Riva CRM Integration - Documentation and Knowledge Base
Knowledgebase
...
toggle

Microsoft Dynamics CRM Online: Connection Errors Explained

Article ID: 251
Last updated: 04 May, 2021
This article is about errors that might occur while creating or updating a Dynamics CRM connection, and it suggests adjusting firewall rules to allow required traffic.

Issue

When the Riva On-Premise Microsoft Dynamics CRM Wizard tries to create a connection to the versions it supports, several connection problem error windows may indicate that "Riva could not connect to Microsoft CRM. Please verify the connection information." The following reasons may be given:

  • Authentication Failed!
  • Unable to connect to the remote server.
  • Unable to initialize communication with the Passport server (Error Code: 8004883).
  • Unable to log on for the given user name and password (Error Code: 80048869).

Riva In-House Test Results

A test was conducted using a Windows 2008 R2 x64 server VMware virtual machine with Wireshark and the Riva On-Premise server installed. As part of the test, a WireShark trace was started and then a successful connection was created in the Riva On-Premise server to Dynamics CRM Online using a trial account that we had created. Take note that we did not have aggressive firewall rules in place, so the trace was able to determine which online resources the Riva CRM connection wizard had to connect to in order to successfully create a Riva connection to Dynamics CRM Online.

For the test environment:

  • the account was gordw@omni-ts.com, and
  • the address was https://omnitechnologysolutions.crm.dynamics.com/.

During the test, a working connection was created using the following Riva CRM connection settings:

Note: The Organization was left blank. When we tried to use "OmniTechnologySolutions" as the Organization, we received an error that the Organization did not exist.

The Riva Manager application created a connection and saved it on the right pane. Double-clicking the connection displayed the following window:

An examination of the trace file confirmed that many internet resources were accessed. This article, https://support.microsoft.com/kb/2655102, describes which internet resources are accessed and what needs to be enabled in firewall rules. Note that using IP-based rules may not work, because some resources use dynamically assigned IP addresses from a DNS pool. To see what we are referring to, run an nslookup on "login.live.com". In particular, we discovered that the Riva connection needs to access the following:

  • https://dev.crm.dynamics.com (North America), or https://dev.crm4.dynamics.com (EMEA), or https://dev.crm5.dynamics.com (APAC). EMEA and APAC Riva admins need to set an app.setting key and value in .config files. For instructions, see Configure Riva for EMEA or APAC Passport URL.
  • https://login.live.com
  • https://signin.crm.dynamics.com
  • https://<companyaccountname>.api.crm.dynamics.com, for example https://omnitechnologysolutions.api.crm.dynamics.com
  • https://<companyaccountname>.crm.dynamics.com, for example https://omnitechnologysolutions.crm.dynamics.com
  • http://clientconfig.passport.net/ppcrlconfig.bin
  • http://disco.crm.dynamics.com
  • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
  • https://online.dynamics.com
  • https://mbs.microsoft.com
  • https://go.microsoft.com

Hence, as the above bulleted list suggests, a rule for *.crm.dynamics.com covers the online crm.dynamics.com resources that Riva On-Premise attempts to access.

Riva Connection Authentication Error

Sometimes, an error window appears and displays Unable to log on to the Service for the partner = "crm.dynamics.com" (Error Code: 80048862). Riva uses Passport authentication to Dynamics Online that uses a Microsoft-provided API to enable access.

You can test this challenge by trying to access http://login.live.com/RST2.srf, which attempts to access one of the required authentication services and should return an XML page in the browser. If there is a challenge, another error window will appear, indicating that you cannot download the RST2.srf file.

This or similar types of errors indicate that there may be specific content or application filtering in place that prevents access to online services like MSN Chat.

Recommendations

To ensure that Riva On-Premise connections to Dynamics CRM Online will work:

  1. Apply firewall rules for the following:
    • *.crm.dynamics.com
    • login.live.com
    • online.dynamics.com
    • mbs.microsoft.com
    • go.microsoft.com
    • clientconfig.passport.net/ppcrlconfig.bin
    • crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
       

  2. Permit only secure https:// access to the above.

  3. If an error message says that the organization name cannot be found or does not exist, try creating the connection leaving the Organization field blank.

Article ID: 251
Last updated: 04 May, 2021
Revision: 8
Views: 13771
Also read

Also listed in

Prev
Next
« Set Up Riva User-Credentials-Based Dynamics CRM Connection
Microsoft Dynamics CRM: Security Role Permissions Explained »

rss