web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Login failed for user ...
Microsoft Dynamics CRM (Archived)

Login failed for user NT Authority\Anonymous logon

(0) ShareShare
ReportReport
Posted on by John Bock 1,375

I apologize for the length of this post but this is something at is becoming a royal pain in the you know what.

We have a Windows 2008 Server that is running two virtual servers 2003 one for CRM one for SQL 2005.  I set this up and moved our existing deployment from some inferior hardware to this deployment following steps I could find in the CRM deployment documentation and suggestions from various internet sources.  So it is entirely possible I missed something.

 On a fairly regular basis(almost daily) we have to reboot the CRM server do to receiving the following error (I'm posting only part of the error due to the length of it.  Up until this point everything for works fine in CRM throughout the day and during the day after the reboot.
*************************************************
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
*************************************************

If I look in the CRM server application event viewer they are many warnings of

**********************************************************************
Event Type:    Warning
Event Source:    ASP.NET 2.0.50727.0
Event Category:    Web Event
Event ID:    1309
Date:        3/9/2010
Time:        5:51:15 AM
User:        N/A
Computer:    CANNON
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 3/9/2010 5:51:15 AM
Event time (UTC): 3/9/2010 10:51:15 AM
Event ID: ad74bc949ded438db5a9fb785da95760
Event sequence: 272
Event occurrence: 271
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/2/ROOT-1-129126024099599044
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\
    Machine name: CANNON
 
Process information:
    Process ID: 5048
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE
 
Exception information:
    Exception type: SqlException
    Exception message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
 
Request information:
    Request URL: http://cannon:5555/MSCRMServices/2007/CrmService.asmx
    Request path: /MSCRMServices/2007/CrmService.asmx
    User host address: 192.168.168.200
    User: IBS\jbock
    Is authenticated: True
    Authentication Type: Negotiate
    Thread account name: NT AUTHORITY\NETWORK SERVICE
 
Thread information:
    Thread ID: 5
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Is impersonating: True
    Stack trace:    at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
   at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.SqlClient.SqlConnection.Open()
   at Microsoft.Crm.CrmDbConnection.Open()
   at Microsoft.Crm.SharedDatabase.DatabaseMetadata.LoadMetadataXmlFromDatabase(CrmDBConnectionType connectionType, String connectionString, Int32& maxBlobSize)
   at Microsoft.Crm.SharedDatabase.DatabaseMetadata.LoadCacheFromDatabase(CrmDBConnectionType connectionType, String connectionString)
   at Microsoft.Crm.ConfigurationDatabase.ConfigurationMetadata.LoadCache()
   at Microsoft.Crm.ConfigurationDatabase.ConfigurationMetadata.get_Cache()
   at Microsoft.Crm.ConfigurationDatabase.ConfigurationDatabaseService.InitializeMetadataCache()
   at Microsoft.Crm.SharedDatabase.DatabaseService.Initialize(String tableName)
   at Microsoft.Crm.SharedDatabase.DatabaseService.Retrieve(String tableName, String[] columns, PropertyBag[] conditions)
   at Microsoft.Crm.ServerLocatorService.GetSiteSettingIdFromDatabase()
   at Microsoft.Crm.ServerLocatorService.GetSiteSettingId()
   at Microsoft.Crm.ServerLocatorService.GetSiteSetting(String settingName)
   at Microsoft.Crm.CrmTrace.get_RefreshTrace()
 
 
Custom event details:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
************************************************

 If I look at the SQL Server event log I see corresponding 
****************************************************
Event Type:    Failure Audit
Event Source:    MSSQLSERVER
Event Category:    (4)
Event ID:    18456
Date:        3/9/2010
Time:        5:34:09 AM
User:        NT AUTHORITY\ANONYMOUS LOGON
Computer:    DARTMOUTH
Description:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 192.168.168.113]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
******************************************************************

The 192.168.168.113 is the IP address of the CRM server.  My guess is I don't have something set up correctly on the SQL server for the CRM server to access the database, or something wrong in the set up on the CRM server in IIS but I've looked again on the good old WWW and can't find any point of direction.

 Thanks in advance

John

*This post is locked for comments

I have the same question (0)
  • Grzegorz Kalek Profile Picture
    Grzegorz Kalek 4,210 on at
    Hi John, Add this account IBS\CANNON$ to SQL sysadmins group.
  • John Bock Profile Picture
    John Bock 1,375 on at

     I added IBS\CANNON$ to the SQL sysadmins group yesterday but again these warnings and failures still appear in the event viewers.  It seems like this only begins happening when the systems are "idle" after hours overnight when everyone has left for the day.  I've added the CRM database as securables to the IBS\CANNON$ rebooted the SQL server but still the same error.  I know if I reboot the CRM server it will be fine during working hours today until tomorrow morning.

    John

  • John Bock Profile Picture
    John Bock 1,375 on at

     Correction to previous post, I added the CRM databases to the Mappings not securables, but that had no affect. 

     

    I haven't rebooted the CRM server yet as I have the time to try somethings but will have to reboot soon as people will be coming into the office.

    I just added NT AUTHORITY\ANONYMOUS LOGON to the sysadmin group on the SQL server.  Now I don't get the error however trying to open CRM through a browser on the CRM as well as the SQL server it is waiting for http://localhost:5555 or http://cannon:5555, the CRM server.

     I'm going to remove the NT AUTHORITY\ANONYMOUS LOGON, remove the mappings to the CRM databases for the IBS\CANNON$ and reboot the server as people will be coming in.

    The reboot will get us by during the day but I'm sure we will have the same problem again tomorrow morning.  Any thoughts or suggestions are greatly appreciated.

    John

  • Grzegorz Kalek Profile Picture
    Grzegorz Kalek 4,210 on at
    I looks like a double hop issue, check this
  • John Bock Profile Picture
    John Bock 1,375 on at

     I've read the blog link you provided and although at a high level I understand I'm not very experienced in this area don't want to make matters worse.

    This is what I've found.

    Under Active Directory computer CANNON has the  "Trust computer for delegation" check box checked.
    If I run setspn CANNON it returns
    HOST/CANNON
    HOST/cannon.ibs.local

    Is that sufficient or do I need more?
    Is there something I should also look at with respect to how the IIS, APPpool or crm website is configured under IIS?

    Thanks,

    John

  • Grzegorz Kalek Profile Picture
    Grzegorz Kalek 4,210 on at

    Try following commands:

    setspn -a HTTP/CANNON CANNON
    setspn -a HTTP/CANNON.ibs.local CANNON
    setspn -a HTTP/CANNON:5555 CANNON
    setspn -a HTTP/CANNON.ibs.local:5555 CANNON

    After that reset your IIS.

  • John Bock Profile Picture
    John Bock 1,375 on at

     Are these commands case sensitive?  If not is it supposed to be HOST instead of HTTP?  I added the above, accidentally not as the case you mention, rebooted the servers and trying to launch http://cannon:5555 or http://localhost:5555 I received the anonymous logon failed.

     I deleted all the entries you suggested, leaving the ones the were there originally, restarted iis and am at least able to get in.

    Thanks
    John

  • Grzegorz Kalek Profile Picture
    Grzegorz Kalek 4,210 on at
    Hi John, spn's are not case sensitive. Last thing I can suggest is to add these spn entries back and grant IBS\CANNON$ administrative rights on sql. Review client, crm, sql and dc event logs.
  • Bashir Ahmad Profile Picture
    Bashir Ahmad 5,248 on at

    Here are the steps to resolve Error “Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON”:

    Open Powershell (Run as Administrator) and type the following lines:

    $bdc = Get-SPServiceApplication | where {$_ -match “Business Data Connectivity Service”}

    $bdc.RevertToSelfAllowed = $true

    $bdc.Update();

    Once above is done, Open the External Content Type in SharePoint Designer 2010 and Click on Edit Connection Properties.
    Once the Edit Connection Properties dialog opens, ensure that you have selected the “BDC Identity” value for the Authentication Mode property.
    Go Back to the External Content Type read screen in your SharePoint site and hold your Ctrl key and click the refresh button on your browser.
    The error “Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON” should now get resolved

  • ScottDurow Profile Picture
    ScottDurow 21 on at

    If this error is intermittent I think it might be a Kerberos authentication failure due to an intermittent problem with Active Directory. The Kerberos token will need to be renewed on a regular basis and if there is a problem, the authentication will fall back to NTLM - at which point you will get the ANONYMOUS LOGON failure.

    Talk to your Active Directory administrators to see if there is anything in the logs of the AD servers that might point you to a kerberos authentication failure.

    Hope this helps,

    Scott

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans