." but then it continues on and appears to be successful (no further warnings or errors).

  • MyAmazingD365Name Profile Picture
    MyAmazingD365Name 25 on at

    Just as an update to this post, we've confirmed with Microsoft this is an issue and it has been passed to their development team to fix.

    The issue is that we are authenticating with outside domains (for example, we are hosted in Active Directory domain x, but want to authenticate with another organization using their own Active Directory.

    So when we do this, we have to set up the user in D365 with the upn (ex. "user@myorganization.org")

    When authenticating it passes through a stored procedure called p_GetCRMUserID which uses the following SQL:

          select suo.CrmUserId as CrmUserId
          from SystemUserOrganizations suo
          join SystemUserAuthentication sua on (suo.UserId = sua.UserId)
          where sua.AuthInfo = @AuthInfo and suo.OrganizationId = @OrganizationId

    The @AuthInfo parameter is supposed to be either set to "W:" appended with the users SID (if you are in the same domain) or a "C:" appended with the user's UPN if you are using claims and coming from an outside domain.

    It always comes though with the "W:" and SID regardless of where the user is coming from (which is different than how 9.0 worked). So it will never authenticate with any "C:" users in that table.

    Anyways, we can't use 9.1 until this is fixed because 99% of our users are not in the hosted domain.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 81 Super User 2025 Season 2

#2
Gerardo Rentería García Profile Picture

Gerardo Rentería Ga... 49 Most Valuable Professional

#3
#ManoVerse Profile Picture

#ManoVerse 40

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans
Liquid error: parsing "/blogs/post/?postid=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO))," - Too many )'s.