CRM Authentication Test
Microsoft Dynamics CRM supports two security models for authentication: claims-based authentication and Active Directory authentication. The type of authentication used depends on the type of deployment your application is accessing: Microsoft Dynamics CRM Online or Microsoft Dynamics CRM 2011.
In large environments where both types of deployments are in vogue, it becomes imminent to identify the security model that plays a major role in authentication. This is where the CRM Authentication test helps! This test reveals the numerical statistics of the following:
- The authentication requests that were unsuccessful
- The authentication requests that were processed per minute
- The authentication requests that failed when processed using the active directory authentication credentials, Windows Live ID, claim based authentication respectively
- The authentication requests that were processed using the active directory authentication credentials, Windows Live ID, laim based authentication respectively.
- The authentication requests that were processed using the MSCRM_CONFIG database.
Target of the test : A Microsoft Dynamics CRM 2011 Server
Agent deploying the test : A remote agent
Outputs of the test : One set of results for each Microsoft Dynamics CRM 2011 server to be monitored.
Parameters | Description |
---|---|
Test Period |
This indicates how often should the test be executed. |
Host |
The host for which the test is to be configured. |
Port |
The port number at which the specified host listens to. By default, this is NULL. |
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Windows authentication failures |
Indicates the number of unsuccessful authentication requests per minute. |
Number |
The authentication failure may have occurred due to various causes such as the failure in communication between the Microsoft Dynamics CRM and the Kerberos servers even though the user was successfully authenticated by the active directory, a token expiry or due to invalid user credentials. A low value is desired for this measure. A high value of this measure may indicate that either the server is possibly under a Denial of Service attack or there is a problem with the Authentication service configuration. |
Windows authentication attempts |
Indicates the total number of authentication requests that were processed per minute. |
Number |
The value of this measure is the sum of both successful and unsuccessful authentication requests. This measure is a clear indicator of the load on the Microsoft Dynamics CRM server in terms of authentication requests. |
Post authentication failures |
Indicates the total number of authentication requests that failed when processed using the Active Directory authentication credentials. |
Number |
This measure is the total value of all successful and unsuccessful authentication attempts. |
Post authentication attempts |
Indicates the number of authentication requests that were processed using the active directory authentication credentials. |
Number |
|
Passport authentication failures |
Indicates the number of failed authentication requests per minute that are processed using the authentication credentials of the Microsoft account i.e., the Windows Live ID. |
Number |
A low value is desired for this measure. A high value of this measure may indicate that either the server is possibly under a Denial of Service attack or there is a problem with the authentication service configuration. |
Passport authentication attempts |
Indicates the number of authentication requests per minute that were processed using Windows Live ID authentication credentials. |
Number |
|
Claims authentication attempts |
Indicates the number of authentication requests per minute that were processed using claim based authentication. |
Number |
Claims-based authentication provides an industry standard security protocol to authenticate a user on a host computer. Claims-based authentication is a set of WS-* standards describing the use of a Security Assertion Markup Language (SAML) token in either passive mode (when WS-Federation is used with the Microsoft Dynamics CRM 2011 web application) or active mode (where WS-Trust is used with Windows Communication Foundation (WCF) clients). This authentication works together with WCF to provide secure user authentication and a communication channel with a Microsoft Dynamics CRM server. |
Claims authentication failures |
Indicates the number of authentication requests that failed per minute when processed using claim based authentication. |
Number |
|
ConfigDB windows authentication failures |
Indicates the number of unsuccessful authentication requests per minute that were processed using active directory authentication credentials. |
Number |
A low value is desired for this measure. A high value of this measure may indicate that either the server is possibly under a Denial of Service attack or there is a problem with the authentication service configuration. |
ConfigDB windows authentication attempts |
Indicates the number of authentication requests that were processed using the MSCRM_CONFIG database. |
Number |
The MSCRM_CONFIG database houses implementation data and other information relevant to the usage of all the databases available in the Microsoft Dynamics CRM server. The value of this measure includes both successful and unsuccessful authentication requests that were processed. This measure is a clear indicator of the load on the Microsoft Dynamics CRM server. |