Microsoft KB Archive/837528

= Unable to successfully copy roles in Microsoft Business Solutions CRM =

Article ID: 837528

Article Last Modified on 8/5/2005

-

APPLIES TO


 * Microsoft CRM 1.2
 * Microsoft Business Solutions CRM 1.0

-



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When you try to copy a role in Microsoft Business Solutions CRM, and the copy operation fails, you may receive an error message that similar to any of the following:

The server is not operational.

The user does not exist in Active Directory.

The Directory Service is not available.

You may also receive any one these error messages when you try to view data or try to change users' properties in Active Directory Users and Computers on the server that is running Microsoft CRM.

The following entries are recorded in the Microsoft CRM server application event log: Error: Some security descriptors could not be adjusted after a privilege change. -2147205110 (0x80044005)

Description: Invalid code for CRM error

Connection failure SQL State - 08501, Native error -0

&:\crm\build\3297\src\platform\include\OMCommon\dataccess.inl

324

MSCRMSecurity Service Event ID:6148

Error: Some security descriptors could not be adjusted after a privilege change.

-2147024809 (0x80070057)

Description: The parameter is incorrect.

MSCRMSecurity Service Event ID:6148

Error: Some security descriptors could not be adjusted after a privilege change.

-2147463168 (0x80005000)

Description:

Comments: GetRoleSids failed:%d

This issue is most common when the computer that is running Microsoft CRM is a multi-processor server that is configured with a Gigabit Ethernet network interface card



CAUSE
This issue occurs because the Microsoft CRM server performs a Lightweight Directory Access Protocol (LDAP) bind operation for every object that is copied, and allocates an ephemeral remote procedure call (RPC) port for each of these connections. Microsoft Windows Server 2003 and Microsoft Windows 2000 Server hold the ports for four minutes and then release the ports for other network connections. By default, Windows Server 2003 and Windows 2000 Server enumerate 5,000 ports. However, the first port that is available for use by programs is port 1,024. Therefore, a maximum of 3,977 (not 5,000) active connections are really available.

Certain high-power computer configurations, such as multi-processor servers and the Gigabit Ethernet network adapter, process the role copy task so quickly that the rate of port requests exceeds the number of available RPC ports. If all RPC ports are used, the Microsoft CRM server may return any one of the errors that are listed in the &quot;Symptoms&quot; section of this article.



RESOLUTION
To resolve this issue, increase the number of RPC ports that are available for program use. The number of additional ports that are allocated must be sufficient to handle the number of simultaneous network requests that all programs make. The suggested number for the Microsoft CRM server is a number greater than 30,000 but less than 65,534. The number of ports that are allocated is controlled by the MaxUserPort TCP/IP registry entry. By default, this registry key does not exist. To create it, follow these steps.Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.  On the Microsoft CRM server, click Start, click Run, type regedit in the Open box, and then click OK. Locate and then click the following subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

 On the Edit menu, point to New, click DWORD Value, type MaxUserPort, and then press ENTER. Double-click MaxUserPort, and then set a decimal value to a number greater than 30,000 but less than 65,534.

Note This value controls the maximum dynamic port number. The valid range for this value is 5,000 to 65,534. By default, the number of available ports is 3,977 because the first available port is port number 1024. Close Registry Editor. Restart the Microsoft CRM server.</li></ol>

<div class="references_section">