Dynamics365 CRM - 无法登录到 Dynamics CRM
[英]Dynamics365 CRM - Unable to login to Dynamics CRM
问题描述
I have been working on a project for the last 5 months - integrating one of our older systems to use Dynamics365 CRM to store and record leads for our marketing and sales department.
过去 5 个月我一直在从事一个项目 - 集成我们的一个旧系统以使用 Dynamics365 CRM 为我们的营销和销售部门存储和记录潜在客户。
Everything works as it should on several environments - we have a DEV, Sandbox as well as TEST and my local machine.一切都在多种环境中正常运行 - 我们有一个 DEV、Sandbox 以及 TEST 和我的本地机器。 It works everywhere except the UAT server which is hosted in completely different city as opposed to the others which are in the building we work in.除了托管在完全不同城市的 UAT 服务器之外,它可以在任何地方工作,而不是我们工作的建筑物中的其他服务器。
We have made sure TSL 1.2 is used and application forces this in code.我们已确保使用 TSL 1.2,并且应用程序在代码中强制执行此操作。 Compared .NET Features on all machines and they're exactly the same, ciphers and configuration files are nearly the same, the differences are minor such as connection strings for our databases.比较所有机器上的 .NET 功能,它们完全相同,密码和配置文件几乎相同,差异很小,例如我们数据库的连接字符串。
We are connecting to the same instance of CRM across all environments.我们在所有环境中连接到同一个 CRM 实例。
The project has been compiled using .NET 4.6.1该项目已使用 .NET 4.6.1 编译
Microsoft.CrmSdk.CoreAssemblies - 9.0.2.4 Microsoft.CrmSdk.CoreAssemblies - 9.0.2.4
Microsoft.CrmSdk.XrmTooling.CoreAssembly - 9.0.2.7 Microsoft.CrmSdk.XrmTooling.CoreAssembly - 9.0.2.7
Microsoft.IdentityModel.Clients.ActiveDirectory - 2.22.302111727 Microsoft.IdentityModel.Clients.ActiveDirectory - 2.22.302111727
Our Azure (we use AD to login to CRM via C#) has no whitelist.我们的 Azure(我们使用 AD 通过 C# 登录 CRM)没有白名单。
Dynamics as far as we know has no whitelist.据我们所知,Dynamics 没有白名单。
There is no firewall rule that blocks any outgoing connections on 443 port so everything resembles other environments yet we receive " Unable to login to Dynamics CRM " error message.没有防火墙规则阻止 443 端口上的任何传出连接,因此一切都类似于其他环境,但我们收到“无法登录 Dynamics CRM ”错误消息。
This is the code we use to connect to CRM..这是我们用来连接到 CRM 的代码。
string Thumbprint = ConfigurationManager.AppSettings["CertThumbprint"];
string adInstance = ConfigurationManager.AppSettings["ADInstance"];
string adTenant = ConfigurationManager.AppSettings["Tenant"];
string Url = ConfigurationManager.AppSettings["Application"];
string AppId = ConfigurationManager.AppSettings["ClientId"];
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection CertificateCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, Thumbprint, false);
if (CertificateCollection.Count == 0)
throw new Exception("Error: Could not find the right certificate.");
X509Certificate2 AzureCertificate = CertificateCollection[0];
CrmServiceClient.AuthOverrideHook = new AuthHook(adInstance, adTenant, Url, AppId, AzureCertificate);
var crmSvc = new CrmServiceClient(new Uri(Url), true);
if (crmSvc == null || !crmSvc.IsReady) throw new Exception(crmSvc == null ? "CrmServiceClient Failure." : crmSvc.LastCrmException.ToString());
this.service = (IOrganizationService)crmSvc.OrganizationWebProxyClient ?? crmSvc.OrganizationServiceProxy;
This line specifically returns the error and also is set as null...此行专门返回错误并设置为空...
var crmSvc = new CrmServiceClient(new Uri(Url), true);
Worth mentioning the only difference between UAT compared to the rest is that UAT is running on .NET 4.7.1 compared to the others runing .NET 4.7.2.值得一提的是,UAT 与其他的唯一区别在于,与其他运行 .NET 4.7.2 的 UAT 相比,UAT 运行在 .NET 4.7.1 上。
If anyone came across this one it would be highly appreciated or any ideas what it could be.如果有人遇到这个,将不胜感激或任何想法它可能是什么。
Edit: I have just tried putting a fallback method that authenticates using Office365 to no avail.编辑:我刚刚尝试使用 Office365 进行身份验证的后备方法无济于事。 Same error... this method has worked on every other environment.同样的错误......这种方法适用于所有其他环境。
The code used was:使用的代码是:
ClientCredentials clientCredentials = new ClientCredentials();
if (!string.IsNullOrEmpty(ConfigurationManager.AppSettings["crm_user"]) &&
!string.IsNullOrEmpty(ConfigurationManager.AppSettings["crm_password"]))
{
clientCredentials.UserName.UserName = ConfigurationManager.AppSettings["crm_user"];
clientCredentials.UserName.Password = ConfigurationManager.AppSettings["crm_password"];
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
this.service = (IOrganizationService)new OrganizationServiceProxy(new Uri(ConfigurationManager.AppSettings["crm_org_url"]),
null, clientCredentials, null);
if (this.service == null)
{
Exception e = new Exception("CRM: Could not login to organization service proxy.");
throw e;
}
}
else
{
throw new Exception("CRM: Could not connect using a fallback method. The web configuration doesn't contain crm_user or crm_password keys.");
}
1 个解决方案
解决方案1
1 已采纳 2019-03-25 23:39:25
First of all, thank you to everyone who tried to help.首先,感谢所有试图提供帮助的人。
The solution to this (3 day) problem was that my private key that was installed on the local machine did not have the right permissions for the Web App to read it.这个(3 天)问题的解决方案是我安装在本地机器上的私钥没有 Web App 读取它的正确权限。
I was successfully finding the key but code was not able to read it.我成功找到了密钥,但代码无法读取它。
To resolve the issue, I went to MMC, added certificated to my view, then in personal folder I have my certificates, right click the one needed, All Tasks > Manage Private Keys and make sure you have your application pool in the Group or User names section.为了解决这个问题,我去了 MMC,将证书添加到我的视图中,然后在个人文件夹中我有我的证书,右键单击需要的那个,所有任务 > 管理私钥并确保您的应用程序池在组或用户中名称部分。
Worth adding I did also add IIS_IUSRS group along side my application pool (App Pools\\DefautApplicationPool).值得添加的是,我还在我的应用程序池 (App Pools\\DefautApplicationPool) 旁边添加了 IIS_IUSRS 组。
This has magically solved the UAT issue.这神奇地解决了UAT问题。 The CRM SDK could be improved to be... more intuitive. CRM SDK 可以改进为...更直观。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.