Posted by (JavaScript must be enabled to view this email address) on Wed 11 Mar 2009

On our Windows 2008 infrastructure we had a major issue trying to get CRM and SharePoint 2007 to work as we expected.  The main issue was down to the Kerberos double hop issue which is ever present in Windows 2008 (Microsoft love to make things difficult for us); after some errorlog tracing we were able to find that there were several duplicate SPN’s:

1.    0x29 KRB_AP_ERR_MODIFIED
2.    0x19 KDC_ERR_PREAUTH_REQUIRED
3.    0xd KDC_ERR_BADOPTION

I started by deleting the duplicate SPNs using the following commands

setspn -d http/AD-SRV.domain.com domain\crmadmin
setspn -d http/AD-SRV.domain.com domain\svcmosscontent
setspn -d http/AD-SRV.domain.com domain\svcmossssp
setspn -d http/CRM-SRV.domain.com domain\crmadmin
setspn -d http/MOSS-SRV.domain.com domain\svcmossssp

Next we found that some of the machine accounts weren’t functioning correctly for kerberos, it appeared that the SPNs for these had gone AWOL too, so I recreated them with the following commands:

setspn -R CRM-SRV
setspn -R MOSS-SRV

MOSS and CRM still werent working but we were getting much more useful errors now, which led me to re-create the correct SPNs:

setspn -A http/CRM-SRV domain\crmadmin
setspn -A http/CRM-SRV.domain.com domain\crmadmin
setspn -A http/MOSS-SRV domain\svcmossssp
setspn -A http/MOSS-SRV.domain.com domain\svcmossssp
setspn -A MSSQLSvc/AD-SRV.domain.com:1433 domain\crmadmin
setspn -A MSSQLSvc/AD-SRV.domain.com:1433 domain\CRM-SRV$
setspn -A MSSQLSvc/AD-SRV.domain.com:1433 domain\MOSS-SRV$
setspn -A MSSQLSvc/CRM-SRV.domain.com:1433 domain\crmadmin
setspn -A MSSQLSvc/MOSS-SRV.domain.com:1433 domain\svcmossssp
setspn -A MSSQLSvc/MOSS-SRV:1433 domain\svcmossssp

A quick server reset later and we were ready to go!  MOSS and CRM functioning as they should be!

Posted by (JavaScript must be enabled to view this email address) on Wed 11 Mar 2009

After installing Office 2007 Project Server on our MOSS 2007 box we were unable to provision the project access website as it was failing with the error message:

“The Project Application Service doesn’t exist or is stopped. Start the Project Application Service.”

To resolve it we had to first of all:

stsadm -o provisionservice -action start -servicetype “Microsoft.Office.Project.Server.Administration.ProjectApplicationService, Microsoft.Office.Project.Server.Administration, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C” -servicename ProjectApplicationService

Then provide the MOSS SSP Account with temporary administrative access to the DB server to allow it to generate the required dbs.

Posted by (JavaScript must be enabled to view this email address) on Tue 10 Mar 2009

Here is some example/helper code to create a hash function using the Microsoft Enterprise Library.

 
namespace YourApplication.Helper.Cryptography
{
    public static class CryptographyHelper
    {
 
        public static string DoHash(string Value)
        {
            MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
            byte[] input;
            byte[] output;
 
            string _salt = ConfigurationManager.AppSettings["salt"];
 
            //encrypt the password by hashing with the salt
            input = System.Text.ASCIIEncoding.ASCII.GetBytes(_salt + Value);
            output = md5.ComputeHash(input);
            string hash = Convert.ToBase64String(output);
            return hash;
        }
    }
}