Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Dynamics 365 app for O...
Microsoft Dynamics CRM (Archived)

Dynamics 365 app for Outlook keeps asking for authentication

(0) ShareShare
ReportReport
Posted on by Community Member Microsoft Employee

Our setup is CRM 2016 on premises, ADFS 3.0 and Exchange Online. When users click on the Dynamics 365 button in Outlook, they get a prompt to authenticate. Entering credentials repeatedly, we get a message that something went wrong. 

I don't see any notable errors on the CRM server. On the ADFS server, I found these.

Encountered error during OAuth token request.

Additional Data

Exception details: 
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthAccessTokenInvalidAuthorizationCodeException: MSIS9247: Received invalid OAuth access token request. The authorization code is invalid. ---> Microsoft.IdentityServer.Service.ArtifactResolutionService.ArtifactServiceStorageGetException: MSIS3101: A SQL error occurred during processing of the artifact. ---> Microsoft.IdentityServer.Service.ArtifactResolutionService.ArtifactNotFoundException: MSIS3106: SQL command returns no result when looking for artifact.
at Microsoft.IdentityServer.Service.ArtifactResolutionService.SqlArtifactStorage.OnQueryComplete(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)
at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result)
at Microsoft.IdentityServer.Service.ArtifactResolutionService.SqlArtifactStorage.EndGet(IAsyncResult asyncResult)
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.FetchArtifactFromLocalDatabase(OAuthAccessTokenRequestContext tokenContext)
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.TryReadOAuthArtifact(OAuthAccessTokenRequestContext tokenContext, Byte[]& ArtifactId, String& ClientID, String& ClientRedirectUri, String& ResourceIdentifier, String& serializedTokenResponse)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.TryReadOAuthArtifact(OAuthAccessTokenRequestContext tokenContext, Byte[]& ArtifactId, String& ClientID, String& ClientRedirectUri, String& ResourceIdentifier, String& serializedTokenResponse)
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.RedeemAccessToken(OAuthAccessTokenRequestContext tokenContext)

Microsoft.IdentityServer.Service.ArtifactResolutionService.ArtifactServiceStorageGetException: MSIS3101: A SQL error occurred during processing of the artifact. ---> Microsoft.IdentityServer.Service.ArtifactResolutionService.ArtifactNotFoundException: MSIS3106: SQL command returns no result when looking for artifact.
at Microsoft.IdentityServer.Service.ArtifactResolutionService.SqlArtifactStorage.OnQueryComplete(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)
at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result)
at Microsoft.IdentityServer.Service.ArtifactResolutionService.SqlArtifactStorage.EndGet(IAsyncResult asyncResult)
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.FetchArtifactFromLocalDatabase(OAuthAccessTokenRequestContext tokenContext)
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.TryReadOAuthArtifact(OAuthAccessTokenRequestContext tokenContext, Byte[]& ArtifactId, String& ClientID, String& ClientRedirectUri, String& ResourceIdentifier, String& serializedTokenResponse)

Microsoft.IdentityServer.Service.ArtifactResolutionService.ArtifactNotFoundException: MSIS3106: SQL command returns no result when looking for artifact.
at Microsoft.IdentityServer.Service.ArtifactResolutionService.SqlArtifactStorage.OnQueryComplete(IAsyncResult asyncResult)

And this.

Encountered error during federation passive request.

Additional Data

Protocol Name:
wsfed

Relying Party:
organization.domain.com

Exception details:
Microsoft.IdentityServer.AuthenticationFailedException: user.name@domain.com-The user name or password is incorrect ---> System.IdentityModel.Tokens.SecurityTokenValidationException: user.name@domain.com ---> System.ComponentModel.Win32Exception: The user name or password is incorrect
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle)
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUser(UserNameSecurityToken token, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateTokenInternal(SecurityToken token)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateTokenInternal(SecurityToken token)
at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.GetEffectivePrincipal(SecurityTokenElement securityTokenElement, SecurityTokenHandlerCollection securityTokenHandlerCollection)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

System.IdentityModel.Tokens.SecurityTokenValidationException: user.name@domain.com ---> System.ComponentModel.Win32Exception: The user name or password is incorrect
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle)
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUser(UserNameSecurityToken token, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateTokenInternal(SecurityToken token)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateTokenInternal(SecurityToken token)
at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.GetEffectivePrincipal(SecurityTokenElement securityTokenElement, SecurityTokenHandlerCollection securityTokenHandlerCollection)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)

System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle)
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
at Microsoft.IdentityServer.Service.Tokens.LsaLogonUserHelper.GetLsaLogonUser(UserNameSecurityToken token, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateTokenInternal(SecurityToken token)

Microsoft support has not been very helpful so far. I would appreceiate any help I can get from this forum.

*This post is locked for comments

  • Victor Parada Profile Picture
    Victor Parada 201 on at
    RE: Dynamics 365 app for Outlook keeps asking for authentication

    Good afternoon, we did the update to the most recent version of the Dynamics CRM (8.2.8.15). Now we are experiencing the same issue as is described above.

    Could one of you, let me now how can I fix this issue?

    Thank you.

  • Suggested answer
    Arpita Saini Profile Picture
    Arpita Saini on at
    RE: Dynamics 365 app for Outlook keeps asking for authentication

    This is a known issue. Check in CRM plat traces if you notice error similar to below:-

    AccessDenied. HostName: xxx.abc.com, UserId: {00000000-0000-0000-0000-000000000000}, AppId: {00000000-0000-0000-0000-000000000000}, Context: ResourceAccessErrorResponseHandler.SendResponse: Rejecting claim with response 'Bearer authorization_uri=xxx.abc.com.com/.../authorize, resource_id=https://xxx.abc.com.com/'

     It is fixed in 8.2.1.410 and then in 8.2.2.175

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dynamics 365 app for Outlook keeps asking for authentication

    Yes, we have server side sync enabled.

  • Krishnam Raju Profile Picture
    Krishnam Raju on at
    RE: Dynamics 365 app for Outlook keeps asking for authentication

    Do you have Server side sync in CRM?

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dynamics 365 app for Outlook keeps asking for authentication

    Thank you for your responses Krishnam. I have checked and done everything from that blog post. I am still not getting the Dynamics 365 app to work.

  • Krishnam Raju Profile Picture
    Krishnam Raju on at
    RE: Dynamics 365 app for Outlook keeps asking for authentication

    Hi Saeed,

    Please see the steps 7 and 8 in the below link.  We had a similar issue long back and those steps fixed the issue.

    blogs.msdn.microsoft.com/.../step-by-step-configuring-crm-2013-internet-facing-deployment-ifd

    You can through the entire page once to see if everything is in place related to ADFS, Claims based and IFD.

    Thanks,

    krishna

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dynamics 365 app for Outlook keeps asking for authentication

    The certificate is valid. I was also able to update the metadata for the relying party trust for both claims and IFD without any issues.

  • Krishnam Raju Profile Picture
    Krishnam Raju on at
    RE: Dynamics 365 app for Outlook keeps asking for authentication

    Hi,

    Please check the certificates in the ADFS Management.  See if they are all valid.  Also, in the relying party trust - try update the federation metadata-here please check the certificate as well.

    Thanks,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Tip: Become a User Group leader!

Join the ranks of valued community UG leaders

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,494 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 231,309 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans