I created the required security groups through Quest software. I do not have direct access to our AD but through Quest: I can manage my OU by creating user/account/group and manage these.
Everything went smoothly: DB created, CRM web site created, Deployment web service created.
The setup process stuck in creating Organization web service with the error:
Info| Executing Install action: Microsoft.Crm.Setup.Server.GrantAspNetServiceAccountAccessAction
09:57:00| Error| System.Exception: Action Microsoft.Crm.Setup.Server.GrantAspNetServiceAccountAccessActionfailed. ---> System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.UnsafeNativeMethods.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at Microsoft.Crm.Setup.Server.Utility.ADUtility.GrantAccess(DirectoryEntry groupEntry, String accountName)
at Microsoft.Crm.Setup.Server.GrantAccessToServiceAcountAction.Do(IDictionary parameters)
at Microsoft.Crm.Setup.Common.CrmAction.ExecuteAction(CrmAction action, IDictionary parameters, Boolean undo)
--- End of inner exception stack trace
This happened after the CRM App Pool added to security Group:
Executing Install action: Microsoft.Crm.Setup.Server.AddAspNetServiceAccountToPrivilegedUserGroupAction
What special permission needs to be added to the AD group for the CRM App Pool account?
Did not see any documents?
Thanks,