Wednesday, 25 May 2011

Microsoft Dynamics CRM 4.0 and the importance of the Internet Guest Account

We are in the middle of System testing for this project and on Monday we hit a really strange issue.

We applied a patch build of Friday afternoon and on Monday morning, testers are reporting different behaviour, some are encountering the issue, some are not. The plot thickens.

I have a look and see that there are some javascript errors in the Homepage.aspx and bar_top.aspx pages in the _root folder, which prevent the home page from loading.

This is the error ( related to the homepage.aspx, but also to the bar_top.aspx page)

Note that our Custom Code means that the line is completely different to yours















Did I mention that we have customized these pages? Well, we have. There is some JavaScript to find which roles each user has, anyway.

I look at the custom code in these pages and sure enough there are some bugs in them. We let the developers know and that should have been the end of it, but we dig a little deeper and it turns out that the bugs in our code are not responsible for the behaviour we are seeing.

Next step the Event Log and CRM trace log. I find this rather useful error in the latter (nothing worth mentioning in the former):

>CrmAuthenticationToken is missing.

Not very helpful, I'm sure you'll agree, but our custom code calls the getauthenticationheader method and I thought this must be the source of our problem. After a bit of a hunt, I managed to locate the vanilla homepage and bar_top pages, copied then, bounced IIS, Async Service restarted but to no avail, the error persists.

I'm out of ideas so Verbose Trace logging here we come.  This generates several hundred KB of logging and my heart sinks.

I decide to clear the security log and have another try. This reveals that the internet guest account is locked out and after unlocking it we are up and running again.

P.S.

If you are wondering why the internet guest account is locked out, the answer is I don't know for sure. I know that we were setting a web service to always use the service account and thus we set it in Anonymous Access, like this:





















At some point, we must've typed the password for the service account, but left the internet guest account and after that it was only a matter of time for the behaviour to start occurring.
.

No comments:

Post a Comment