web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Can't add new user in ...
Microsoft Dynamics CRM (Archived)

Can't add new user in CRM 2011! Error while retrieving GUID from SID

(0) ShareShare
ReportReport
Posted on by toLL 305

For any reason I suddenly can't create new user in CRM 2011. User exists already in AD. I go to CRM and try to add this new user. When I write his domain\username in CRM "User Name" field, all other data are populated from AD correctly (Firstname, lastname, email). But when I try to save this user I get exception by SecurityUtils.TryGetGuidFromSid. Here is my Trace:



[2012-02-28 11:52:40.141] Process: w3wp |Organization:629644d5-6e79-40c0-bcff-8a00a48e9967 |Thread:   72 |Category: ADUtility |User: 2584982f-bebf-432e-b0c0-e6810e590f60 |Level: Error | SecurityUtils.TryGetGuidFromSid
>Error while retrieving GUID  from SID. Exception: System.Runtime.InteropServices.COMException (0x8007202B):A referral was returned from the server.

   at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
   at System.DirectoryServices.SearchResultCollection.get_InnerList()
   at System.DirectoryServices.SearchResultCollection.get_Count()
   at Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
   at Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
[2012-02-28 11:52:40.141] Process: w3wp |Organization:629644d5-6e79-40c0-bcff-8a00a48e9967 |Thread:   72 |Category: ADUtility |User: 2584982f-bebf-432e-b0c0-e6810e590f60 |Level: Error | SecurityUtils.GetUserId
>Error while retrieving userId. Exception: System.Runtime.InteropServices.COMException (0x8007202B): A referral was returned from the server.

   at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
   at System.DirectoryServices.SearchResultCollection.get_InnerList()
   at System.DirectoryServices.SearchResultCollection.get_Count()
   at Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
   at Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
   at Microsoft.Crm.SecurityUtils.GetUserId(String domainName, Boolean limitGlobalCatalogSearches)
[...]


any idea?

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Red Hodgerson Profile Picture
    Red Hodgerson on at
    RE: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    If anyone still needs help with deleting the TAPI3Directory naming context, you can use the "partition management" feature of the ntdsutil.exe utility.

    technet.microsoft.com/.../cc730970.aspx

  • Najeeb Ullah Profile Picture
    Najeeb Ullah 5 on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    Dear Toll..

    Please help me " How we  delete TAPI3Directory naming context in our DC"

    ASAP.

    Thanks in Advancec

  • Gus Gonzalez Profile Picture
    Gus Gonzalez 27,113 on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    Thank you for posting the answer for everyone to see.

  • Verified answer
    toLL Profile Picture
    toLL 305 on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    Problem solved - we need to delete TAPI3Directory naming context in our DC.

  • toLL Profile Picture
    toLL 305 on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    we've only one domain

     

    I found some interesting links, it's about CRM 4  but I'm sure this make any difference:

    http://crm.davidyack.com/journal/2007/12/24/active-directory-and-dns-gotcha.html

    http://www.techtalkz.com/microsoft-dynamics-crm/418987-crm-4-installation-error-referral-returned-server-2.html

    so it looks like a problem with DNS. Does anyone know how to solve this? Re-installing DNS is not an option.

  • Bill Kelly Profile Picture
    Bill Kelly on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    This is a shot in the dark, but are you adding users from one AD domain to a CRM implementation that exists in another AD domain?  If so, you can have something called a duplicate foreign security principal.  Basically there are two records of a user from one domain in the GC of the domain in which your CRM installation is located and the user can't be created.

  • toLL Profile Picture
    toLL 305 on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    Thanks for your answer

    I tried get-aduser and I could retrieve my user incl. GUID from AD. But get-aduser gets only users from DC. As I can see CRM tries to retrieve all objects by SID:


    searcher.Filter = string.Format(CultureInfo.InvariantCulture, "(objectSid={0})", new object[] { ConvertToOctetString(sid) });

    is this possible that we have two or more objects in our AD with same SID? Is there any other command than get-aduser to retrieve all objects by SID?

     

    Today I got an Information from our Admin, that since 2 months we have two new DC-Servers running. One server "DC2" is main DC (with GC), DC1 is a copy in case of DC2 failure. Could this be a problem for CRM? I tried to set  "PreferredDC" registry-entry to point CRM only to DC2 Server, but with no luck.
    PreferredDC = DC2.Axxx.local

     

     

    What I've tested today was to create new Organization, and... I can't create any new organization in CRM!!! I get same exception!
    Everything works fine till Deplyment Wizard tries to set the OrganizationCreator-user - at this moment I get same Exception on GetGuidFromSid.....

    [08:56:07|  Error| Exception occured during Microsoft.Crm.Tools.Admin.OrganizationCreator: Fehler bei der Aktion Microsoft.Crm.Tools.Admin.ProvisionBusinessAction.
    InnerException:
    System.Runtime.InteropServices.COMException (0x8007202B): Eine Referenzauswertung wurde vom Server zurückgesendet.

       bei System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
       bei System.DirectoryServices.SearchResultCollection.get_InnerList()
       bei System.DirectoryServices.SearchResultCollection.get_Count()
       bei Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
       bei Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
       bei Microsoft.Crm.SecurityUtils.GetUserId(String domainName, Boolean limitGlobalCatalogSearches)
       bei Microsoft.Crm.Authentication.UserManagementFactory.GetActiveDirectoryInformation(String domainName, Boolean limitGlobalCatalogSearches)
       bei Microsoft.Crm.Authentication.UserManagementFactory.CheckForActiveDirectoryUser(String uniqueName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
       bei Microsoft.Crm.Authentication.UserManagementFactory.ValidateActiveDirectoryUser(String domainName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
       bei Microsoft.Crm.Authentication.UserManagementFactory.CreateUser(IBusinessEntity systemUser, Boolean setupUser, ExecutionContext context)
       bei Microsoft.Crm.ObjectModel.SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext context)
       bei Microsoft.Crm.ObjectModel.OrganizationServiceInternal`1.CreateRootBusiness(IBusinessEntity organization, IBusinessEntity business, IBusinessEntity systemUser, ExecutionContext context)
       bei Microsoft.Crm.Setup.Server.Utility.NewOrgUtility.OrganizationCreateNew(String organizationId, String organizationName, String userAccountName, String userFirstName, String userLastName, String userEmail, String featureSetFile, String languageCode, String privilegedUserGroup, String sqlAccessGroup, String reportingGroup, String privilegedReportingGroup, Boolean grantNetworkServiceAccess, OrganizationResourceHelper orgSettingsHelper)
       bei Microsoft.Crm.Tools.Admin.ProvisionBusinessAction.Do(IDictionary parameters)
       bei Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)

    08:56:07|   Info| Setting organization state.  New state = Failed
    08:56:07|  Error| Ausnahmefehler beim Erstellen der neuen Organisation (Name=adf61656-a383-e111-bde3-00155d014108, Id=TEST):
    System.Exception: Fehler bei der Aktion Microsoft.Crm.Tools.Admin.ProvisionBusinessAction. ---> System.Runtime.InteropServices.COMException: Eine Referenzauswertung wurde vom Server zurückgesendet.

       bei System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
       bei System.DirectoryServices.SearchResultCollection.get_InnerList()
       bei System.DirectoryServices.SearchResultCollection.get_Count()
       bei Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
       bei Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)
       bei Microsoft.Crm.SecurityUtils.GetUserId(String domainName, Boolean limitGlobalCatalogSearches)
       bei Microsoft.Crm.Authentication.UserManagementFactory.GetActiveDirectoryInformation(String domainName, Boolean limitGlobalCatalogSearches)
       bei Microsoft.Crm.Authentication.UserManagementFactory.CheckForActiveDirectoryUser(String uniqueName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
       bei Microsoft.Crm.Authentication.UserManagementFactory.ValidateActiveDirectoryUser(String domainName, UserValidationParameters userValidationParameters, ExecutionContext context, Boolean limitGlobalCatalogSearches)
       bei Microsoft.Crm.Authentication.UserManagementFactory.CreateUser(IBusinessEntity systemUser, Boolean setupUser, ExecutionContext context)
       bei Microsoft.Crm.ObjectModel.SystemUserServiceInternal`1.CreateInternal(Guid organizationId, IBusinessEntity systemuser, ExecutionContext context)
       bei Microsoft.Crm.ObjectModel.OrganizationServiceInternal`1.CreateRootBusiness(IBusinessEntity organization, IBusinessEntity business, IBusinessEntity systemUser, ExecutionContext context)
       bei Microsoft.Crm.Setup.Server.Utility.NewOrgUtility.OrganizationCreateNew(String organizationId, String organizationName, String userAccountName, String userFirstName, String userLastName, String userEmail, String featureSetFile, String languageCode, String privilegedUserGroup, String sqlAccessGroup, String reportingGroup, String privilegedReportingGroup, Boolean grantNetworkServiceAccess, OrganizationResourceHelper orgSettingsHelper)
       bei Microsoft.Crm.Tools.Admin.ProvisionBusinessAction.Do(IDictionary parameters)
       bei Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
       --- Ende der internen Ausnahmestapelüberwachung ---
       bei Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
       bei Microsoft.Crm.Setup.Common.Installer.Install(IDictionary stateSaver)
       bei Microsoft.Crm.Tools.Admin.OrganizationOperation.Install(IDictionary stateSaver)
       bei Microsoft.Crm.Tools.Admin.OrganizationCreator.Install(IDictionary stateSaver)
       bei Microsoft.Crm.Tools.Admin.OrganizationOperation.Execute()
       bei Microsoft.Crm.Tools.Admin.OrganizationCreator.Execute()
       bei Microsoft.Crm.Tools.Admin.CreateOrganizationInstaller.Create(ICreateOrganizationInfo organizationInfo)

     

     

    any ideas?

  • Bill Kelly Profile Picture
    Bill Kelly on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    This isn't a solution, but may help you troubleshoot.  I would suggest you try an easy little powershell script to see if YOU can retrieve this information, maybe even from the machine that's trying to do this.

    1. Open Powershell

    2. Type: import-module activedirectory

    3. Type: get-aduser S-1-5-21-1776310883-3490779271-3800564124-1550

    The output will have a field called ObjectGUID, which is the Active Directory GUID for that user.  If it can't find that user based on the SID or there is no GUID in the result set, then you could indeed have a problem with AD.  What that problem is, I don't know, but it may help get you to where you are going.

    Bill

  • toLL Profile Picture
    toLL 305 on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    [quote user="Gus Gonzalez"]Can you try restarting your CRM Async Service and IIS on the CRM Server? The error seems to be related to these services.[/quote]

     

    It didn't help me. I restarted whole CRM Server already - no luck.

     

     

    I try to follow my trace:

     

    [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | UserManagementFactory.GetActiveDirectoryInformation
    >Domain Name Axxx\Pxxx

    [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User: |Level: Info | SecurityUtils.GetSidFromAccount
    >Retrieving SID from account Axxx\Pxxx.

    [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.GetSidFromAccount
    >Retrieved SID S-1-5-21-1776310883-3490779271-3800564124-1550 for account Axxx\Pxxx.

    [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.TryGetGuidFromSid
    >Searching AD to retrieve GUID from SID.

    [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.TryGetGuidFromSid
    >Searching AD using DefaultNamingContext as the search type.

    [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.TryGetGuidFromSid
    >Searching AD in the directory entry DC=Axxx, path LDAP://DC=Axxx,DC=local

    [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Info | SecurityUtils.GetGuidFromSid
    >Searching for SID S-1-5-21-1776310883-3490779271-3800564124-1550 to get AD GUID.

    [2012-04-06 15:28:26.790] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User: |Level: Info | SecurityUtils.GetGuidFromSid
    >Query SearchRoot LDAP://DC=Axxx,DC=local with Filter (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\63\5a\e0\69\87\10\11\d0\9c\01\88\e2\0e\06\00\00).


    [2012-04-06 15:28:26.805] Process: w3wp |Organization: |Thread:   15 |Category: ADUtility |User:  |Level: Error | SecurityUtils.TryGetGuidFromSid
    >Error while retrieving GUID  from SID. Exception: System.Runtime.InteropServices.COMException (0x8007202B): Eine Referenzauswertung wurde vom Server zurückgesendet.

       bei System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()
       bei System.DirectoryServices.SearchResultCollection.get_InnerList()
       bei System.DirectoryServices.SearchResultCollection.get_Count()
       bei Microsoft.Crm.SecurityUtils.GetGuidFromSid(DirectorySearcher searcher, Byte[] sid)
       bei Microsoft.Crm.SecurityUtils.TryGetGuidFromSid(Byte[] sid)

     

     

    As you can see User's SID is retrieved from AD correctly. Problem occurs in method GetGuidFromSid(Microsoft.Crm.ADutility.dll). Here some code:

     

    private static Guid GetGuidFromSid(DirectorySearcher searcher, byte[] sid)
{
    CrmTrace.TraceFormat(CrmTrace.DefaultTraceSetting, TraceCategory.ADUtility, TraceLevel.Info, "Searching for SID {0} to get AD GUID.", new object[] { ConvertSIDFromByteToString(sid) });
    searcher.ReferralChasing = ReferralChasingOption.All;
    searcher.Filter = string.Format(CultureInfo.InvariantCulture, "(objectSid={0})", new object[] { ConvertToOctetString(sid) });
    searcher.PropertiesToLoad.Add("objectGUID");
    CrmTrace.TraceFormat(CrmTrace.DefaultTraceSetting, TraceCategory.ADUtility, TraceLevel.Info, "Query SearchRoot {0} with Filter {1}.", new object[] { (searcher.SearchRoot.Path == null) ? "NULL" : searcher.SearchRoot.Path, searcher.Filter });
    SearchResultCollection results = searcher.FindAll();
    if ((results != null) && (results.Count == 1))
    {
        Guid guid = new Guid(results[0].Properties["objectGUID"][0] as byte[]);
        CrmTrace.TraceFormat(CrmTrace.DefaultTraceSetting, TraceCategory.ADUtility, TraceLevel.Info, "GUID for SID is {0}.", new object[] { guid.ToString() });
        return guid;
    }
    CrmTrace.TraceFormat(CrmTrace.DefaultTraceSetting, TraceCategory.ADUtility, TraceLevel.Info, "GUID for SID is null.", new object[0]);
    return Guid.Empty;
}

     

    Last entry in my trace is "Query SearchRoot {0} with Filter {1}." I don't get any messages like "GUID for SID is..." or "GUID for SID is null". It means that my exception occurs somewhere in this code:

       SearchResultCollection results = searcher.FindAll();
    if ((results != null) && (results.Count == 1))
    {
        Guid guid = new Guid(results[0].Properties["objectGUID"][0] as byte[]);

     

    Is it possible that DirectorySearcher.FindAll throws this Exception? Or is it this line: Guid guid = new Guid(results[0].Properties["objectGUID"][0] as byte[])?

     

    Could this be a problem with our DC? Can anyone give me a hint on this?

  • Suggested answer
    Gus Gonzalez Profile Picture
    Gus Gonzalez 27,113 on at
    Re: Can't add new user in CRM 2011! Error while retrieving GUID from SID

    Can you try restarting your CRM Async Service and IIS on the CRM Server?

    The error seems to be related to these services.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
Aric Levin - MVP Profile Picture

Aric Levin - MVP 2 Moderator

#2
MA-04060624-0 Profile Picture

MA-04060624-0 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans