CRM Authentication Test

Microsoft Dynamics CRM supports two security models for authentication: claims-based authentication and Active Directory authentication. The type of authentication used depends on the type of deployment your application is accessing: Microsoft Dynamics CRM Online or Microsoft Dynamics CRM 2011.

In large environments where both types of deployments are in vogue, it becomes imminent to identify the security model that plays a major role in authentication. This is where the CRM Authentication test helps! This test reveals the numerical statistics of the following:

  • The authentication requests that were unsuccessful
  • The authentication requests that were processed per minute
  • The authentication requests that failed when processed using the active directory authentication credentials, Windows Live ID, claim based authentication respectively
  • The authentication requests that were processed using the active directory authentication credentials, Windows Live ID, laim based authentication respectively.
  • The authentication requests that were processed using the MSCRM_CONFIG database.

Target of the test : A Microsoft Dynamics CRM 2011 Server

Agent deploying the test : A remote agent

Outputs of the test : One set of results for each Microsoft Dynamics CRM 2011 server to be monitored.

Configurable parameters for the test
Parameters Description

Test Period

This indicates how often should the test be executed.

Host

The host for which the test is to be configured.

Port

The port number at which the specified host listens to. By default, this is NULL.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Windows authentication failures

Indicates the number of unsuccessful authentication requests per minute.

Number

The authentication failure may have occurred due to various causes such as the failure in communication between the Microsoft Dynamics CRM and the Kerberos servers even though the user was successfully authenticated by the active directory, a token expiry or due to invalid user credentials. A low value is desired for this measure. A high value of this measure may indicate that either the server is possibly under a Denial of Service attack or there is a problem with the Authentication service configuration.

Windows authentication attempts

Indicates the total number of authentication requests that were processed per minute.

Number

The value of this measure is the sum of both successful and unsuccessful authentication requests.

This measure is a clear indicator of the load on the Microsoft Dynamics CRM server in terms of authentication requests.

Post authentication failures

Indicates the total number of authentication requests that failed when processed using the Active Directory authentication credentials.

Number

This measure is the total value of all successful and unsuccessful authentication  attempts.

Post authentication attempts

Indicates the number of authentication requests that were processed using the active directory authentication credentials.

Number

 

Passport authentication failures

Indicates the number of failed authentication requests per minute that are processed using the authentication credentials of the Microsoft account i.e., the Windows Live ID.

Number

A low value is desired for this measure. A high value of this measure may indicate that either the server is possibly under a Denial of Service attack or there is a problem with the authentication service configuration.

Passport authentication attempts

Indicates the number of authentication requests per minute that were processed using Windows Live ID authentication credentials.

Number

 

Claims authentication attempts

Indicates the number of authentication requests per minute that were processed using claim based authentication.

Number

Claims-based authentication provides an industry standard security protocol to authenticate a user on a host computer. Claims-based authentication is a set of WS-* standards describing the use of a Security Assertion Markup Language (SAML) token in either passive mode (when WS-Federation is used with the Microsoft Dynamics CRM 2011 web application) or active mode (where WS-Trust is used with Windows Communication Foundation (WCF) clients). This authentication works together with WCF to provide secure user authentication and a communication channel with a Microsoft Dynamics CRM server.

Claims authentication failures

Indicates the number of authentication requests that failed per minute when processed using claim based authentication.

Number

ConfigDB windows authentication failures

Indicates the number of unsuccessful authentication requests per minute that were processed using active directory authentication credentials.

Number

A low value is desired for this measure. A high value of this measure may indicate that either the server is possibly under a Denial of Service attack or there is a problem with the authentication service configuration.

ConfigDB windows authentication attempts

Indicates the number of authentication requests that were processed using the MSCRM_CONFIG database.

Number

The MSCRM_CONFIG database houses implementation data and other information relevant to the usage of all the databases available in the Microsoft Dynamics CRM server.

The value of this measure includes both successful and unsuccessful authentication requests that were processed.

This measure is a clear indicator of the load on the Microsoft Dynamics CRM server.