Thursday, May 19, 2011

CRM 2011 Error Sandbox Host - Access Denied

Okay for those of you who have stumbled upon this issue when changing Dynamics CRM to run under a custom account then here is hte solution:
Your account should be a domain user account with the following permissions as recommended by Micrsoft:
  • Domain User membership.

  • That account must be granted the Logon as service permission in the Local Security Policy.

    • If you add the account as a member of local administrator then that should be sufficient.
  • Folder read and write permission on the \Trace, by default located under \Program Files\Microsoft  Dynamics CRM\Trace, and user account %AppData% folders on the local computer.

  • Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM subkey in the Windows Registry.

  • The service account may need an SPN for the URL used to access the Web site that is associated with it. To set the SPN for the Sandbox Processing Service account, run the following command at a command prompt on the computer where the service is running.
    SETSPN –a MSCRMSandboxService/<ComputerName> <service account>


    • If you want to change your Dynamics CRM web app to run under this account  then you will need to do some more stuff
  • The account should be in the sysadmin group of the SQL Server where your crm database is located.

  • The account should be in the SQLAccessAGroup

  • Add to CRM_WPG group

  • Add to PrivUserGroup (this is usually missed)


    • Hope this helps someone out there.



    Posted by at

    7 comments:

    1. Andrew ParisioJune 2, 2011 at 3:53 PM

      It's important to note that the COMPUTER account for CRM must be a member of the PriveUserGroup. At least mine didn't work until I added the computer account.

      ReplyDelete
    2. AnonymousJanuary 19, 2012 at 9:17 AM

      Hi,
      thank you.
      what is the MSCRM_WPG group?
      I can't see anywhere such a group.

      Regards
      Andreas

      ReplyDelete
    3. UnknownNovember 6, 2012 at 4:45 PM

      I tried the instructions above and am now recieving additional errors

      A Sandbox Host is not available.
      Source: CrmAsyncService.exe (1548)
      Sandbox Host: CRM
      Reason: System.ServiceModel.FaultException`1[Microsoft.Xrm.Sdk.OrganizationServiceFault]: Access Denied. Reference number for administrators or support: #0CE8359A

      Sandbox Host - Access Denied.
      Host: CRM
      User: xxxx

      ReplyDelete
    4. AnonymousSeptember 2, 2013 at 5:54 AM

      Same here...

      ReplyDelete
    5. UnknownOctober 16, 2013 at 2:49 AM

      same here as well!

      ReplyDelete
    6. AnonymousJuly 27, 2015 at 8:40 PM

      same here.. nonsense..

      ReplyDelete
    7. ignatzmachanMarch 4, 2022 at 12:15 PM

      Wynn Las Vegas, Nevada, United States - MapYRO
      Wynn Las Vegas. Overview. Hotel. Casino. Casino type. Theme. Rooms. 1,034. Guest rooms. 전라북도 출장마사지 1,034. Casino type: 2,034. Casino type: 3,034. Casino type: 4,034. 하남 출장마사지 Casino 삼척 출장마사지 type: 5,034. Casino type: 6,034. Casino type: 7,904. Casino type: 세종특별자치 출장마사지 8,916. 이천 출장샵 Casino type: 9,903. Casino type: 10,903.

      ReplyDelete

    Subscribe to: Post Comments (Atom)