web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Soap security negotiat...
Microsoft Dynamics CRM (Archived)

Soap security negotiation failed

(0) ShareShare
ReportReport
Posted on by Alan01252 70

Hi all,

I've been struggling pretty much all day trying to get the Simple CRM connection to work with our development environment. It works perfectly on live, but there's something different on the development server and I'm not sure what.

The error I'm getting is:

The application terminated with an error.

SOAP security negotiation with 'dynamicsdev.domain.local/.../Discovery.svc& for target 'dynamicsdev.domain.local/.../Discovery.svc& failed. See inner exception for more details.

I've tried enabling NTLM authentication on IIS under windows authentication which seems to be the biggest cause of this type of issue but that's not worked.

When I run the sample code I get prompted to enter the following:

  • Enter crm server name
  • Is server configured for secure socket layer
  • Enter domain\username
  • Enter password

After this step I'm promoted with a windows dialogue box to enter the username and password again, not sure if that's linked to this problem?

After entering the password here I get the above error.

Any help would be greatly appreciated!

Cheers

Alan

*This post is locked for comments

I have the same question (0)
  • Alan01252 Profile Picture
    Alan01252 70 on at

    bah p.s sorry about the formatting, can't see how I edit this post to change it now.

    edit: found the format button....

  • Alan01252 Profile Picture
    Alan01252 70 on at

    Things I've tried now still with no success:

    • Enabled kerberos authentication
    • Added the spn for the servers (although I'm not 100% sure I've done this right )
    • Enabled useAppPoolCredentials
    • Restarted IIS

    Still no joy. Interestingly I can connect if I run the code on the server itself, but if I try to run it from another machine on the network I get the above soap error.

    In the log file the only thing I can see which is slightly interesting is

    >MapOrgEngine: Unable to retrieve the OrgId for URL[http://dynamicsdev.6dg.local:5555/Phase3/xrmservices/2011/Organization.svc?wsdl=wsdl0].

    However earlier in the log file I see

    >MapOrgEngine: Retreived the OrgId[{03A7B5D7-CF54-E211-9A0D-0050568D0024}] for URL[http://dynamicsdev.6dg.local:5555/Phase3/xrmservices/2011/Organization.svc?wsdl=wsdl0].

    Any help would be greatly appreciated.

    Thanks

    Alan

  • Josh Wells - MSFT Profile Picture
    Josh Wells - MSFT 961 on at

    Hi Alan,

    Thanks for your question.  My name is Josh Wells and I am a support engineer on the Microsoft Dynamics CRM support team.  I have reviewed your request and I see that you are having issues connecting to the Organization service endpoint from any workstations that are not the local server.

    The exception you are seeing is a pretty generic error.  The first message really shows us that we are seeing the outer exception which is not too helpful.:

    See inner exception for more details

    We really would want to see what that inner exception is saying.  What exactly are you trying to do?  Are you making a SOAP call within some jscript or you have a custom application?

    Since it is a SOAP request, you can try and use a tool like Fiddler to see what the response coming back is.  You can find Fiddler by going to http://fiddler2.com.

    If you are not familiar with using Fiddler, they have some good documentation on what to look for within that site.  

    Additionally, what happens when you try to access the Organization service manually from machines that are not the CRM server?  Open up CRM and go to Settings > Customizations > Developer Resources.  Click on Organization Service link.

    If you can open the Organization service from the client workstations, capture a Fiddler trace and upload it to the forum.  Just ensure you change your password for your service/authenticating account before and after doing the Fiddler traces.  Let me know if you have any questions.

  • Community Member Profile Picture
    Community Member on at

    We ran into an SSPI issue when trying to use the CRM PluginRegistration tool against an Org recently created / populated with Solutions.

    In our case, the root case was clock synchronization.  Our Domain Controller had the correct value for date / time (or at least within several seconds of the time.gov time).  Our CRM machine, however, had the wrong value for date.  In our case it had the value for tomorrow.  Our Domain Controller and CRM VMs were hosted on separate hosts, and the CRM VM's host was setup with the wrong date.

    Once we corrected the on the VM host and ran w32tm /resync on the CRM VM ... the problem disappeared.

    This is the umpteenth time I've seen varieties of clock-drift causing SSPI errors.  Recall there is a 5-minute tolerance between the client and server on web service traffic over Kerberos.

    Hope this helps someone.

    Howard Hoffman

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans