Dynamics 365 unexpected error - dynamics-crm

When creating a case I get the below error.
Access Error The system could not log you on. This could be because
your user record or the business unit you belong to has been disabled
in Microsoft Dynamics 365. If you contact support, please provide the
technical details.
This occurred shortly after deleting the CRM Admin user and creating a new CRM Admin user in the Office 365 users screen.
The more technical message is
The user with
SystemUserId=bb51ba1c-66e8-4dc1-82ca-cb64e25f3ff9 in
OrganizationContext=7e061672-3a31-4588-9770-9f94711c7f09 is
disabledDetail.

The error message is saying that the user with that ID is disabled so the first thing to do would be to open that record and check which user it is.
To do that, use the URL below but replace the xx's and the yourregion part of the url (I've already added your user id).
https://xxxxxxxx.yourregion.dynamics.com/main.aspx?etc=8&extraqs=&histKey=952109180&id={bb51ba1c-66e8-4dc1-82ca-cb64e25f3ff9}&newWindow=true&pagetype=entityrecord
You will then need to enable that user or resolve problems from there.
I would also check that you don't have any plugins or workflows which have been setup to run as that user when creating a case.

Related

Power Automate (MS Flow) Error: "Something went wrong. The requested approval is not accessible to the caller." How do I fix this?

My user tries to access Microsoft Power Automate (Flow) approvals via email notifications that the Flow sends to them. When clicking on the approval, they get an error "Something went wrong. The requested approval is not accessible to the caller." When directly accessing their approvals at us.flow.microsoft.com > Action items > Approvals, they only see approvals up to January. The same approvals are working for other users. How do I fix approval access?
I tried having the user login via an incognito tab. I also checked whether the user still has MS PA licenses assigned to them, and they seem to be correct (the user has MS 365 E1, MS 365 Business Premium, and MS Power Automate Free).
Figured out the what was causing the issue for our user. The user had a duplicate enterprise microsoft account, so both were being sent the email notification about the approvals, but only the duplicate account was being given access to them. Removing the duplicate account fixed the issue.
If we had had two users with the same name & neither can be deleted, another solution would've been to change how the approvals are routed (ie. by email instead of name.)

Unable to Assign an Incident in workflow- CRM

We have used the case Entity, there is default user that is used to assign a case on new creation or reactivation.
We have a workflow created for Case Reactivation, so whenever a case is reopen it is assigned to the default system user. It was working fine till September 20, but now when you give the survey after case resolution and then try to reactivate it it throws error in workflow. It works fine when you try to reactivate without giving the survey.
Error:
The real-time workflow named "Case is Resolved/Reopened" failed with the error "Principal user (Id, type=8, roleCount=1, privilegeCount=619, accessMode=0), is missing prvReadmsfp_questionresponse privilege (Id) on OTC=10247 for entity 'msfp_questionresponse'.
The System user has the role assigned as of salesperson, giving permission for this entity to salesperson does solve the issue, but the salesperson role is being used by many others to whom permission for this entity can't be given.
Can anyone tell us why this started causing issue after a particular time. Was there any updates from Microsoft Forms Pro for this entity?
Its very possible there have been updates from MS. You can review the solution history in make.powerplatorm.
https://learn.microsoft.com/en-us/powerapps/maker/common-data-service/solution-history
Look for the forms pro solution and check the solution history.
Is the "Default" user an actual person that logs in? Or a Service account that is only used for automation/workflows?
In any case, I'd suggest creating an add-on or feature role called something like "Question Response Reader" that only has the read permission for that entity. You can then add that role to the default user, and any other users that need to read that entity.
Probably Microsoft changed something in the background especially w.r.t security of forms Response entity msfp_questionresponse.
You easily solution is to give proper security rights to user who is ruining your workflow.
If it is run by the owner of the workflow then that user, if workflow runs under the context of user then that user should have read rights for entity msfp_questionresponse

Dynamics 365 Plugin Registration Tool gives permission error

When I try to connect to Dynamics 365 CRM with the Plugin Registration Tool I get the following permission error:
"You don't have permission to access any of the organizations in the
Microsoft Common Data Service region that you specified. If you're not
sure which region your organization resides in, choose "Don't know"
for the CDS region and try again. Otherwise check with your CDS
administrator. Parameter name: EMEA"
I have the System Administrator role
I can sign-in to the web interface and work with no issues
I'm sure of our region, tried to login with and without it ("Don't know" option)
Also tried with an application password as our organization uses multi factor authentication
Using the latest version of the tool on Nuget (9.0.0.9506 in the about dialog)
I can connect to my trial server the same way
We had a user who was able to connect with the same user roles set
This seems machine and account independent. Other users including the organization creator are getting the same error
We are directly connected to the internet, no proxies
One solution I've read suggested cleaning the cache files which don't appear on my system. And we get the same error on clean installations.
Solved by leaving the "Show Advanced" checkbox unchecked and not entering User ID / Password. Then a second dialog opens for credentials and 2FA authentication which just works.
You don't need an application password, as you'll be asked for MFA in the next step.
I don't know how our old teammate was able to sign in with the "Show Advanced" option selected. He was getting the same dialog and continue.

Dynamics CRM Plugin Trace log record throwing Access Denied error for System Administrator

Its really weird to see Access Denied error for System Administrator in CRM.
When trying to open any record from Plugin trace logs, system throws the below error in our dev environment.
Access Is Denied
You do not have enough privileges to access the Microsoft Dynamics CRM object or perform the requested operation. For more information, contact your Microsoft Dynamics CRM administrator.
Unable to verify the missing access rights as there is no 'Download Log' button, platform trace cannot be checked since this is CRM online. I don't see any relationship control issue like lookup/subgrid in this OOB entity.
Also if you see the page title, it says Dashboard - fishy? Any pointers to troubleshoot this?
This is crazy, when we try to delete the Plugin trace log entries, it says the most useful message:
Not enough privilege to access the Microsoft Dynamics CRM object or perform the requested operation. The current Organizationid '79bd6aa8-984f-4d51-ae47-0a178c71d762' does not match with userOrTeam's organization id '760ed188-468e-40ca-86bd-ceca16ee64a1'.
So these were moved as part of sandbox refresh from another instance. Damn, then why they are showing in this org grid beyond POA; MS can answer it, probably they will solve this platform bug as its not allowing to delete because of POA.

GetMaxPrivilegeDepthForUser Error when using the CRM Dynamics API

I am trying to integrate CRM Dynamics with Adobe Campaign, but I am getting an error.
Can anyone help me understand the meaning of this error:
'SecLib::GetMaxPrivilegeDepthForUser failed. Returned hr= -2147209463, User: a37d4ef0-7684-e511-8129-c4346bacefdc'
Give the service account user that you're using to authenticate with CRM's System Administrator role and make sure that user is also assigned to the most top-level business unit; if it doesn't work after that I would try creating a new administrator account from scratch.
Our team was using the wrong company id or better to say organisation id for the CRM account. Using the correct value fixed our problem.

Resources