Hi.
Our Internal CRM system is up and running and is looking like its working fine except one smal problem.
There are a few users we can not add. Most of the users work fine.. its just a few users that fail.
This is a multi domain system where CRM groups are lokated in a central domain with users in others with full trust.
CRM is givng me a default error message..
When i look up the user in the new user form it all works fine, but when i press save it failes.
The trace shows this:
i have change the dommain names.
SystemUser.Create for user (secondarydomain)\urickne
SystemUser.Create for user (secondarydomain)\urickne : ENTERING CreateInternal
SystemUser.Create for user (secondarydomain)\urickne : CreateInternal : Validate User Count Completed
Domain Name (secondarydomain)\urickne
Retrieving SID from account (secondarydomain)\urickne.
Retrieved SID S-1-5-21-3293309684-2054252619-4209699976-3932 for account (secondarydomain)\urickne.
Searching AD to retrieve GUID from SID
earching AD using DefaultNamingContext as the search type
Searching for SID S-1-5-21-3293309684-2054252619-4209699976-3932 to get AD GUID.
GUID for SID is null.
Searching AD using GlobalCatalog as the search type.
GUID for SID is null
GetGuidFromSid(DirectorySearcher, byte[]) was unable to find Active Directory object for SID.
Retrieved GUID 00000000-0000-0000-0000-000000000000 for the searched SID
Finding AD GUID from SID S-1-5-21-3293309684-2054252619-4209699976-3932 in the given domain: secondarydomain.
Found AD GUID f4b1b5dc-ca32-43fc-9bf6-8c254dd1ad81 From SID for the given domain: secondarydomain.
Retrieved SID S-1-5-21-3293309684-2054252619-4209699976-3932 for account secondarydomain\urickne.
Adding principal to group 77397620-c8ae-4459-9902-61da0c9f587f. SID is S-1-5-21-3293309684-2054252619-4209699976-3932.
Add user f4b1b5dc-ca32-43fc-9bf6-8c254dd1ad81 to group 77397620-c8ae-4459-9902-61da0c9f587f using Distinguished Named failed, trying again to add the user using SID.
Adding principal to group CN=ReportingGroup {0cf0bf92-23d2-4438-b179-1a1d5c475645} using sid S-1-5-21-3293309684-2054252619-4209699976-3932
Calling method Add on the AD Object/Node LDAP://
Adding principal to group CN=ReportingGroup {0cf0bf92-23d2-4438-b179-1a1d5c475645} failed with the error System.DirectoryServices.DirectoryServicesCOMException (0x80072035): The server is unwilling to process the request. (Exception from HRESULT: 0x80072035).
[2012-10-10 11:51:41.343] Process: w3wp |Organization:2fd234e5-400c-e111-aa5a-78e3b50f033e |Thread: 26 |Category: ADUtility |User: 64f61167-c012-4f33-b0c1-529237bf4b07 |Level: Info |ReqId: 5e58ca04-a7cb-41e3-b555-261d2a7c0446 | SecurityUtils.CheckMembership
Checking membership for principal f4b1b5dc-ca32-43fc-9bf6-8c254dd1ad81 in group 77397620-c8ae-4459-9902-61da0c9f587f.
Calling method IsMember on the AD Object/Node LDAP
IsMember: False.
Adding principal to group failed with the error System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.DirectoryServices.DirectoryServicesCOMException: The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)
IsSandboxException: TargetInvocationException
Crm Exception: Message: Server was unable to process request., ErrorCode: -2147016651, InnerException: System.DirectoryServices.DirectoryServicesCOMException (0x80072035): The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)
MessageProcessor fail to process message 'Create' for 'systemuser'
I have looked at the accounts and had there secondary domain admin check the users and they look fine.
I have had the users change passwords so they should fitt both domains password policy.
I'm at a loss here.
What should i look at next?
This is just for 2 users. out of about 60 tried so fare...
I hope some one can help me here..
Sveinung Chr.