Customer Engagement & Dynamics CRM Forum

Expand all | Collapse all

XRMToolBox

  • 1.  XRMToolBox

    Posted 13 days ago
    ​Hello,

    Has anyone been able to get XRMToolBox to connect to Dynamics 365 online Customer Engagement in a GCC Tenant? We have been trying to connect to the XRMToolBox to correct a Fetch XML query and we keep getting the same error message, " Connection Failed:Unable to Login to Dynamics CRM." We have tried connecting with all 3 connection options. Any assistance will be greatly appreciated.

    ------------------------------
    Sharee Anderson
    Information Technology Web Applications Manager
    ------------------------------


  • 2.  RE: XRMToolBox

    Posted 13 days ago
    Hi Sharee

    By any chance are there any other messages as part of the error, or anything more in the error log?


    ------------------------------
    EY Kalman
    Senior Manager
    PwC
    ------------------------------



  • 3.  RE: XRMToolBox

    Posted 13 days ago
    Here is the error: We use MFA to authenticate to our environment

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose 16 5/13/2019 9:20:58 AM  Initialize CRM connection Started - AuthType: OAuth
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information 8 5/13/2019 9:20:58 AM  Using User Specified Server
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information 8 5/13/2019 9:20:58 AM  Trying Discovery Server, (North America 2) URI is = https://disco.crm9.dynamics.com/XRMServices/2011/Discovery.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information 8 5/13/2019 9:20:58 AM  DiscoverOrganizations - Called using user of MFA Auth for : https://disco.crm9.dynamics.com/XRMServices/2011/Discovery.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information 8 5/13/2019 9:20:58 AM  DiscoverOrganizations - Initializing Discovery Server Object with https://disco.crm9.dynamics.com/XRMServices/2011/Discovery.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information 8 5/13/2019 9:20:59 AM  AuthenticateService - found authority with name https://login.microsoftonline.com/common/oauth2/authorize
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information 8 5/13/2019 9:20:59 AM  AuthenticateService - found resource with name https://disco.crm9.dynamics.com/
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose 16 5/13/2019 9:20:59 AM  ObtainAccessToken - CRED
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 5/13/2019 9:21:01 AM  ERROR REQUESTING Token FROM THE Authentication context - General ADAL Error
    Source : Microsoft.IdentityModel.Clients.ActiveDirectory
    Method : RunAsyncTask
    Date : 5/13/2019
    Time : 9:21:01 AM
    Error : Federated service at https://adfs.l3t.com/adfs/services/trust/13/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized.
    Stack Trace : at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ObtainAccessToken(AuthenticationContext authenticationContext, String resource, String clientId, ClientCredentials clientCredentials)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ExecuteAuthenticateServiceProcess(Uri serviceUrl, ClientCredentials clientCredentials, X509Certificate2 userCert, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, Uri& targetServiceUrl, AuthenticationContext& authContext, String& resource, UserIdentifier& userIdent, CrmLogEntry logSink)
    ======================================================================================================================
    Inner Exception Level 1 :
    Source : System
    Method : GetResponse
    Date : 5/13/2019
    Time : 9:21:01 AM
    Error : The remote server returned an error: (500) Internal Server Error.
    Stack Trace : at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.WsTrustRequest.<SendRequestAsync>d__1.MoveNext()
    ======================================================================================================================

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 5/13/2019 9:21:01 AM  Source : Microsoft.IdentityModel.Clients.ActiveDirectory
    Method : RunAsyncTask
    Date : 5/13/2019
    Time : 9:21:01 AM
    Error : Federated service at https://adfs.l3t.com/adfs/services/trust/13/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized.
    Stack Trace : at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ObtainAccessToken(AuthenticationContext authenticationContext, String resource, String clientId, ClientCredentials clientCredentials)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ExecuteAuthenticateServiceProcess(Uri serviceUrl, ClientCredentials clientCredentials, X509Certificate2 userCert, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, Uri& targetServiceUrl, AuthenticationContext& authContext, String& resource, UserIdentifier& userIdent, CrmLogEntry logSink)
    ======================================================================================================================
    Inner Exception Level 1 :
    Source : System
    Method : GetResponse
    Date : 5/13/2019
    Time : 9:21:01 AM
    Error : The remote server returned an error: (500) Internal Server Error.
    Stack Trace : at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.WsTrustRequest.<SendRequestAsync>d__1.MoveNext()
    ======================================================================================================================

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 5/13/2019 9:21:01 AM  Unable to connect to CRM: The remote server returned an error: (500) Internal Server Error.
    Source : Microsoft.IdentityModel.Clients.ActiveDirectory
    Method : RunAsyncTask
    Date : 5/13/2019
    Time : 9:21:01 AM
    Error : Federated service at https://adfs.l3t.com/adfs/services/trust/13/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized.
    Stack Trace : at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ObtainAccessToken(AuthenticationContext authenticationContext, String resource, String clientId, ClientCredentials clientCredentials)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ExecuteAuthenticateServiceProcess(Uri serviceUrl, ClientCredentials clientCredentials, X509Certificate2 userCert, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, Uri& targetServiceUrl, AuthenticationContext& authContext, String& resource, UserIdentifier& userIdent, CrmLogEntry logSink)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, ClientCredentials clientCredentials, X509Certificate2 loginCertificate, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, CrmLogEntry logSink)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, ClientCredentials clientCredentials, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, CrmLogEntry logSink, Boolean useGlobalDisco)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.QueryLiveDiscoveryServer(Uri discoServer, Boolean useGlobal)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.FindCrmOnlineDiscoveryServer(CrmOnlineDiscoveryServers onlineServerList, Boolean useO365Servers)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.InitCRM2011Service()
    ======================================================================================================================
    Inner Exception Level 1 :
    Source : System
    Method : GetResponse
    Date : 5/13/2019
    Time : 9:21:01 AM
    Error : The remote server returned an error: (500) Internal Server Error.
    Stack Trace : at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.WsTrustRequest.<SendRequestAsync>d__1.MoveNext()
    ======================================================================================================================

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 5/13/2019 9:21:01 AM  Unable to Login to Dynamics CRM
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 5/13/2019 9:21:01 AM  Unable to Login to Dynamics CRM
    Source : Not Provided
    Method : Not Provided
    Date : 5/13/2019
    Time : 9:21:01 AM
    Error : Unable to Login to Dynamics CRM
    Stack Trace : Not Provided
    ======================================================================================================================

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose 16 5/13/2019 9:21:01 AM  Initialize CRM connection Started - AuthType: Office365
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information 8 5/13/2019 9:21:01 AM  Using User Specified Server
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information 8 5/13/2019 9:21:01 AM  DiscoverOrganizations - Initializing Discovery Server Object with https://disco.crm9.dynamics.com/XRMServices/2011/Discovery.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose 16 5/13/2019 9:21:01 AM  DiscoverOrganizations - attempting to connect to CRM server @ https://disco.crm9.dynamics.com/XRMServices/2011/Discovery.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose 16 5/13/2019 9:21:01 AM  DiscoverOrganizations - created CRM server proxy configuration for https://disco.crm9.dynamics.com/XRMServices/2011/Discovery.svc - duration: 00:00:00.5023814
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose 16 5/13/2019 9:21:01 AM  DiscoverOrganizations - proxy requiring authentication type : OnlineFederation
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 5/13/2019 9:21:02 AM  Unable to connect to CRM: ID3242: The security token could not be authenticated or authorized.
    Source : System.ServiceModel
    Method : ReadResponse
    Date : 5/13/2019
    Time : 9:21:02 AM
    Error : ID3242: The security token could not be authenticated or authorized.
    Stack Trace : at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)
       at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateWithADFSForOrgId(AuthenticationCredentials authenticationCredentials, Uri identifier)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateOnlineFederationInternal(AuthenticationCredentials authenticationCredentials)
       at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ClaimsIFDFailOverAuth[T](IServiceManagement`1 servicecfg, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, Int32 depthLevel, Boolean tryNetworkCred)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.CreateAndAuthenticateProxy[T](IServiceManagement`1 servicecfg, Uri ServiceUri, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, String LogString, CrmLogEntry logSink)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials, CrmLogEntry logSink)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.QueryLiveDiscoveryServer(Uri discoServer, Boolean useGlobal)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.FindCrmOnlineDiscoveryServer(CrmOnlineDiscoveryServers onlineServerList, Boolean useO365Servers)
       at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.InitCRM2011Service()
    ======================================================================================================================

    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 5/13/2019 9:21:02 AM  Unable to Login to Dynamics CRM
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error 2 5/13/2019 9:21:02 AM  Unable to Login to Dynamics CRM
    Source : Not Provided
    Method : Not Provided
    Date : 5/13/2019
    Time : 9:21:02 AM
    Error : Unable to Login to Dynamics CRM
    Stack Trace : Not Provided
    ======================================================================================================================



    ------------------------------
    Sharee Anderson
    Information Technology Web Applications Manager

    ------------------------------



  • 4.  RE: XRMToolBox

    Posted 13 days ago
    Thanks Sharee

    Seems to be a problem with ADFS - the line jumping out at me is 'Error : Federated service at https://adfs.l3t.com/adfs/services/trust/13/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized.'

    There was previously an issue with XRM Toolbox (see https://github.com/MscrmTools/XrmToolBox/issues/842). Are you running the latest version of it?
    Also to check, are you using a domain user to try to connect (which has D365 access)?

    ------------------------------
    EY Kalman
    Senior Manager
    PwC
    ------------------------------



  • 5.  RE: XRMToolBox

    GOLD CONTRIBUTOR
    Posted 12 days ago
    XrmToolBox should work in the GCC but MFA can definitely cause issues.  The latest version includes an option for connecting using the SDK Tooling Connector dialog, but even this requires some special steps to get it working.

    Here is the link with the steps to get it working: https://www.xrmtoolbox.com/documentation/for-users/connecting-to-an-organization/#MFAConnection

    ------------------------------
    James Novak
    Microsoft MVP, Technical Architect
    Futurez Consulting, https://www.futurezconsulting.com
    Springfield VA
    ------------------------------



  • 6.  RE: XRMToolBox

    Posted 12 days ago
    Hi Sharee,

    We've also connected using MFA, and we got it to work by using an App Password. Just leave the MFA box unchecked and enter the app password.

    All the best,



    ------------------------------
    Nathalie Bahramian
    Data Systems Analyst
    Mennonite Economic Development Associates
    Waterloo ON
    ------------------------------



  • 7.  RE: XRMToolBox

    Posted 12 days ago
    ​We run in a highly similar environment.  The connection string method only works for us once we created an APP (APPID=guid of the app created)  that could be referenced and then included that in our login string.  When the user signs in with this (same for any sandbox instance - we just change the Url address to point to the different sandbox or production), they are presented with a separate Microsoft box to select which credentials to use, and in our case the password (if not on our internal network), and the local certificate to select.  We have been using this environment for almost 2 years now.  There is some good information on how to register an Azure app here: https://community.dynamics.com/crm/f/117/t/245766

    Connection String in ADFS with MFA

    ------------------------------
    William Suycott
    VP Sales Tools - FIS
    Brown Deer, WI
    ------------------------------



If you've found this thread useful, dive deeper into User Group community content by role