Lessons learned from Hardware Load Balancing CRM 2013
Abstract: I was testing the performance on a load balanced Microsoft Dynamics CRM 2013 environment with two CRM 2013 servers. I had setup the first server in IFD and was able to successfully connect to it externally through the load balancer. Next, I disabled the first server, setup the second server in IFD and connected to that server externally. But when I enabled both servers on the load balancer, the following error appeared:
ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false.
If you’re experiencing this issue, keep reading to find out how I resolved the Microsoft Dynamics CRM Error: ID1073.
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 6/23/2014 9:21:13 PM
Event time (UTC): 6/24/2014 2:21:13 AM
Event ID: 3ce58c5319ad4dfd8c95255b8621e4a6
Event sequence: 4
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT-1-130480500683477616
Trust level: Full
Application Virtual Path: /
Application Path: E:\Program Files\Microsoft Dynamics CRM\CRMWeb\
Machine name: <machine name>
Process information:
Process ID: 1448
Process name: w3wp.exe
Account name: <domain>\<identity>
Exception information:
Exception type: CryptographicException
Exception message: The data is invalid.
OR: Exception message: Key not valid for use in specified state.
at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[] encoded)
Request information:
Request URL: https://<subdomain>.<domain>.com:443/default.aspx
Request path: /default.aspx
User host address: <ip address>
User:
Is authenticated: False
Authentication Type:
Thread account name: <domain>\<identity>
Thread information:
Thread ID: 24
Thread account name: <domain>\<identity>
Is impersonating: False
Stack trace: at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Decode(Byte[] encoded)
How to Troubleshoot
Follow these steps:
- Open the CRM Deployment Manager > Microsoft Dynamics CRM Properties > Web Address tab > Advanced
- Unchecked the ‘The deployment uses an NLB’ ran IISREST
- Re-checked the ‘The deployment uses an NLB’ ran IISRESET
- Retest
This method was a success! I am now back to load balancing between the two Microsoft Dynamics CRM 2013 servers.
*Note: In Microsoft Dynamcis CRM 2011, this was tested behind the same hardware load balancer and it didn’t matter if ‘The deployment uses an NLB’ was checked or not.
Hope this helps!
Dan Brunn