Error "The security context token is expired or is not valid. The message was not processed." opening agentdesktop

Jan 29, 2013 at 8:59 PM

My scenario is a typical AgentDesktop.exe client using the template. In the backend my CRM Servers are behind a NLB, they're 3 servers.

I've followed the technet article "Install Microsoft Dynamics CRM Server 2011 on multiple computers" , http://technet.microsoft.com/en-us/library/hh699803.aspx, created the SPNs, did the configuration on the deployment manager but the AgentDesktop cannot connect. If I change the server name to one of the nodes it work perfectly but if I use the nlb url or it's IP it cannot connect. The logs show

Error : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.

And the inner exception

Error : The security context token is expired or is not valid. The message was not processed.

The dynamics crm homepage works Ok with the nlb address or with each host address.

Any idea what else can I be missing?

Thanks.

Jan 30, 2013 at 5:21 PM
Is this CRM server configured for active directory or Claims?
Mattb.

Sent from my Windows Phone

From: dtriana
Sent: ‎1/‎29/‎2013 1:00 PM
To: mattb-msft@hotmail.com
Subject: Error "The security context token is expired or is not valid. The message was not processed." ope... [crmcca:431318]

From: dtriana

My scenario is a typical AgentDesktop.exe client using the template. In the backend my CRM Servers are behind a NLB, they're 3 servers.

I've followed the technet article "Install Microsoft Dynamics CRM Server 2011 on multiple computers" , http://technet.microsoft.com/en-us/library/hh699803.aspx, created the SPNs, did the configuration on the deployment manager but the AgentDesktop cannot connect. If I change the server name to one of the nodes it work perfectly but if I use the nlb url or it's IP it cannot connect. The logs show

Error : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.

And the inner exception

Error : The security context token is expired or is not valid. The message was not processed.

The dynamics crm homepage works Ok with the nlb address or with each host address.

Any idea what else can I be missing?

Thanks.

Feb 1, 2013 at 8:35 PM
Hello Matt,

The CRM Server is configured for Active Directory, no claims or IFD, it's for intranet use only.

I just double checked:

-On the dynamics deployment manager the web address for the web application is the name of the nlb with it's port (I'm running on 5555)

-On the dynamics deployment manager the checkbox for NLB is set

-The SPNs supposing that my domain is called DDD, the nlb is called nlbdynamics and the three servers are proddyamics01, 02 and 03 and my service account is called dynamics:

C:\Windows\system32>setspn -l ddd\dynamics
Registered ServicePrincipalNames for CN=Dynamicscrmusr,DC=ddd,DC=inet:
    HOST/proddynamics01:5555
    HOST/proddynamics02:5555
    HOST/proddynamics03:5555
    HOST/nlbdynamics:5555
    HOST/nlbdynamics.nh.inet:5555
    HOST/proddynamics03.nh.inet:5555
    HOST/proddynamics02.nh.inet:5555
    HOST/proddynamics01.nh.inet:5555
    HTTP/nlbdynamics:5555
    HTTP/nlbdynamics.nh.inet:5555
    HTTP/proddynamics01.nh.inet:5555
    HTTP/proddynamics02.nh.inet:5555
    HTTP/proddynamics03.nh.inet:5555
    HTTP/proddynamics03:5555
    HTTP/proddynamics02:5555
    HTTP/proddynamics01:5555
    HTTP/proddynamics01.nh.inet
    HTTP/proddynamics02.nh.inet
    HTTP/proddynamics03.nh.inet
    HTTP/proddynamics03
    HTTP/proddynamics02
    HTTP/proddynamics01
    HTTP/nlbdynamics
    HTTP/nlbdynamics.nh.inet
And the UseAppPoolCredentials is set to True in the web.config of the DynamicsCRM web site.

Anything else I can be missing?

Thanks.