Some of you may have experienced an issue where FetchXml based reports created using the CRM Report Wizard don't work, typically the reports will fail with an rsProcessingAborted error.
Reporting logs will show an error similar too:
Microsoft.Crm.CrmException: An unexpected error occurred.
System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception.
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception.
System.ComponentModel.Win32Exception: The target principal name is incorrect
The cause of this issue is that the SPN's have not been set correctly. FetchXML queries require a HTTP SPN to communicate to the server. The MS CRM app pool is using a domain service account, and the query will be looking for an HTTP SPN that does not exist.
Solution
To best describe how to resolve this, the scenario we will use is:
Load Balanced Environment
- Load Balanced URL - https://mycrm.domain.com/MyOrg
CRM Application Servers
- Windows Server 2008 - Machine Name: WINSVRCRM1
- Windows Server 2008 - Machine Name: WINSVRCRM2
CRM Application Pool Identity
- Domain\CrmServiceAccount
The SPNs you need to set based on this configuration is as follows:
- HTTP/mycrm
- HTTP/mycrm.domain.com
- HTTP/WINSVRCRM1
- HTTP/WINSVRCRM1.domain.com
- HTTP/WINSVRCRM2
- HTTP/WINSVRCRM2.domain.com
Additionally you will want to add SPN's for the load balancer.
Add SPN Command
To add a new SPN entry, open a command prompt with admin privilages and use the following command replacing with the appropriate values:
setspn -a HTTP/<ServerName> <ServiceAccountDomain>\<ServiceAccount>