The system crashes when you add an account that is running the CRMAppPool as a Microsoft Dynamics CRM user

This article provides a resolution for the system crash issue that occurs when you add an account that is running the CRMAppPool as a Microsoft Dynamics CRM user.

Applies to:   Microsoft Dynamics CRM 2011
Original KB number:   2500917

Symptoms

When you add an account that is running the CRMAppPool as a Microsoft Dynamics CRM user, the system crashes. Additionally, you may receive errors that resemble the following:

SecLib::RetrievePrivilegeForUser failed - no roles are assigned to user. Returned hr = -2147209463, User: [userid]

Cause

By default, when a Microsoft Dynamics CRM user is created in Microsoft Dynamics CRM, the user has no security roles. Because the Microsoft Dynamics CRM service account is mapped with the newly created user, the Microsoft Dynamics CRM service account cannot operate anything. Therefore, the system crashes.

This behavior is by design. Making the account that is running the CRMAppPool into a Microsoft Dynamics CRM user is not supported.

Resolution

Keep the Microsoft Dynamics CRM service account as a dedicated service account.

More information

More information is available in the Services and CRMAppPool IIS application pool identity permissions section of the Microsoft Dynamics CRM 2011 Implementation Guide.

To download the guide, see Microsoft Dynamics CRM 2011 Implementation Guide.