unable to deploy portal

Nov 22, 2010 at 5:54 PM
Edited Nov 22, 2010 at 5:58 PM


I followed the instructions to deploy the customer portal accelerator in our DEV environment. 

Everything has been completed except for the IIS part. I cannot seem to acces the portal from http:localhost:8088

This is an on-premise deployment running on windows 2008 R2 and iis 7.5

Can someone please shed some light on this?

Thank you,




Server Error in '/' Application.

Required permissions cannot be acquired.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.

Source Error:


An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[PolicyException: Required permissions cannot be acquired.]
   System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission) +10237966
   System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Int32& securitySpecialFlags, Boolean checkExecutionPermission) +97

[FileLoadException: Could not load file or assembly 'AntiXssLibrary, Version=, Culture=neutral, PublicKeyToken=5906d2bb3d8a12c4' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)]
   System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) +0
   System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +416
   System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) +166
   System.Reflection.Assembly.Load(String assemblyString) +35
   System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) +190

[ConfigurationErrorsException: Could not load file or assembly 'AntiXssLibrary, Version=, Culture=neutral, PublicKeyToken=5906d2bb3d8a12c4' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)]
   System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) +11211672
   System.Web.Configuration.CompilationSection.LoadAllAssembliesFromAppDomainBinDirectory() +388
   System.Web.Configuration.CompilationSection.LoadAssembly(AssemblyInfo ai) +232
   System.Web.Configuration.AssemblyInfo.get_AssemblyInternal() +48
   System.Web.Compilation.BuildManager.GetReferencedAssemblies(CompilationSection compConfig) +210
   System.Web.Compilation.BuildProvidersCompiler..ctor(VirtualPath configPath, Boolean supportLocalization, String outputAssemblyName) +76
   System.Web.Compilation.BrowserCapabilitiesCompiler.GetBrowserCapabilitiesType() +661
   System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +691

[HttpException (0x80004005): Could not load file or assembly 'AntiXssLibrary, Version=, Culture=neutral, PublicKeyToken=5906d2bb3d8a12c4' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)]
   System.Web.Compilation.BuildManager.ReportTopLevelCompilationException() +76
   System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() +1012
   System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters) +1025

[HttpException (0x80004005): Could not load file or assembly 'AntiXssLibrary, Version=, Culture=neutral, PublicKeyToken=5906d2bb3d8a12c4' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)]
   System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +11305670
   System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +88
   System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +4342340


Nov 22, 2010 at 6:06 PM

IIS can be locked down pretty tight using applicationhost.config.  I have seen a few other people have this error as well, but have never seen this issue in any of the environments that I have ever touched.  The problem is that your IIS security is locked down so that the required hosting permissions for the AntiXss assembly are not being met (failed to grant minimum permission requests).  The solution will be to reconfigure your IIS security to ensure that the hosting permissions required by that assembly are being met.  Unfortunately, because I do not have a reliable repro of the error, and it is not evident on a standard server install, I am unable to tell you which settings you will have to change.

Shan McArthur

Nov 22, 2010 at 6:50 PM

Thanks Shan.


I managed to get it to work.

In my IIS application pool advanced settings, under "Process Model", set Load User Profile to true.

Now i need to setup the authentication with LiveID.

Where do i get the DeviceID/password from the LiveID website? I cannot seem to find this piece of info on the website.


<connectionStrings> <add name="Xrm" connectionString="Authentication Type=Passport;    Server=http://localhost:8088/OrganizationName; User ID=test123@hotmail.com; Password=password; Device ID=your-device-id; Device Password=your-device-password"/> <add name="Live" connectionString="Application Id=0000000000000000; Secret=aaaaaaa"/> </connectionStrings>



Nov 22, 2010 at 7:59 PM

Wow, you are officially the first person who has found that workaround.  Congrats, and thanks for sharing!

On the Live ID device id and device password, you can just make them up.  The framework will register it the first time you use them, otherwise you don't have to worry about them.  There is no current way to manage them.  If you forget them, you simply create a new pair.


Nov 22, 2010 at 9:16 PM
Edited Nov 22, 2010 at 9:26 PM


forget about my question. i saw your posting.


Nov 22, 2010 at 9:28 PM
habs17 wrote:


forget about my question. i saw your posting.


hmm your blog doesn't seem to work anymore?

I wanted to know if it's possible NOT to use the LiveID authentication and use AD authentication instead.



Nov 23, 2010 at 2:31 PM

I'm trying to stick with the LiveID authentication but keeps getting this message

Anyone ever came across this error?


Server Error in '/' Application.

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: The remote name could not be resolved: 'dev.crm.dynamics.com'

Source Error:

Line 59: 		<roleManager enabled="true" defaultProvider="CrmRoleProvider">
Line 60: 			<providers>
Line 61: 				<add name="CrmRoleProvider" type="Microsoft.Xrm.Portal.Web.Security.CrmContactRoleProvider" />
Line 62: 			</providers>
Line 63: 		</roleManager>

Source File: C:\inetpub\wwwroot\CustomerPortal\web.config    Line: 61


Nov 23, 2010 at 4:12 PM

The error has nothing to do with Live ID.  The role provider just happens to be the most fortunate module that is loaded by ASP.NET.  The role provider is not able to connect to your CRM server, and that is the error you are seeing.  I would check your connection string in the web.config to ensure that you have configured it to point to your own CRM server.  It looks like it is pointed to "dev.crm.dynamics.com", which would imply a CRM online connection.  If you are using online, please ensure that you have all of the settings in your connection string appropriate for online, including using your orgname in the url and the unique org ID as well.  I recommend that you use the same connection string that you used for the websitecopy utility.


Nov 23, 2010 at 6:13 PM

Ok i re did the websitecopy and now i'm getting this error:-

I used the connection string as documented in section 13(b) 


<add name="Xrm" connectionString="Authentication Type=AD; Server=http://crm-server-name:port/crm-organization-name; User ID= user-domain\user-name; Password=user-password"/>

<add name="Live" connectionString="Application Id=0000000000000000; Secret=aaaaaaa"/>

What am i doing wrong?

Windows Live sign-in is unavailable

Windows Live ID sign-in is unavailable from this site, so you can't sign in or sign up from this site. The site may be experiencing a problem, or it may not be a member of Windows Live ID.

You can sign in or sign up at other Windows Live ID sites and services, or try again later at this site.

<!-- User-Agent:Mozilla/4.0 $compatible$ MSIE 8.0$ Windows NT 6.1$ WOW64$ Trident/4.0$ SLCC2$ .NET CLR 2.0.50727$ .NET CLR 3.5.30729$ .NET CLR 3.0.30729$ Media Center PC 6.0$ InfoPath.3$ MS-RTC LM 8$ .NET4.0C$ .NET4.0E$ AskTbARS/$ --><!-- -Error Info "/pp900/wlogin.srf?appid=0000000000043961&alg=wsignin1.0&appctx=loginpath%2flogin$registrationpath%2fconfirm-invite&lc=4105" comloginhandler(1398) HR=0x80045A73 Method string:GET URL:"/pp900/wlogin.srf" Query string:"code=5" Server protocol:HTTP/1.1 ALL Raw:1eKTs6fLXAEeB86WXebj1olAAavF2gZVAe6kqkJXDQvPs1YPNY9XRJNe7NIYLx!7bE!ygONDWn2OME3bBIVxfgUn*LxgMij3UgYhX8LWdXvQ2KmnQfcYcG!gcuodIsauUxXNJ1HnNDIwb2yljppm!cUtJjzGXYiWQPlMLxDiZVjlgk!Kivxl2Lx7sdz5PM9ohxt0VpuVFiu8s7sCFi!LH4TqHEg9eqvlEuHBr3n8nNBhGYP4FT75dJdMNA0z4WsiC17KZHT*FGDtS5HYke6dnN1MNWGwmkW7BX9PLVHvD1z3YEfiVZvShKGDhHauPiviK!AAOTvC6aW6Mey5Czp4UI4Pd8mnFnK*VGwe*avpV3fj!Ro7d2hFK2EhmIseSHL2nwwFUrDlK80p9prZtNzFQH5642nFss9W0L3cYYI3fQS!oiRvxN*JdLogzS130ANeUUKpapbzCSKvDNdJloENMbFn!2q5UbGytYZHFXaj3w6VKoziMLrliR3mg!VCdhqyTzZ4H6Y7FJGb5x1KhDCREXs9Ku54rQiZ9XQyaRgz3WB607uOORXhSLvtGKcjx0bvWRpAA6d!ti4Te9TqV!NIbEJ5VQGfrL0ahX8aXyfmIGQnb*QEILEJKacvalv1W92Z6R28y1yKtJI*I0n!KeXDaSX1lNjYFLlgADSwH8SDpS5Q*!cNW5J3g!Zs2TRtx6*j6oigH7Mgp2px3b5IaVnyMWKw0FjyXsMA!qd78QL7T8AUQx8AAVYN4xqiGZfCKoOYgZWcG6iYmjez1Jgy3JgUvH6L5WkXxcASPVV3T!UkigezgJsxziKkH4YN7ay8rF5sgEmAJFbzSi!U4EMbK2ahye!b3I5fNro!h8MRYV*mY*xWdPYWVZXU9uTTG7tLJEHpE*X9HSKyxnb2aO1jFJpKcIp7X*sLgzGBVJFY!carLhEhfwD3pdG5pqmRnQUsaphQyjhpa6XRUoqb3I*3*Z2Cj7NA03048K*Z56IYS4mePCb9RQ8E8XVT9VSyTtZ9OmIFbKk2ZdFqij2s2vcXTb8qfjRbLnENQo!bOxHPQ!VrhAEUskN3fpR28GYiJ5loNsYzq!mjPaqysJ0N!IvF9TjvV6lAz*6KTGX!w76Kxwy!EPF5VMmavrUZgMvtvjCDG8DwdGqXVzX2lmaijmx*nS89aDyqL0CLdmS*0qgsmh2UNv9Zxbjdl*z!pkHx3uLoUzprgj5YyLSwfCWhL8Oca9gjMO92IrZP1jKhHFOeLXjhal!raKJgmAQp9Vzonuce5jxDv9PIhx!BAWdAyvb7tf*TMJOQVJxw9OdDPEZQwvbpoggrwF*wxL5LxYjZqVwwkdi3oJHZm5IIFsCjFi0t7HBLl1MCa8Qpe18YVPZPXkual1DV*QkUHrwtKECybA5HLcyA1h2lZ0!JirZ*OP22UJ02bwRgipPzOwrsIOL65r!y31ISsY0rBXAceeHbRiAz!v1vJycSS94Q4FyqA1hcv2XiuNyJ8V3Wt4Yly*kguUTyZQei2s6qTGjreEf0q9b6MLyeaFhyGCL7syzkaV7fWsjC6*9s2z1aSx7fApAmLme1z4F9oc92OHh4nXnyRmga6pfa9X0UD!zV0QlewysethCOfAbgzTe*9DhZHF!FZTWNXi1tbv1XC0s!SqWnBobu3j*NLf!!KC!aOQ0iQTzqypGTwaBijcnw9aJLlD8TnmPxylmS1nylySp4bXNZFKKAA*PVqfwnLIdki2qws1d*RgGmjua91eGTXWXPsp8j6ggSnojjrNIwREtEFqU05O30eMGo!ROaCcNkpy4ytkLtpX0CoOISTtTYSwpgNlsRZbw*gLiUtDTpYxkjZzxeuCukZTYzykBDehw8xD4igbq0fUbDLRNaRXdQs3AVUJbb5PIliDhd9wSSFhzRFbHx*C94Y2waFQdYQGNIbMyNMdVPPchwZ6!F7c8W*92Iv*wg!VlaZAYcMIqwGTcsgMVtzI1v9sKwMdUBncdIwmFSq8gBniKzWKM58aJW3Bwl5kN7TjSpnvMUCDkNimY7X28KzBtFJUPtOpbzyWKfUHT2f7r*7*b40iJWwN*4k07Kk4!y0UjH2sBstLBHzS06lmKuqw1CN1PWLYZCtNmFHjgvpIqIuhr7WT1L9FI4PglD0vv*rpDfTJLxr0JKunijhS84NLEhzL1QktiOzM8JX5v0Xx*f45I8vAMGm6oPrTe99Bqk73ZbuC9Wmnh4PGKcNteLteRUNvgIUZN8UBhJw8sPy!LDVUonlRu3kQHoYgDeEcid6kdOnr4RildqknzenRpbvV5UlTMgl8pp2sOyA*oP8LH3wl5CDhnas!fzAyqqah7PLvVuYNRMGluna8yrmPqqvBdDa9HJKjNheNQbzo1x2arQRNRu3o*7AMaumLI6RVh9qieduMl6T4ihiE3UY3ZpAJmsVieYC244HQ!9Z0scV7OHj!LtFoe*CruAV41Q!IO9xhBSBQIJc*4nueNRE5djnV640F7EhCUN5fP8*ddNtRxbpkXryyC6CWqwJJXmAtaGKHzKptRYr7H28egP97V7Y*Gm*kX8EfZFEpxb81akb06KRQlSGyQwsdAOOtcnlUIFqghfpz0KCUY4vwk!FGNYnY7a96jYoXoMonMerjom!YsQaAYMnv9*eHkSNceoWLb793YH9HkN0gYwxUn5PgbcGfaA9vVUz0DgpyCtaLEL2jg9SeWaC7X08JiRYWm62A6*rPFJghRoIh8rZ50hJTBX0MQRkao4YxbQJIB0dptdpQvL*aiNohIqkbBWIOTydmCe6bDC9yBqJNYUzKxe45N5p!Bf9ho34BNuniJkH8t4z!LIy67LEpu0LtF9ml4rhbIMRJK0HV0s*fZtkZZK67WJ7*W8MxaWxyQz*vsvIgzzl!v7QRKg5LWzqH3gswoTg*kGS6oO58x3kBPj*a5bv8M69qXM*y*X8J2fyBKRCTPvVNlwQPt8SnHDzi7BeoxGZBGyqU6pExGJ5WRYIO75A4g7l37lTI1jIc6JTmzuMen6nYXIDjXDCS*eN8uaRswz1ztZiD0a3w5*OyFaZYVmVQmR3XQG4Bl8ZtBtXWNmkztS!FADCKuyvpw3yVB7fS55wEBUbvN!OfN61BcO5Td!klt*M1ydOdE1H*vbjAkKRDaXGz1mzX0QEIpKCNt0UXDUhJY4qyzaU7eFdyTV0umLCU9NzgtiIh4r3iGZinQEap!2RDfmyETVtxdS!yjhjekYBKjqLpW71*Lb8j6q6himOCFNOB23dRO6fsg8YI3SjD8NhHcvGB8iUT7EFZy48uqin0*LvvvavaUUCn5tz1ClpyXVTZ!HGDUvOR7j2Q!wSp79bnzl146Vc6oixq!8PwzJFIFQCkZt3*iXzBs3nuWttLnixoYJjkqlVo0H2hyDzpAYKuoVO0MR8*xP9dhS5Ruc5c4KbQ8qNxEOqTd!w2HvxC1FBR2kQySj9q6uNl1zb*SzlvratzKv1uHxdVH6dKfzUWO16*O*JL0jgFrztgl4PuuYWnFOte!x*!xh1B5DOuIfX2gpXftKoMMvAD9Hmco3DaC*pcpxNY1UlrZvztCFTD80Prg4an3AwxCVPDkkH9y7QmY*Pd96zTT0ALkeOiWfF*yMd1!mQHAD5H58*HxrkbPSMKs*UMkl5D6kmAH6f!Yo16ofsi64JJA10fpMlVlnBcEXfs1DT3Az9aRI998d1vrL6ESBvalWBgR0HzkPlKUUNvdMFJsFNdB9S*5Lafw2fd5xvnxMhYH8605xpMEDlY0QX7eqwj8ttXK4L*S*M5*zkXkr0c9H2WLVygrQkFoxxgmbndEFejl*x4AodavL0SKvzAPiOXCuAwxj7VW3XQdM9TK2JKiHeLRg379lgFKygUNMOarJv0amiwnvNeHPNX0mrwh0z2QIvFVftHDE3FUGUfXYmu4URVFYYOqvnBzZLwfAEJuKC9je3yi0RRXtdZPxwxILEVZzt5yCe2CjlsEF2wfbWQtpI4rKMd*DhD122!RK*LrFKuqRE6cNBwBRsrb2Xb8JtNyXrjinP*Dj!TvhqQ7lH4nDHuqhOiy9VTzxeuOsOmGA7Z6OcRCxM1YMBT10mj1J8TOrZ!wtZwpF!3uZaW5mKWEOvm7GntnyVAUXolASk!P8gBIysuXStge2vxC5YP9PhEZHcJ47et1ZhfaPESQ*!BbAjAa4wpnsL77FO4o42oSDTJM3wFegwn7JhKPIdgVJ0eT8EtnWY24cPr2LxWjAkxFLQF1RkbhOT*k1vZw1*hEzTkZGdKah!0qDTKTjGs3ggcoXFzD9r3L!KTMim4YEicfibMM!av04tc9lu8fXAwjR!wCkzDCr45XH3T2X2fDomrF6sxXDzw8c0nlsmm7d8fSoljAjjCelTi3lBNjX6hHtnNwwenCudIhWRxT7a2XZ51TummXBOroK!cENPftBJ!EzO8k1exjfxIA4tdCWOlQyyIB6TjydMhIAfiT*!YLZ4RKF1Ro4k8jY1d5bIQ9amHE84reiPk7QgCHjpHrXHNP7hOIHuZhKKrmpZ1lCWafVS0CEB15lFTkq2fHaR*N1WO1X8xfUW*AcsPozj0rjLAsX*BwAbS0U!x67yUzGoMi*EdgejokSjkdzGHO0i7RcrO2uYxy5O8TUqfwM*Cx39N9mK3!ZAGR7yQnuON0dideaO5zV4ihTs6V*ew85C1KNL6qSmdJIiXY72DdQVqBS!nkv*bHUbd2kLXNkveFDA5gLT7gxztWa3korQkABBSUBD0lN8tNOFCEr8apAAxuKqFKmAaufrKFnsN9PlFjChcEvtyZdy*v4eB8VEEqJuIh*8LpCslozkspA2eRlCIs6Mro5IzR7GiseNuyuBUFzlIigDu9fRmzPshcEYf0UvmarzrZeE0uWWlAjN0CMP4!Ert3ZsWuHEx9zhDHOg85GkjV!zkF8YlcdBcCHN2lssgYF8vGxSqT25s1KXONOkMr7KrehC3aFyFHqTZYN*Pe634*FiBq*LzXy0K8diozmZlyFUNy7SkTO7QByBsqRzobeMVUnPjGxxW3J2Pqa3p8zGYi3ps1WpGCnsLYeMLQmqgIhzQTiaYuOCwgogwvdPfMeRYhzdu*5YAPHVKATXO3R4HIIXJHrQpcdQeRhKpPAwHNCK!S2QWagCkaT*9Z55D54k3Bz62s4gt8WBFV!3nmg$$ -->



Nov 23, 2010 at 7:54 PM

Ok, it looks like connecting to CRM is figured out.

The error is that you need to register your domain name in Live ID, which will give you an application id and secret, of which you will place in your web.config (see the connection string named 'Live').  The documentation covers how to do this, but you can start with going to http://live.azure.com/.  You will need to provide your domain name, and a return url (which will be your domain name plus /liveid.axd).  This will give you an app ID and secret of which you can then put in your web.config.  Please note that there are restrictions on the domain names, and Live ID, to be secure, only redirects to appropriately registered domains.  If you are hitting F5 in your Visual Studio, or using something like localhost for your website, that is not going to work with Live ID.  I usually play around with changing my local hosts file for local development.


Dec 3, 2010 at 5:40 PM

I have a development environment set up which doesn't have a valid domain outside of the company intranet.  How can I set up to be able to use the sign in on the website?  The website is successfully setup but I can't login due to application not being registered with windows live id.

Dec 3, 2010 at 5:59 PM

The use of Live ID does require a domain name, but it does not require that the domain name be registered in the public dns system.  ie: you can use an internal domain name that you have registered in your dns servers in your intranet.  That said, Live ID does require a domain name, and it has restrictions on what is qualified - ie: no IP addresses, nothing with microsoft in the domain name, no localhost, etc.

If you are struggling with getting Live ID working, I would ask what you are using for users to get to your website.  If the answer is an IP address, then I can confirm that you cannot use Live ID authentication with the website and your best approach would be to register a domain name and use it for the website and Live ID.  If your users are internal, you can use a name that is appropriate for your intranet - as long as it doesn't conflict with the naming rules set up by Live ID.  If there is a conflict, you can always go to Microsoft and ask for an exception, but I am not familiar with the process.


Dec 6, 2010 at 3:39 PM

We are trying to complete the application registration but the we cannot complete verify step, since our development area is not a real domain outside of the intranet.  We put the appid and secret key in config but still can't get access to live id.  Is there a way around this for testing purposes?

Dec 7, 2010 at 6:30 PM

The domain name does not have to be a 'real' domain that is registered in the public DNS system - it can be an intranet domain name, as long as it avoids some of the naming restrictions that Live ID has.  For example, you can't have microsoft in the domain name.  I believe that the Live Id team has a means of manually reviewing a particular domain name, but I am unsure of the process.  You should be able to find some information on the web.