We found a case where after upgrading a Microsoft Dynamics CRM 2013 on-premise installation that uses Windows Authentication to Microsoft Dynamics CRM 2015, even the Deployment Administrator started getting

http 401.1  Access denied

The upgrade process runs fairly easily (after you back up your encryption key, which might require steps found at http://blogs.msdn.com/b/crminthefield/archive/2014/06/30/tips-dynamics-crm-2013-field-level-data-encryption-management.aspx). Of course when systems administration work goes that smoothly, one should expect an error like this!

If you get this issue, try the following:

1. On the CRM server, in IIS Manager > Sites, select “Microsoft Dynamics CRM”. In middle “IIS” section of right-hand window, select “Authentication”.

2. Right-click Windows Authentication (at the bottom), select “Advanced Settings.”

3. In the box that pops up, check “Enable Kernel-mode authentication.”

4. In the tree, select the servername, click “Stop.” Once it is stopped, go there again and click “Start.”

If that doesn’t do it for you, double-check your SPN registrations with a “setspn -l [servername]”, as problems there can also lead to this error. More details on that are at http://blogs.msdn.com/b/webtopics/archive/2009/01/19/service-principal-name-spn-checklist-for-kerberos-authentication-with-iis-7-0.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *