First off let me start describing how I have the CRM server setup.\u00a0<\/p>\n
When I run the following code\u00a0<\/p>\n
Uri discoUri = new Uri(“https:\/\/crmserver:4445\/XRMServices\/2011\/Discovery.svc”);<\/em><\/p>\n ClientCredentials clientCredentials = new ClientCredentials();<\/em> using (var _serviceProxy = new DiscoveryServiceProxy(discoUri, null, clientCredentials, null))<\/em><\/p>\n \n{<\/em> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 RetrieveOrganizationsRequest orgsRequest = new RetrieveOrganizationsRequest()<\/em><\/p>\n \n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 {<\/em> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 RetrieveOrganizationsResponse organizations = (RetrieveOrganizationsResponse)service.Execute(orgsRequest);<\/em><\/p>\n \n}<\/em><\/p>\n I get this exception:<\/p>\n Exception:<\/em><\/strong> SOAP security negotiation with ‘https:\/\/crmserver:4445\/XRMServices\/2011\/Discovery.svc’ for target ‘https:\/\/crmserver:4445\/XRMServices\/2011\/Discovery.svc’ failed. See inner exception for more details.<\/em><\/p>\n Inner Exception:<\/em><\/strong> Security Support Provider Interface (SSPI) authentication failed. The server may not be running in an account with identity ‘host\/crmserver’. If the server is running in a service account (Network Service for example), specify the account’s ServicePrincipalName as the identity in the EndpointAddress for the server. If the server is running in a user account, specify the account’s UserPrincipalName as the identity in the EndpointAddress for the server.<\/em><\/p>\n I get this error running the code above, using the Plugin Registration Tool or other CRM tools from a computer other than the server. If I run the code\/tools on the server they run just fine.<\/p>\n Since I’m using Kernel Mode in IIS 7.5 and a Domain User account I was under the assumption that HTTP SPN’s didn’t need to be setup, just for the heck of it I added two HTTP SPN’s against the Domain User account<\/p>\n And that didn’t seem to help either!<\/p>\n Interestingly enough if I switch from HTTPS to HTTP I can connect from the client machinse so I’m really confused why an issue that appears to be Windows Authentication\/Kerberos related suddenly disappears once I use HTTP!<\/p>\n","protected":false},"excerpt":{"rendered":" First off let me start describing how I have the CRM server setup.\u00a0 Single Server Install (CRM + SQL) HTTPS setup on non-standard port (4445), one binding and using an SAN certificate signed by our CA in our domain One domain user account used to run everything (IIS App Pool, Async Service, Deployment Service, etc…) […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6529","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/6529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=6529"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/6529\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=6529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=6529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=6529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nclientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(USERNAME, PASSWORD, DOMAIN);<\/em><\/p>\n
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/\/ You can choose to use the interface instead of the proxy.<\/em>
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 IDiscoveryService service = _serviceProxy;<\/em><\/p>\n
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 AccessType = EndpointAccessType.Default,<\/em>
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Release = OrganizationRelease.Current<\/em>
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 };<\/em> \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0<\/p>\n\n