Microsoft small business knowledge base

Article ID: 2500917 - Last Review: February 15, 2011 - Revision: 2.0


When you add an account that is running the CRMAppPool as a Microsoft Dynamics CRM user, the system crashes. Additionally, you may receive errors that resemble the following:

SecLib::RetrievePrivilegeForUser failed - no roles are assigned to user. Returned hr = -2147209463, User: [userid]


By default, when a CRM user is created in Microsoft Dynamics CRM, the user has no security roles. Because the CRM service account is mapped with the newly created user, the CRM service account cannot operate anything. Therefore, the system crashes.

This behavior is by design. Making the account that is running the CRMAppPool into a Microsoft Dynamics CRM user is not supported.


Keep the CRM service account as a dedicated service account.


More information is available in the "Services and CRMAppPool IIS application pool identity permissions" section of the Microsoft Dynamics CRM 2011 Implementation Guide. To download the guide, visit the following Microsoft website: (

  • Microsoft Dynamics CRM 2011
  • Microsoft Dynamics CRM 4.0
kbmbsmigrate kbsurveynew KB2500917
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support