web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / AD user account "...
Microsoft Dynamics CRM (Archived)

AD user account "log on to" prevents users to login CRM

(0) ShareShare
ReportReport
Posted on by cf3041a9ded1480c90d... 95

The problem I am having is users are unable to logon CRM.

I have identified the problem, but was unable to find a workaround.

The CRM is installed in a Windows 2008 standard Domain Controller, with SQL server all on the

same server. However, the server administrator does not want users to logon the domain controller,

therefore he changes the "log on to" (this can be found at each user's account, under "Account tab")

to prevent unwanted logon to the server. This should not be a problem, I thought.

But it turns out that it also prevent users from login CRM. This is very strange ......

I have tested it by configure the user account without logon permission to a web server, and then use

the user account to logon the website and the web server. It is working correctly, unable to logon the

server, but is able to access the website. This should come as a surprise as CRM is also a

ASPX web application.

I am wondering if it's possible to use Group Policy to prevent users from logon the server and leave

the "Logon Workstation" in the user account to allow "All Computers". Would this be allowing users

to logon CRM ?

I appreciate if anyone can point me to the right direction.

Thanks,

John

*This post is locked for comments

I have the same question (0)
  • Grzegorz Kalek Profile Picture
    Grzegorz Kalek 4,210 on at

    Hi John,

    I'm not sure why you need to specify the log on to option. By default windows server do not allow domain users to log in to the server using rdp.

    Regards,

    Grzegorz

  • cf3041a9ded1480c90db79d9eb180ad5 Profile Picture
    cf3041a9ded1480c90d... 95 on at

    Hi Grzegorz,

    I understand that the default windows server do not allow domain users to logon the server. This is not the problem I am having. When I looked at the user's account setting in AD, under the "Log On To...", the setting is to allow the user to only logon to his own computer. I know this is not the default setting when you create a new user in AD. Therefore, it must be changed by someone after the account is created.

    This is not the whole issue here. The issue is why is this preventing users from using CRM ???

    The user is able to logon CRM after I changed it to allow logon to "All computers".

    Now I need to find out how to use group policy to prevent users from logon the server.

    The goal is to prevent users from logon the server at the same time letting them use CRM.

    John

  • Grzegorz Kalek Profile Picture
    Grzegorz Kalek 4,210 on at

    John,

    in my opinion you do not need to specify anything in "Log On To..." to prevent domain users from login to the server. Just try to login to the server using account from Domain Users group.

    If your requirement is to restrict users to log on only to his own computer, you can try to add the server to the list of allowed computers or on each computer define a user that is allowed to log on locally using local security policy.

    Regards,

    Grzegorz

  • Maulik Joshi Profile Picture
    Maulik Joshi 30 on at

    Hello Grzegorz,

    I am having similar kind of problem during log into the CRM 4.0.

    I have my CRM configured for SQL 2008 R2 and CRM Server is Windows 2003 server.

    When I tried to log into the CRM it throws me below error:

    Error Details:

    No Microsoft Dynamics CRM user exists with the specified domain name and user ID

    Full Stack:

    [CrmException: No Microsoft Dynamics CRM user exists with the specified domain name and user ID]

      at Microsoft.Crm.Authentication.WindowsAuthenticationProvider.QueryForOrganizationId(String userToken)

      at Microsoft.Crm.Authentication.WindowAuthenticationProviderBase.Authenticate(HttpApplication application)

      at Microsoft.Crm.Authentication.AuthenticationStep.Authenticate(HttpApplication application)

      at Microsoft.Crm.Authentication.AuthenticationPipeline.Authenticate(HttpApplication application)

      at Microsoft.Crm.Authentication.AuthenticationEngine.Execute(Object sender, EventArgs e)

      at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

      at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Can you please help me out in this ?

    Thanks in advance

    Maulik

  • Mohammad Atif Profile Picture
    Mohammad Atif on at

    Well if you change the log on too from all computers to any other computer, then you can only access the CRM from the client machine and not from the Server .I am not sure how you guys are trying to access it from the same server?

    Thanks,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans