SecurityNegotiationException during plug-in execution in on-premise CRM Using Scribe Publisher
Article ID: KB0078613
Updated On:
| Products | Versions |
|---|---|
| TIBCO Scribe Insight | 7.9.2 |
Description
The CRM Adapter Publisher in TIBCO Scribe® Insight is connecting to a CRM on-premise environment. The publisher is configured for the contact entity, Insert & Update actions, and the Scribe Change History plugins are created in CRM. In the CRM UI, I can create new a contact successfully, but an update to an existing contact results in SecurityNegotiationException Error:
Exception Details Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]:
The following error has occurred in the Scribe Change History plug-in: System.ServiceModel.Security.SecurityNegotiationException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #2A1115B7
Exception Details Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]:
The following error has occurred in the Scribe Change History plug-in: System.ServiceModel.Security.SecurityNegotiationException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #2A1115B7
Issue/Introduction
SecurityNegotiationException error can occur in CRM user interface when the TIBCO Scribe® Insight CRM adapter publisher is configured for CRM on-premise environment. This is related to a Kerberos client error and is resolved by adding a new SPN on the servername.
Resolution
This error can occur when there is a Server Principal Name (SPN) issue for the CRMFrontEndServer server. You can receive this error for any plugin published in the sandbox. It will only happen if the sandbox service is not installed on the same server as CRM web site and kerberos authentication is enabled for the website.
Steps to resolve:
Steps to resolve:
- Check Windows Event Viewer on CRM server for Kerberos client error.
- The error will indicate the service account and the needed SPN.
- Use the following command to list all the SPNs registered for the serviceaccountname.
setspn –l domain\serviceaccountname
The command displays only the SPN registered on the HTTP/CRMfrontEndServer.CRM.domainname.com (Fully Qualified domain name of the CRM front end server).
- Add a new SPN on the servername using the following command:
setspn –a http/CRMFrontEndServer domain\serviceaccountname .
- Restart the sandbox service
Additional Information
For more information on SPNs and their configuration you can check out this KB article from Microsoft.
'Security Negotiation Exception' during plug-in execution in CRM2013
'Security Negotiation Exception' during plug-in execution in CRM2013
Feedback
Yes
No
Powered by
