Get-CrmConnection failing when executed from non-admin context (3.3.0.857)

Question

I'm trying to execute Get-CrmConnection to connect to Dynamics 365 from Powershell, but the command returns the following when executed from a non-administrative Powershell context:

Get-CrmConnection -ConnectionString "AuthType=Office365;Username=xxx;Password=xxx;Url=https://xxx.crm.dynamics.com"

Get-CrmConnection : Failed to connect to CRM: Unable to Login to Dynamics CRM
At line:1 char:1
+ Get-CrmConnection -ConnectionString "AuthType=Office365;Username=crm_ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Get-CrmConnection], Exception
    + FullyQualifiedErrorId : -10,Microsoft.Xrm.Tooling.CrmConnector.Powershell.Commands.GetCrmConnectionCommand

I have version 3.3.0.857 of the connector installed.

Additional Info

If I execute the same command within the context of an Administrator prompt, I'm able to connect without issue.

I need this command to work outside of an Administrator context because this script will be called as part of an Azure DevOps pipeline. When executing this code within the pipeline, hosted in Azure DevOps, the same issue occurs.

This command needs to touch the backend core COM objects. So admin privileges are required for it. But I will follow if there is any other recommendation. I am sure you will not encounter this issue if you run this in elevation mode. — Ranadip Dutta, Aug 20 '19 at 12:06

score 3 · Accepted Answer · answered Aug 21 '19 at 12:57

3

I was able to find a solution to my issue that doesn't involve elevating to Admin.

Using the -Verbose option when running Get-CrmConnection, I saw that the error that was occurring was that the connection was being forcibly closed by the host. After a little Googling, I ran across this forum post. The last post had a suggestion to try adding this to my script:

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12

I tried that and now everything works, admin or not.

answered Aug 21 '19 at 12:57

Steve Platz

2,215
5
28
27

Glad it worked out! Also, PowerShell by default doesn't have TLS1.2 enabled, so you'll need to set the security protocol object every new terminal session. There's also a registry key you can set on your machine to enforce this. You can reference my other SO answer here for that. Hope this helps! :) https://stackoverflow.com/questions/57048820/tfs-rest-api-invoke-restmethod-the-underlying-connection-was-closed-an-unexpec/57062255#57062255 – Peter Kay Aug 21 '19 at 14:40

score 0 · Answer 2 · answered Aug 20 '19 at 15:52

You can run any script in elevated mode with the following:

$script = "-file C:\crmscript.ps1"
Start-Process powershell -Verb RunAs -ArgumentList $script

You can get valid verbs for any process using the System.Diagnostics.ProcessStartInfo object under the verbs property. Which, in this case, RunAs is a valid verb to start the powershell process in elevated mode.

You can then incorporate this into your Azure Pipelines/DevOps.

Hope this helps!

Thanks, I wasn't aware that I could do that! – Steve Platz Aug 21 '19 at 12:51 — Steve Platz, Aug 21 '19 at 12:51

Get-CrmConnection failing when executed from non-admin context (3.3.0.857)

2 Answers2