Thursday, 21 January 2016

RetrievePrivilegeForUser failed - no roles are assigned to user

Hopefully you are fortunate enough to never experience this in the field, however when some smart aleck decides to add the CRM App Pool service account as an actual CRM System User. You will get an error similar to this:

Exception information: 
    Exception type: CrmException 
    Exception message: SecLib::RetrievePrivilegeForUser failed - no roles are assigned to user. Returned hr = -2147209463, User: b1eda2c8-dbbd-e511-b14d-0050569b5b86
   at Microsoft.Crm.Application.Platform.ServiceCommands.PlatformCommand.XrmExecuteInternal()
   at Microsoft.Crm.Application.Platform.ServiceCommands.RetrieveMultipleCommand.Execute()
   at Microsoft.Crm.Application.Caching.CustomResourceLoader.GetCustomResources(IOrganizationContext context, Int32 cacheKey)
   at Microsoft.Crm.Application.Caching.CustomResourceLoader.LoadCacheData(Int32 key, IOrganizationContext context)
   at Microsoft.Crm.Caching.CrmMultiOrgCacheBase`2.LookupEntry(TKey key, IOrganizationContext context)
   at Microsoft.Crm.Application.ResourceManager.CustomResourceManager.TryGetCultureString(String name, CultureInfo culture, Boolean getSystemString, IOrganizationContext context)
   at Microsoft.Crm.Application.ResourceManager.CustomResourceManager.TryGetCultureString(String name, CultureInfo culture, IOrganizationContext context)
   at Microsoft.Crm.Application.ResourceManager.BasicResourceManager.GetCultureString(String name, CultureInfo culture, IOrganizationContext context)
   at Microsoft.Crm.Controls.Header..ctor(Boolean isControlHeader)
   at Microsoft.Crm.Controls.BasicHeader..ctor()
   at Microsoft.Crm.Application.Controls.AppHeader..ctor()
   at ASP.dynamicsqa_default_aspx.__BuildControlcrmHeader()
   at ASP.dynamicsqa_default_aspx.__BuildControlTree(dynamicsqa_default_aspx __ctrl)
   at ASP.dynamicsqa_default_aspx.FrameworkInitialize()
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

The cause is due to the service account now existing as a CRM user. The service account is responsible for running and acting as the service identity for the CRM web application within IIS. This can have severe security implications, in this specific scenario users could no longer log into Dynamics CRM.

According to https://support.microsoft.com/en-us/kb/2593042 there are other issues that this can also introduce.

  • Data Import may fail
  • CRM Outlook Clients may not configure
  • Async Operations may have unexpected behavior including Workflows stopping with a Failed status
  • No users can access CRM
  • IFD access may fail for some or all users
  • Date/Time fields may not display correct timezone offset

The Fix
  1. Change the CRM service account, which will further involve creating new SPN's etc
  2. Remove the user from the CRM Sql Database, which is unsupported and will be very tricky to perform.
  3. In our case we resolved this by marking the specific accounts record as "IsDeleted" within the MSCRM_CONFIG.SystemUserAuthentication table


Friday, 8 January 2016

How to get the Object Type Code of an Entity?

Each system and custom entity within Dynamics CRM comes with an array of unique attributes. These include an Entity ID, Logical Name and Object Type Code. Identifying the logical name is pretty easy, however tracking down the rest can be a little tricky.

  • Custom entities will have a Object Type Code greater than 10000. You should also note that the OTC of a custom entity can change when importing the entity to a different system. This is likely when an existing entity on the target system is already using the OTC number.
  • Any system entities will use a Object Type Code less than 10000. This range is reserved for all built in entities.


Using SQL
Execute the following statement against the target CRM Organization database.

SELECT ObjectTypeCode,* FROM ENTITYVIEW 


Using JScript
You can access the "etc" query string parameter from the open entity window within CRM.

Xrm.Page.context.getQueryStringParameters().etc

Action Microsoft.Crm.Setup.Common.Analyzer +CollectAction failed. Fatal error during installation

When installing the Srs Data Connection (Microsoft Dynamics CRM Reporting Extensions), you may have experienced the following error: ...