I have the server side integration in place between CRM 2016 (sp1) and Sharepoint 2016 which is working fine for all but two users
When trying to upload documents via CRM > Documents (they can get as far as choosing a document to upload) they get a 401 unauthorised error.
They are in the same CRM security group as other working users (full control of Sharepoint Sites and Document Locations except they do not have delete)
They are in the Site Members role on the relevant sharepoint site (and if you go to the sharepoint site directly they can upload documents without issue)
When they try to upload the documents it raises an error in the Sharepoint Application event log:
An exception occurred when trying to issue security token: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs..
It's claims based so I have checked the email addresses as shown in CRM, Sharepoint and AD (they match). I'm unsure how to debug this any further.
Any thoughts?