A user can access CRM via the Web client, and has 
previously accessed CRM via the CRM for Outlook client.  
Yesterday, due to a misperception that we had run out of 
licenses, I took away the user's license, but 
subsequently put it back.  

Now the user can't access CRM for Outlook.  The error 
message is just Access Denied.

He tried shutting down and rebooting - same result.

Should I delete the user and re-create?  Other users can 
still access CRM for Outlook client.

Any thoughts on this one?

Thanks,

Ian

Actually, I think the problem happened last Thursday 
afternoon, when I changed the user's Business Unit.  But, 
again, he can access via CRM Web client, and other users 
can access CRM for Outlook client...

I changed the business unit, and added new security 
roles.  He definetely has sufficient security to get in.  
But the error message is: Access Denied: you do not have 
sufficient access rights or privileges to perform this 
action.  I double-checked and he has a license also.

He's just clicking on the Contacts folder in CRM for 
Outlook, when he gets this error message.

Any thoughts appreciated...

Thanks,

Ian


>-----Original Message-----
>A user can access CRM via the Web client, and has 
>previously accessed CRM via the CRM for Outlook client.  
>Yesterday, due to a misperception that we had run out of 
>licenses, I took away the user's license, but 
>subsequently put it back.  
>
>Now the user can't access CRM for Outlook.  The error 
>message is just Access Denied.
>
>He tried shutting down and rebooting - same result.
>
>Should I delete the user and re-create?  Other users can 
>still access CRM for Outlook client.
>
>Any thoughts on this one?
>
>Thanks,
>
>Ian
>.
>

Ian

I have seen this one before. On you client machine with Outlook and CRM shut
down outlook and go to this registry entry
My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\MSCRM and look for an
entry called

UserSecInfo

You may find the first byte in the entry is 49 or 47. Set the 1st byte to 00
then restart outlook and see if you still get access denied.



"Ian" <anonymous@discussions.microsoft.com> wrote in message
news:19c0b01c44d75$22896ac0$a401280a@phx.gbl...
> A user can access CRM via the Web client, and has
> previously accessed CRM via the CRM for Outlook client.
> Yesterday, due to a misperception that we had run out of
> licenses, I took away the user's license, but
> subsequently put it back.
>
> Now the user can't access CRM for Outlook.  The error
> message is just Access Denied.
>
> He tried shutting down and rebooting - same result.
>
> Should I delete the user and re-create?  Other users can
> still access CRM for Outlook client.
>
> Any thoughts on this one?
>
> Thanks,
>
> Ian

Hi John,

If that would have worked, I would have had to have 
laughed.  That's pretty far down in the mud, isn't it?  
Changing the binary code of the UserSecInfo.  I really 
wanted it to work, but the first byte was Oc, so I didn't 
change it.

How about this, found on TechKnowledge:

[I did re-establish Security Roles, but I did not yet 
force replication on domain...]
 
TechKnowledge
"80070005 - You do not have sufficient access rights" 
error message when Microsoft CRM user moved to a 
different business unit


Printable Link
Email this link 

Document ID: 33681
Date Created: 10/31/2003
Date Last Modified: 1/19/2004
Language: English - United States
Country: USA
Product: Microsoft CRM
Versions: 1.0, 1.2
Modules: Microsoft CRM Setup

SYMPTOMS 

After a Microsoft CRM user moves from one Business Unit 
to another, the user cannot open the program and may 
receive the following error message: 

80070005 - You do not have sufficient access rights or 
privileges to perform this action.
 
CAUSE 

Permissions on the domain were broken after the user was 
moved to the new Business Unit. 

RESOLUTION

When a user is moved from one Business Unit to another, 
Security Roles from the original Business Unit are 
removed from the user being moved and any direct report 
relationships are also removed. 
For example:  

After User A is moved from Business Unit 1 to Business 
Unit 2, all direct report relationships are broken and 
must be re-established. The exception occurs if User A is 
moved together with his direct reports as a bulk move. 
The direct report relationship is retained as long as the 
Users are moved from a child Business Unit to a parent 
Business Unit.  

Because all Security Roles are removed from the user 
during the move, Security Roles must be re-established.


To force replication on your domain, follow these steps:

1. On your Domain Controller, click Start, point to 
Programs, double-click Administrative Tools, and then 
double-click Active Directory Sites and Services.

2. Expand the Sites folder, expand the Server folder, and 
then expand your Server name folder.

3. You will now see the NTDS Settings.  If there are 
other Domain Controllers in your environment to replicate 
they will be listed in the right pane.

4. Right-click the server, and then select Replicate to 
force replication to the other servers in the domain.
 

>-----Original Message-----
>Ian
>
>I have seen this one before. On you client machine with 
Outlook and CRM shut
>down outlook and go to this registry entry
>My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\MSCRM 
and look for an
>entry called
>
>UserSecInfo
>
>You may find the first byte in the entry is 49 or 47. 
Set the 1st byte to 00
>then restart outlook and see if you still get access 
denied.
>
>
>
>"Ian" <anonymous@discussions.microsoft.com> wrote in 
message
>news:19c0b01c44d75$22896ac0$a401280a@phx.gbl...
>> A user can access CRM via the Web client, and has
>> previously accessed CRM via the CRM for Outlook client.
>> Yesterday, due to a misperception that we had run out 
of
>> licenses, I took away the user's license, but
>> subsequently put it back.
>>
>> Now the user can't access CRM for Outlook.  The error
>> message is just Access Denied.
>>
>> He tried shutting down and rebooting - same result.
>>
>> Should I delete the user and re-create?  Other users 
can
>> still access CRM for Outlook client.
>>
>> Any thoughts on this one?
>>
>> Thanks,
>>
>> Ian
>
>
>.
>

Ian

I was told about this fix from Microsoft. Here is a similar article


            TechKnowledge
            Error "The Logged On User Does Not Have Sufficient Security
Permissions" When the Client is Offline Trying to Access a Microsoft CRM
Folder


            Return to previous page

            Document ID: 31692
            Date Created: 6/30/2003
            Date Last Modified: 8/6/2003
            Language: English - United States
            Country: USA
            Product: Microsoft CRM
            Versions: 1.0
            Modules: Microsoft CRM Sales for Outlook

            Issue

            Error - "The logged on user does not have sufficient security
permissions to view these records or perform the specific action.  For more
information, contact your system administrator." occurs when the client is
offline and tries to access any of the Microsoft CRM folders.

            Resolution

            A. Make a backup of the MSCRM registry key before following
these steps.

            To make a backup follow these steps:

            1. Go to Start | Run and type in Regedit.

            2. Then expand HKEY_LOCAL_MACHINE | SOFTWARE | Microsoft |
MSCRM.

            3. Right click on the MSCRM folder.

            4. Choose Export.

            5. Then save the backup.

            B. Make sure you are offline in the Sales for Outlook Client and
then follow these steps.

            1. Go to Start | Run and type in regedit on your Microsoft CRM
Sales for Outlook client.

            2. Then go to HKEY_LOCAL_MACHINE | SOFTWARE | Microsoft | MSCRM
| UserSecInfo.

            3. Right click UserSecInfo and choose modify.

            4. Change the first two digits to 00.

            Now try to access the Microsoft CRM application when you are
offline.






<anonymous@discussions.microsoft.com> wrote in message
news:19d5f01c44d8c$e26c8720$a401280a@phx.gbl...
> Hi John,
>
> If that would have worked, I would have had to have
> laughed.  That's pretty far down in the mud, isn't it?
> Changing the binary code of the UserSecInfo.  I really
> wanted it to work, but the first byte was Oc, so I didn't
> change it.
>
> How about this, found on TechKnowledge:
>
> [I did re-establish Security Roles, but I did not yet
> force replication on domain...]
>
> TechKnowledge
> "80070005 - You do not have sufficient access rights"
> error message when Microsoft CRM user moved to a
> different business unit
>
>
> Printable Link
> Email this link
>
> Document ID: 33681
> Date Created: 10/31/2003
> Date Last Modified: 1/19/2004
> Language: English - United States
> Country: USA
> Product: Microsoft CRM
> Versions: 1.0, 1.2
> Modules: Microsoft CRM Setup
>
> SYMPTOMS
>
> After a Microsoft CRM user moves from one Business Unit
> to another, the user cannot open the program and may
> receive the following error message:
>
> 80070005 - You do not have sufficient access rights or
> privileges to perform this action.
>
> CAUSE
>
> Permissions on the domain were broken after the user was
> moved to the new Business Unit.
>
> RESOLUTION
>
> When a user is moved from one Business Unit to another,
> Security Roles from the original Business Unit are
> removed from the user being moved and any direct report
> relationships are also removed.
> For example:
>
> After User A is moved from Business Unit 1 to Business
> Unit 2, all direct report relationships are broken and
> must be re-established. The exception occurs if User A is
> moved together with his direct reports as a bulk move.
> The direct report relationship is retained as long as the
> Users are moved from a child Business Unit to a parent
> Business Unit.
>
> Because all Security Roles are removed from the user
> during the move, Security Roles must be re-established.
>
>
> To force replication on your domain, follow these steps:
>
> 1. On your Domain Controller, click Start, point to
> Programs, double-click Administrative Tools, and then
> double-click Active Directory Sites and Services.
>
> 2. Expand the Sites folder, expand the Server folder, and
> then expand your Server name folder.
>
> 3. You will now see the NTDS Settings.  If there are
> other Domain Controllers in your environment to replicate
> they will be listed in the right pane.
>
> 4. Right-click the server, and then select Replicate to
> force replication to the other servers in the domain.
>
>
> >-----Original Message-----
> >Ian
> >
> >I have seen this one before. On you client machine with
> Outlook and CRM shut
> >down outlook and go to this registry entry
> >My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\MSCRM
> and look for an
> >entry called
> >
> >UserSecInfo
> >
> >You may find the first byte in the entry is 49 or 47.
> Set the 1st byte to 00
> >then restart outlook and see if you still get access
> denied.
> >
> >
> >
> >"Ian" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:19c0b01c44d75$22896ac0$a401280a@phx.gbl...
> >> A user can access CRM via the Web client, and has
> >> previously accessed CRM via the CRM for Outlook client.
> >> Yesterday, due to a misperception that we had run out
> of
> >> licenses, I took away the user's license, but
> >> subsequently put it back.
> >>
> >> Now the user can't access CRM for Outlook.  The error
> >> message is just Access Denied.
> >>
> >> He tried shutting down and rebooting - same result.
> >>
> >> Should I delete the user and re-create?  Other users
> can
> >> still access CRM for Outlook client.
> >>
> >> Any thoughts on this one?
> >>
> >> Thanks,
> >>
> >> Ian
> >
> >
> >.
> >

For some reason I don't even have a UserSecInfo key.  Is there
anything else I should add to make this work?

On Tue, 8 Jun 2004 15:55:06 -0500, "John O'Donnell"
<csharpconsulting@nospam-hotmail.com-nospam> wrote:

>Ian
>
>I was told about this fix from Microsoft. Here is a similar article
>
>
>            TechKnowledge
>            Error "The Logged On User Does Not Have Sufficient Security
>Permissions" When the Client is Offline Trying to Access a Microsoft CRM
>Folder
>
>
>            Return to previous page
>
>            Document ID: 31692
>            Date Created: 6/30/2003
>            Date Last Modified: 8/6/2003
>            Language: English - United States
>            Country: USA
>            Product: Microsoft CRM
>            Versions: 1.0
>            Modules: Microsoft CRM Sales for Outlook
>
>            Issue
>
>            Error - "The logged on user does not have sufficient security
>permissions to view these records or perform the specific action.  For more
>information, contact your system administrator." occurs when the client is
>offline and tries to access any of the Microsoft CRM folders.
>
>            Resolution
>
>            A. Make a backup of the MSCRM registry key before following
>these steps.
>
>            To make a backup follow these steps:
>
>            1. Go to Start | Run and type in Regedit.
>
>            2. Then expand HKEY_LOCAL_MACHINE | SOFTWARE | Microsoft |
>MSCRM.
>
>            3. Right click on the MSCRM folder.
>
>            4. Choose Export.
>
>            5. Then save the backup.
>
>            B. Make sure you are offline in the Sales for Outlook Client and
>then follow these steps.
>
>            1. Go to Start | Run and type in regedit on your Microsoft CRM
>Sales for Outlook client.
>
>            2. Then go to HKEY_LOCAL_MACHINE | SOFTWARE | Microsoft | MSCRM
>| UserSecInfo.
>
>            3. Right click UserSecInfo and choose modify.
>
>            4. Change the first two digits to 00.
>
>            Now try to access the Microsoft CRM application when you are
>offline.
>
>
>
>
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:19d5f01c44d8c$e26c8720$a401280a@phx.gbl...
>> Hi John,
>>
>> If that would have worked, I would have had to have
>> laughed.  That's pretty far down in the mud, isn't it?
>> Changing the binary code of the UserSecInfo.  I really
>> wanted it to work, but the first byte was Oc, so I didn't
>> change it.
>>
>> How about this, found on TechKnowledge:
>>
>> [I did re-establish Security Roles, but I did not yet
>> force replication on domain...]
>>
>> TechKnowledge
>> "80070005 - You do not have sufficient access rights"
>> error message when Microsoft CRM user moved to a
>> different business unit
>>
>>
>> Printable Link
>> Email this link
>>
>> Document ID: 33681
>> Date Created: 10/31/2003
>> Date Last Modified: 1/19/2004
>> Language: English - United States
>> Country: USA
>> Product: Microsoft CRM
>> Versions: 1.0, 1.2
>> Modules: Microsoft CRM Setup
>>
>> SYMPTOMS
>>
>> After a Microsoft CRM user moves from one Business Unit
>> to another, the user cannot open the program and may
>> receive the following error message:
>>
>> 80070005 - You do not have sufficient access rights or
>> privileges to perform this action.
>>
>> CAUSE
>>
>> Permissions on the domain were broken after the user was
>> moved to the new Business Unit.
>>
>> RESOLUTION
>>
>> When a user is moved from one Business Unit to another,
>> Security Roles from the original Business Unit are
>> removed from the user being moved and any direct report
>> relationships are also removed.
>> For example:
>>
>> After User A is moved from Business Unit 1 to Business
>> Unit 2, all direct report relationships are broken and
>> must be re-established. The exception occurs if User A is
>> moved together with his direct reports as a bulk move.
>> The direct report relationship is retained as long as the
>> Users are moved from a child Business Unit to a parent
>> Business Unit.
>>
>> Because all Security Roles are removed from the user
>> during the move, Security Roles must be re-established.
>>
>>
>> To force replication on your domain, follow these steps:
>>
>> 1. On your Domain Controller, click Start, point to
>> Programs, double-click Administrative Tools, and then
>> double-click Active Directory Sites and Services.
>>
>> 2. Expand the Sites folder, expand the Server folder, and
>> then expand your Server name folder.
>>
>> 3. You will now see the NTDS Settings.  If there are
>> other Domain Controllers in your environment to replicate
>> they will be listed in the right pane.
>>
>> 4. Right-click the server, and then select Replicate to
>> force replication to the other servers in the domain.
>>
>>
>> >-----Original Message-----
>> >Ian
>> >
>> >I have seen this one before. On you client machine with
>> Outlook and CRM shut
>> >down outlook and go to this registry entry
>> >My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\MSCRM
>> and look for an
>> >entry called
>> >
>> >UserSecInfo
>> >
>> >You may find the first byte in the entry is 49 or 47.
>> Set the 1st byte to 00
>> >then restart outlook and see if you still get access
>> denied.
>> >
>> >
>> >
>> >"Ian" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:19c0b01c44d75$22896ac0$a401280a@phx.gbl...
>> >> A user can access CRM via the Web client, and has
>> >> previously accessed CRM via the CRM for Outlook client.
>> >> Yesterday, due to a misperception that we had run out
>> of
>> >> licenses, I took away the user's license, but
>> >> subsequently put it back.
>> >>
>> >> Now the user can't access CRM for Outlook.  The error
>> >> message is just Access Denied.
>> >>
>> >> He tried shutting down and rebooting - same result.
>> >>
>> >> Should I delete the user and re-create?  Other users
>> can
>> >> still access CRM for Outlook client.
>> >>
>> >> Any thoughts on this one?
>> >>
>> >> Thanks,
>> >>
>> >> Ian
>> >
>> >
>> >.
>> >
>