Copying a role does not work in Microsoft Business Solutions CRM version 1.2 (835292)


The information in this article applies to:

  • Microsoft CRM 1.2

SYMPTOMS

In Microsoft Business Solutions CRM version 1.2, when you try to copy a role, the copy operation may fail, and you may receive one of the following error messages in the CRM Server program event log:Error: Some security descriptors could not be adjusted after a privilege change. -2147205110 (0x80044005)
Description: <description> Invalid code for CRM error </description>
<details> Connection failure SQL State - 08501, Native error -0 </details>
<file>&:\crm\build\3297\src\platform\include\OMCommon\dataccess.inl </file>
<line> 324 </line> MSCRMSecurity Service Event ID:6148
Error: Some security descriptors could not be adjusted after a privilege change. -2147024809 (0x80070057)
Description: The parameter is incorrect.MSCRMSecurity Service Event ID:6148
Error: Some security descriptors could not be adjusted after a privilege change. -2147463168 (0x80005000)
Description: <could not load message>
Comments: GetRoleSids() failed:%d
Users who are assigned one of these new or copied Microsoft CRM roles may not be able to log on to the Microsoft CRM Server, and they may receive any one of the following error messages:
Access Denied "User has not been granted any licenses or the user has not been assigned any roles."
License Error The selected user or user trying to log on has not been assigned a security role or license, and does not have sufficient privileges for this action. For more information, contact your system administrator.
Users who use Microsoft CRM may also receive the following error message when they try to take actions:
The selected user does not have sufficient privileges for this action.
However, the users' roles should permit them to take the action.

CAUSE

This problem may occur if either of the following conditions is true:
  • You create or copy a Microsoft CRM role in an environment that has a slow Microsoft SQL Server server.
  • There are hundreds of thousands or millions of records in the Microsoft CRM databases.
The role-creation and copy operations update every record in Microsoft CRM that contains a security descriptor. The security descriptor contains information about the access privileges that Microsoft CRM users have to that record based on the Microsoft CRM roles that have been assigned to the users. The Microsoft CRM Web application may not report any errors to the end user. Therefore, users may have these Microsoft CRM roles assigned, but they receive "Access Denied" error messages when they try to access data that their Microsoft CRM roles should permit them to access.

RESOLUTION

Microsoft CRM has a fix for this problem that is part of a cumulative update. The cumulative update information is described in the following Microsoft Knowledge Base article:

904435 Update Rollup 2 is available for Microsoft CRM 1.2

MORE INFORMATION

After you install this hotfix and enable business units, you can create or copy roles. Even with this hotfix, the update of the security descriptor records may take several hours, depending on the speed of the Microsoft SQL Server server and on the number of records in the Microsoft CRM databases. See the Microsoft CRM online Help for more information about the creation and copying of security roles inside Microsoft CRM. For additional information about the changes that you may have to make to the Microsoft CRM Server configuration when you use certain high-powered hardware configurations, including hardware that uses GigaBit Ethernet adapters, click the following article number to view the article in the Microsoft Knowledge Base:

837528 Unable to successfully copy roles in Microsoft Business Solutions CRM

Modification Type:MajorLast Reviewed:12/21/2005
Keywords:kbHotfixServer kbQFE kbMBSadministration kbtshoot kbMBSMigrate KB835292 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.