本文提供了解决通过基于声明的身份验证访问内部 URL 时出现的错误:没有与指定域名和用户 ID 匹配的 Microsoft Dynamics CRM 用户。
适用于: Microsoft Dynamics CRM 2011
原始 KB 数: 2809818
现象
访问启用了基于声明的身份验证的 Microsoft Dynamics CRM 2011 的内部 URL 时,用户可能无法访问 Microsoft Dynamics CRM 站点。 如果设置了面向 Internet 的部署(IFD),则用户可能仍可以使用 IFD URL 访问 Microsoft Dynamics CRM 站点。
如果在 IIS 中打开开发人员模式错误,将可能会看到以下错误:
没有使用指定域名和用户 ID 的 Microsoft Dynamics CRM 用户存在。 (0x80040354)
在 Microsoft Dynamics CRM 平台跟踪中,可能会出现以下消息:
下面传递的 SID 适用于实际尝试进行身份验证的用户以外的用户:
[DateTime] 进程:w3wp |Organization:00000000-0000-0000-0000-000000000000 |线程:13 |类别:Platform.Sql |用户:00000000-0000-0000-0000-000000000000 |级别:详细日志 |ReqId:ReqId | CrmDbConnection.InternalExecuteReader ilOffset = 0x16
at CrmDbConnection.InternalExecuteReader(IDbCommand 命令, Boolean capturePerfTrace) ilOffset = 0x16
at CrmDbConnection.ExecuteReader(IDbCommand 命令,Boolean impersonate,Boolean capturePerfTrace) ilOffset = 0x10
在 ServerLocatorService.TryGetDefaultUserOrganizationFromDatabase(字符串 authenticationInfo, Guid& organizationId) ilOffset = 0x66
at ServerLocatorService.TryGetDefaultOrganization(String authenticationInfo,Guid& orgId) ilOffset = 0x40
at ServerLocatorService.GetDefaultOrganization(String authenticationInfo) ilOffset = 0x16
在 WindowsAuthenticationProvider.QueryForOrganizationId(String userToken)处,ilOffset = 0xC
at WindowsAuthenticationProviderBase.Authenticate(HttpApplication 应用程序, WindowsIdentity userIdentity) ilOffset = 0x90
at AuthenticationStep.Authenticate(HttpApplication 应用程序) ilOffset = 0x31
at AuthenticationPipeline.Authenticate(HttpApplication 应用程序) ilOffset = 0x11
at AuthenticationEngine.Execute(对象发送方、EventArgs e) ilOffset = 0x10D
at SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() ilOffset = 0x5D
at HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) ilOffset = 0x15
at ApplicationStepManager.ResumeSteps(异常错误) ilOffset = 0x10E
at HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context,AsyncCallback cb,Object extraData)ilOffset = 0x5C
at HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) ilOffset = 0xFC
at ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType) ilOffset = 0x45
>exec p_GetDefaultOrgFromAuthInfo “W: S-1-5-21-1229272821-1580436667-839522115-500”
[DateTime] 进程:w3wp |Organization:00000000-0000-0000-0000-000000000000 |线程:15 |分类:平台 |用户:00000000-0000-0000-0000-000000000000 |级别:详细 |ReqId:ReqId |ClaimsIdentityAuthorizationManager.Authenticate ilOffset = 0x1E4
在 ClaimsIdentityAuthorizationManager.Authenticate(OperationContext operationContext) ilOffset = 0x1E4
在 ClaimsIdentityAuthorizationManager.CheckAccessCore (OperationContext operationContext) ilOffset = 0xA0
at AuthorizationBehavior.Authorize(MessageRpc& rpc) ilOffset = 0x28
在 ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc) ilOffset = 0x293
在 MessageRpc.Process(Boolean isOperationContextSet) ilOffset = 0x62
ChannelHandler.DispatchAndReleasePump(RequestContext request,Boolean cleanThread,OperationContext currentOperationContext) ilOffset = 0x1D7
at ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext) ilOffset = 0xF1
at ChannelHandler.AsyncMessagePump(IAsyncResult result) ilOffset = 0x21
at AsyncThunk.UnhandledExceptionFrame(IAsyncResult result) ilOffset = 0x0
在 AsyncResult.Complete(Boolean completedSynchronously) ilOffset = 0xC2
at ReceiveItemAndVerifySecurityAsyncResult'2.InnerTryReceiveCompletedCallback(IAsyncResult result) ilOffset = 0x55
at AsyncThunk.UnhandledExceptionFrame(IAsyncResult result) ilOffset = 0x0
在 AsyncResult.Complete(Boolean completedSynchronously) ilOffset = 0xC2
at AsyncQueueReader.Set(Item item) ilOffset = 0x21
at InputQueue'1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread) ilOffset = 0xDD
at InputQueue'1.EnqueueAndDispatch(T item, Action dequeuedCallback, Boolean canDispatchOnThisThread) ilOffset = 0x0
at SingletonChannelAcceptor'3.Enqueue(QueueItemType item, Action dequeuedCallback, Boolean canDispatchOnThisThread) ilOffset = 0x35
at HttpChannelListener.HttpContextReceived(HttpRequestContext context, Action callback) ilOffset = 0x109
at HostedHttpTransportManager.HttpContextReceived(HostedHttpRequestAsyncResult result) ilOffset = 0x52
at HostedHttpRequestAsyncResult.HandleRequest() ilOffset = 0x101
at HostedHttpRequestAsyncResult.BeginRequest() ilOffset = 0x0
at HostedHttpRequestAsyncResult.OnBeginRequest(对象状态) ilOffset = 0x9
at AspNetPartialTrustHelpers.PartialTrustInvoke(ContextCallback callback, Object state) ilOffset = 0x19
at HostedHttpRequestAsyncResult.OnBeginRequestWithFlow(对象状态) ilOffset = 0x30
at ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped) ilOffset = 0x22
at IOCompletionThunk.UnhandledExceptionFrame(UInt32 error,UInt32 bytesRead,NativeOverlapped* nativeOverlapped) ilOffset = 0x5
at _IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP) ilOffset = 0x3C
>CrmSessionAuthenticationManager 已发布 CrmClaimsIdentity [UserToken:C:admin@contoso.local] [UserId:{UserId}]。
原因
物理路径凭据在 IIS 中指定。 这些凭据不应存在,因为这会覆盖正在进行的 Kerberos 身份验证。
解决方法
若要解决此问题,请执行以下步骤:
- 转到“开始”,指向管理工具,打开 Internet Information Services (IIS) 管理器。
- 展开服务器,然后展开站点。
- 右键单击 Microsoft Dynamics CRM 站点,然后选择“管理网站”,然后选择“高级设置”。
- 在出现的窗口中,找到“物理路径凭据”行并验证它不包含凭据。