CRM 2011 Client for Outlook- problem communicating with server

The installating guide for CRM 2011 strongly recommends that a low privilege domain account is used for the CRM and ASP.NET services.

Having followed this advice I found I was unable to configure the Outlook Client to connect to the CRM server. The error I got was “there is a problem communicating with the server”. Examining the log file, Crm50ClientConfig.log, revealed the following error:

Error connecting to URL: http://crmserver/XRMServices/2011/Discovery.svc Exception: System.ServiceModel.Security.MessageSecurityException: The token provider cannot get tokens for target ‘http://crmserver/XRMServices/2011/Discovery.svc’. —> System.IdentityModel.Tokens.SecurityTokenValidationException: The NetworkCredentials provided were unable to create a Kerberos credential, see inner exception for details. —> System.IdentityModel.Tokens.SecurityTokenException: Authenticating to a service running under a user account which requires Kerberos multilegs, is not unsupported.

Further research suggested that I needed to set a Service Principal Name for the low-privilege domain account used for the CRM and ASP.NET services. I did this on the AD server by using the attribute editor for the user account (AD on Windows Server 2008 R2) to set servicePrincipalName to http://crmserver. Having done this, Outlook configuration worked.

Leave a Comment

Your email address will not be published. Required fields are marked *