Monday, February 21, 2011

SoapException: 0x80040204 Invalid user auth. Platform (Multi-tenancy)

Last week, one of my colleagues faced a very strange issue. Only four users out of two hundreds got below errors on one of his extension page module. (He was using Active Directory authentication type and Multi-tenancy deployment in his program.)

SoapException:
0x80040204
Invalid user auth.
Platform

Exception: The request failed with HTTP status 401:
Unauthorized.App_Web_z6j-hbn7Void Create()

I tried to help him trace error on various scenarios. Checking in program code, logic and credential shows no issue. When I hard-code user's credential in his program, application worked perfectly. But, when I key-in this credential through log-in screen, the error came out.

We also noticed some strange behaviors in this CRM deployment.
  1. CrmService could not return current user id through WhoAmI query. 
  2. When I log-in with those users' credentials, CRM loader page was redirected to another organization which was not a correct default organization we specified in Deployment Manager. 
  3. Although we tried to specified default organization again and again, it was always redirected to the wrong one.

After careful analysis, we found that those CRM users belong to more than one organizations, and some organizations in this deployment have been imported multiple times through Deployment Manager. I used CrmImpersonator in his code, and found that program returned wrong user id. Please refer to below error message.

Exception type: CrmObjectNotFoundException
Exception message: systemuser With Id = [Guid] Does Not Exist

I decided to look for more information in MSCRM_CONFIG database and found following useful information:


  1. Default Organization in stored in Deployment table
  2. Crm User ID is stored in SystemUser table
  3. Default Organization for Crm User is stored in SystemUserOrganizations table
In our case, organization id for those users in SystemUserOrganizations was pointed to another organization id. After updating organization id with default organization one, program worked perfectly. May be it is an another unsupported way to solve the issue :)

DECLARE @DefaultOrgID UNIQUEIDENTIFIER
, @CrmUserID UNIQUEIDENTIFIER

-- Your CRM User Id, Specified in your CRM Organization
SET @CrmUserID = 'D06DDFBC-0DB7-DF11-8756-000C2956F0A0'

SELECT @DefaultOrgID = DefaultOrganizationId
FROM Deployment

UPDATE SystemUser
SET DefaultOrganizationId = @DefaultOrgID
FROM (SELECT UserId
  FROM SystemUserOrganizations 
  WHERE CrmUserId = @CrmUserId) AS U
WHERE SystemUser.Id = U.UserId

Reference:
Why is the default organization does not change when we modify the Deployment Manager?