Condividi tramite

Microsoft Dynamics CRM 2011 - Unable to run any reports due to missing security role in Default Organization

  • Articolo

This blog talks about an issue we face while running out of the box or custom reports from Microsoft Dynamics CRM 2011. We will observe that few users in CRM organization are able to run the report. Few other users would suddenly start getting script errors and unable to run any reports from CRM. In this scenario we receive different script errors. Following are the script errors we receive with the error message :- 

'Sys' is undefined

Reportviewer.aspx

Code:0

 

OR
Message: Sys.WebForms.PageRequestManagerParserErrorException: The message received from the server could not be parsed. Common causes for this error are when the response is modified by calls to Response.Write(), response filters, HttpModules, or server trace is enabled.

Details: Error parsing near '

<html>

<head>

<t'.

Line:5

Char:84093

Code:0

URI: https://xx.xx.xx=74AQt8L28NlXxchvwXlsYTo2VcsDEcCgU-G7K7WIvjkCNhS4tK4pjW7bpQ_-pZg7pxIw-38HwOyhg7e83kXd0DnQUrpVJ4oLEUYKYtciF5JSSDZNGeszMARFLR2zrNYV_vrExgs67ryL4NYu9BADLs-UurxMAXQu1U5i44ZyVSc1&t=2610f696

OR

Webpage error details:

User Agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2;.NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)

Timestamp: Tue, 17 Jul 2012 22:43:06 UTC

Message: Object expected

Line: 60

Char: 1

Code: 0

URI: https://crm2011:5555/CRMTest/CRMReports/rsviewer/reportviewer.aspx

Message: Object expected

Line: 60

Char: 1

Code: 0

URI: https://crm2011:5555/CRMTest/CRMReports/rsviewer/reportviewer.aspx

 

Following are the screenshots of the error we see when running reports from web client:-

 

 

 

 

 

Following is the screenshot of the error message we receive from CRM outlook client :-

 

 

 

 

I collected the CRM platform traces and found we see below error message which is weird as my user has a system administrator security role in the CRM organization from here the user is unable to run the report and receive the script errors:-

 

Error: The user is not assigned any privileges.

Error Number: 0x80042F09

Error Message: The user is not assigned any privileges.

Error Details: The user is not assigned any privileges.

Source File: Not available

Line Number: Not available

Request URL: https://xxxxx/WebResource.axd?d=Mih2KhqNXiMEZcdPxFxoPU35ZpqXzx5IgE22KWlLHEGWElPjg7jxqVW8lNuhobKyfviBzEIss0CJLe14lrREo7AchKHgzXS7E5qUN7rDMW41&t=634670320007546920

Stack Trace Info: [CrmException: The user is not assigned any privileges.]

at Microsoft.Crm.MainApplication.Application_OnPostAuthenticateRequest(Object sender, EventArgs eventArguments)

----------------------------------

An error occurred during the Application_OnPostAuthenticateRequest :

Error: The user is not assigned any privileges.

Stack Trace: at Microsoft.Crm.MainApplication.Application_OnPostAuthenticateRequest(Object sender, EventArgs eventArguments)

----------------------------------

 

This issue looked really different to me until I found out how the authentication works when a user runs a report from a particular organization in CRM.

  

CAUSE OF THIS ISSUE

  

This issue occurs when a user does not have Security Role assigned to him in his default organization in CRM . Now, by user's default organization we mean that organization in entire CRM deployment where the user was first created.

 

For instance I have 3 organization ORG1, ORG2 and ORG3 in CRM . I created a user say user1 in AD and then created this user as a CRM user in ORG 1 for the first time. Thus, ORG1 becomes the default organization for this user. Next, if I create the same user user1 in ORG2 it will not make a difference ORG1 still will be the default organization for USER1.

 

Thus, if future if we remove the security role of user1 from ORG1 , USER1 will not be able to run any reports from ORG2 or ORG3. The user will get all the above mentioned script errors.

 

REASON FOR THE AUTHENTICATION FAILURE 

   

The issue is caused when the user is being authenticated to access the ScriptResource.axd, WebResource.axd and Reserved.ReportViewerWebControl.axd controls. The UserCache is being examined while running any report to authenticate the user using the default  organization information and since the user doesn't have any privileges in that organization, the authentication fails and throws an exception. 

 

 

RESOLUTION

To resolve this issue we should give a security role to the user in his default organization. Please follow the steps mentioned in the last section on how to find default organization for any CRM user.

I have also seen this issue occurring in scenarios where user's has security role in his default organization but that default organization  is being disabled and no more in use but still present in deployment manager. Hence, in such cases either delete the disabled or unused organization from CRM deployment or enable the organization. 

 

To know HOW TO FIND DEFAULT ORGANIZATION FOR ANY USER IN MULTIPLE ORGANIZATION CRM DEPLOYMENT please refer to following blog :-

 

https://blogs.msdn.com/b/arpita/archive/2013/01/23/how-to-find-default-organization-for-any-user-in-multiple-organization-crm-deployment.aspx

 

Continuation of this issue in case this blog does not resolve the problem:-

https://blogs.msdn.com/b/arpita/archive/2014/09/24/unable-to-run-crm-2011-and-crm-2013-reports-sys-is-undefined.aspx

Comments

  • Anonymous
    July 22, 2012
    Good explanation, but i didnt understood why you have written two different blogs in one place.

  • Anonymous
    July 23, 2012
    Khaja Mohiddin : - Do you mean Explaination of How to find Default Organization for a user in this bolg ? Well, we need to give security role to the user in default but users mught not know how to find that and hence the explaination..

  • Anonymous
    August 22, 2012
    Well documented. Helps a lot. Thanks!

  • Anonymous
    February 21, 2013
    Great post. This solved my problem. Thank you so much

  • Anonymous
    May 16, 2013
    I have added a new user in an Organization and provided him the System Administrator role. And after that I have created a new Advance Find Report. But the report is not working and giving the same error.

  • Anonymous
    May 24, 2013
    The new user in this org ,was he the user in any existing organization? If no , then the issue might different related to missing SPN etc. You would probable need to check CRM platform trace or reporting logs  

  • Anonymous
    October 10, 2013
    Great post. It resolved our issues. Thanks,

  • Anonymous
    June 04, 2015
    Great Post ! Resolved a long pending issue ... Thanks

  • Anonymous
    July 12, 2015
    What would happen if the user's default organisation gets deleted?

  • Anonymous
    August 13, 2015
    Ventak If user's default organization gets deleted  , automatically the second org where the user was created becomes its default org. You can always run below query to find user's default org • Select a.domainname ,a.systemuserid ,d.DatabaseName ,d.uniquename from <Org Name>_MSCRM.dbo.systemuserbase a WITH (NOLOCK) inner join MSCRM_CONFIG.dbo.SystemUserOrganizations b WITH (NOLOCK) on a.SystemUserId = b.CRMUserId inner join MSCRM_CONFIG.dbo.SystemUser c WITH (NOLOCK) on b.UserId = c.id inner join MSCRM_CONFIG.dbo.Organization d WITH (NOLOCK) on c.DefaultOrganizationId = d.id where a.domainname ='DomainUsername'

  • Anonymous
    February 23, 2016
    Just what I needed to know, thanks!