Last week i have had an issue where during the install of CRM 4, this is a fresh install the setup as follows: SQL Box - Windows 2008 R2 + SQL2008 SP1CRM Box - Windows 2008 R2 now both boxes have been freshly prepped and joined to the domain, all with out errors.for added installation proof both servers had their windows firewalls turned off. upon the Installation of CRM i encountered this error:14:41:37|  Error| System.Exception: Action Microsoft.Crm.Setup.Server.GrantConfigDBDatabaseAccessAction failed. ---> System.Data.SqlClient.SqlException: Windows NT user or group 'Domain\SQLAccessGroup {9e798758-54f6-44a6-93a6-51b6faf49928}' not found. Check the name again.    at Microsoft.Crm.Setup.Database.SharedDatabaseUtility.GrantDBAccess(String sqlServerName, String databaseName, String groupName, CrmDBConnectionType connectionType)    at Microsoft.Crm.Setup.Server.GrantConfigDBDatabaseAccessAction.Do(IDictionary parameters)    at Microsoft.Crm.Setup.Common.Action.ExecuteAction(Action action, IDictionary parameters, Boolean undo)    --- End of inner exception stack trace ---, Error, RetryCancel, Option1 Now its quite obvious at this stage that it is failing to Gannt Access to an account to the MSCRM_CONFIG Database on the SQL server. so i tried to add the SQLAccessGroup manually in the SQL Management Tools and the Error 15401: Windows NT user or group 'SCDC2003\SQLAccessGroup {9e798758-54f6-44a6-93a6-51b6faf49928}' not found. Check the name again. now this is strange as i could not add the account manually, So i thought is this just Group Related and tried add a domain user and the same problem reared it's ugly head. so a call to the Microsoft Support Team and some tests later, after running: name2sid.zip (13.04 kb) via the command line:name2sid.exe domain\anyuser the real error appeared:LookupAccountName failed with error: The trust relationship between this workstation and the primary domain failed. (0x6fd/1789)Now this helps the Microsoft Guys a lot so they asked me run:netdom resetpwd /server:<DomainControllerName> /userd:<domain\domainadminuser> /passwordd:<password>This Command Replied with:The machine account password for the local machine has been successfully reset. The command completed successfully.now the next thing to do is to put this new command into action by restarting the netlogon service:net stop netlogonnet start netlogonand clear the kerberos Tickets on the sql server:klist purge then i tried adding the group manually again and hey presto and shazzam, it was working. i hope this helps others having similar problems. Phil

In my Article CRM v4 Client AutoUpdate Procedure, I talked about deploying the required registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\MSCRMClient\AutoUpdateDownloadUrl (for 32bit) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSCRMClient\AutoUpdateDownloadUrl (for 64bit) This can either be done by tediously going to each PC and manually creating them or executing a .reg Merge file. But that would not be time constructive, im sure you have more pressing things to do. SO, im going to show you haw to create a Group Policy Administrative Template so you can deploy the registry entries the next time the pc reboots or refreshes it domain policy., right here goes: ;------------------------------- Start Of FILE -------------------------------------------- CLASS MACHINE CATEGORY CRM_Client_AutoUpdate   POLICY Update_Share_32Bit   EXPLAIN !!ClientHelp   KEYNAME Software\Microsoft\MSCRMClient     PART "Set the File Share to :" EDITTEXT REQUIRED     DEFAULT !!DefaultServer     VALUENAME "AutoUpdateDownloadUrl"     END PART   END POLICY   POLICY Update_Share_64Bit   EXPLAIN !!ClientHelp   KEYNAME SOFTWARE\Wow6432Node\Microsoft\MSCRMClient     PART "Set the File Share to :" EDITTEXT REQUIRED     DEFAULT !!DefaultServer     VALUENAME "AutoUpdateDownloadUrl"     END PART   END POLICY END CATEGORY [strings] dummy="dummy" DefaultServer="http://mscrm/crmpatches/" ;explains ClientHelp="Set The File Share That The CRM Client For Outlook Checks To See If There Is An Update., NOTE: MAKE SURE YOU FINISH URL WITH '/' E.g. 'http://[servername]/crmpatches/'  By Phil Adams(Cambridge Online)" ;------------------------- End of File ------------------------------------------------- Save the Above to a file called “CRM AutoUpdate.adm” Then load up GPMC, then create and link the new policy to the OU required. open the new policy and under User Configuration , right-click Administrative Templates and select Add/Remove Administrative Templates. find the new ADM file and highlight it, then select Add. It will be copied into the policy in SYSVOL automagically.  Now we highlight Administrative Templates and select View | Filtering. Uncheck "Only show policy settings that can be fully managed" (i.e. any custom policy). It will look like this: Now if you navigate to your policy, you get this (see the cool explanation too? No one can say they don’t know what this policy is about!