Microsoft Dynamics CRM Resources

Posted on March 13, 2010 by Dan Blake

I put this page together to keep track of useful links related to Microsoft Dynamics CRM.  I did it as much for my own use as anything but if anyone else finds it useful, all the better.

Workflow
Microsoft Dynamics CRM: Workflow Authoring Best Practices
Gonzalo Ruiz, Business IT Professionals, Inc., Microsoft, January 15, 2010,
I love this post. Gonzalo explains five important best practices for building workflows.

Microsoft Dynamics CRM – Advanced Workflows
Ayaz Ahmad, MVP – Microsoft Dynamics CRM, Microsoft Dynamics CRM Team Blog, January 05, 2010

Workflow: Wait Command CRM 4.0
Dynamics Forums > CRM, February 01, 2010
Discussion around how to use the Wait and Timeout Activities in CRM Workflow

Workflow E-mail Utilities
Jim Steger, Sonoma Partners, December 15, 2008

E-Mail Router
Configuring CRM 4.0 R8 On-Premise E-Mail Router with Exchange Online / BPOS
Steve Noe, B01/27/2010

Development and Customization

ISV Utilities for Comparing Customizations and Transferring Configuration Data
Inna Agranov, Microsoft Corporation, February 2009

Inline Grids for Sales Orders in Microsoft Dynamics CRM
Ben Vollmer, November 14, 2008

Operations
CRM Client AutoUpdate
Eric Newell, May 08, 2008

Hosting
Change default Organization in CRM 4.0
Just Cruising Today Blog, January 15, 2009

Data Migration
Microsoft CRM 4.0 Data Migration Manager versus Scribe
Dale Simmons, Customer Effective Blog, March 13, 2008

Data migration overview
Microsoft Dynamics CRM Resource Center

Tool to Update MSCRM 4.0 data inline and Export to CSV for Re-import
Microsoft, CodePlex

Microsoft Dynamics CRM 4.0 Bulk Update and Export tool
CodePlex, OrbitOne Internet Solutions

Advanced Data Migration Map Editor for MSCRM 4.0 Data Migration
Microsoft, CodePlex, Mar 17, 2008

Integrating CRM using SQL Integration Services (SSIS)
CRM MVP Darren Liu, Crowe company, May 07, 2008

SQL Server Integration Services And Microsoft Dynamic CRM
Microsoft, CodePlex, Sep 15, 2008

MSCRM 4.0 Bulk Data Export Tool
Microsoft, CodePlex, Apr 18, 2008

CRM Data Import Tool
Veeran Bansal, Adithya Vishwanath, Arun Kumar, Microsoft Dynamics CRM Team Blog, January 25, 2008

Advanced Data Migration Map Editor for CRM 4.0 – Redux
Gaurav Agrawal, May 02, 2008

Filed under: Architecture, Development, Hosting, Operations, Platform, Tips & Tricks, Troubleshooting, XRM | Tagged: , | Leave a comment »

Microsoft Released an “Update to the Update” of Rollup 2 for Microsoft Dynamics CRM 4.0

Posted on February 12, 2009 by Dan Blake
Hosting Environment for CRM 4.0

CRM 4.0 Rack in Colocation Data Center

Microsoft released a new version of Update Rollup 2 for Microsoft Dynamics CRM 4.0 on February 8th. The new version fixes some problems with UR2.   The issues that were fixed were fairly minor.  Unless you were having troubles with a localized version, there weren’t any other major problems that a quick edit of web.config wouldn’t solve.

If the CRM team sticks to the 2 month update cycle, we should see Update Rollup 3 in about month. I’m not really used to this short cycle of updates yet. However, I do like the idea of doing a rollup rather than individual hotfixes. My basic rule of thumb on installing CRM updates is that, if we don’t need it to fix a problem, wait for 3-4 weeks and let everyone else regression-test it (thanks everyone and please keep up the good work). If we are experiencing problems then we’ll test it first in our sandbox and make sure nothing breaks.

We’ll be installing the update to the update in the CourseMax data center this weekend. It’s a pretty involved process.  Here is the process we’ll go through:

  • Apply the update in the sandbox
    • Since our CRM server roles are split up, we’ll have to install it four times)
  • Run through the test plan on all four servers
  • Apply the update on the production servers
    • Six different servers this time
  • Run through the test plan again on Production

The test plan involves testing all of the various screens, triggering actions for plug-ins, testing workflows, testing e-mails and queues, and testing all of the external modules that hit the CRM web service, the Deployment Service, and the Discovery Service. Now you can understand why we wait until everyone else finds the problems first. We could test it in a single-role environment but that wouldn’t really do much good because we’d still need to run through the test plan twice in the hosting environment.  This is also why I’m not really comfortable yet with the 2 month update cycle.  I like to keep current with updates but it is a lot of work.  Keep in mind that this is in addition to the testing and updating we do for our own software. Our software consists of all of the plugins, workflows, scripts, sitemap customizations, etc. that make CourseMax CRM handle all the functions you need if you are a Training Organization.  If we would have installed the first version of Update Rollup 2 we would have had to go through this whole process twice within a month.

I was thinking about synchronizing the updates to the CourseMax software with Microsoft’s cycle.  The problem with doing that is that, if something does go wrong, it will be a nightmare because we won’t know whether it is our software causing the problem, the Microsoft update, or a combination of the two. By the way…In case you were wondering, our sandbox is a QA environment that mirrors our production environment. While it isn’t identical (4 servers instead of 6) to the production environment, it has all of the same server roles and exhibits the same network traffic. Our whole environment is virtualized using VMWare so it was pretty easy to copy it over. We just copied all of the virtual drives brought them up without network, then configured them on a separate VLAN. Since VMWare allows VLAN tagging, it is a completely soft configuration. The sandbox environment actually shares hardware with the production environment. Man I love virtualization…virtual servers, virtual LANs, virtualized storage (SAN). Everything is so much easier and efficient these days.

Here are the links to the new release of Update Rollup 2:
Informational post on the CRM Team Blog
Download Link

The new update fixes 2 problems found with the original update that was released on January 15th. The most common problem I was hearing about is that you could no longer publish workflows after the update if you had a custom web.config file. The fix was to add the following line to web.config in the authorized types section:

<authorizedType Assembly=”mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089″ Namespace=”System.Globalization” TypeName=”CultureInfo” Authorized=”True”/>

From the CRM Team Blog:

Update Rollup 2 for Microsoft Dynamics CRM 4.0
On 2/8/2008, the CRM Sustained Engineering team released a new version of the Update Rollup 2 packages. The new version of Update Rollup 2 addresses some of the issues that have been noted in the comments for this blog entry.

Including:

Strings in the localized product showing up as garbage or in English.

Customized web.config causing issues after Update Rollup 2 is installed

Customers do not need to uninstall the original Update Rollup 2 packages. The new packages will install over the top. If a customer has not been affected by the issues in the original Update Rollup 2 package they do not need to update to the new version. Customers can install Client, Server, Router Update Rollup 2 in any order…

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to FurlAdd to Newsvine

Filed under: Operations, Troubleshooting | Tagged: , , , , , , , , , , , , | Leave a comment »

Troubleshooting CRM, Kerberos, and the Error 401.1 – Unauthorized: Access is denied

Posted on January 23, 2009 by Dan Blake

You install Microsoft Dynamics CRM 4.0 and follow the instructions to the best of your ability only to find that when you try to access the CRM web site, it prompts you for a password three times then you get the message:

You are not authorized to view this page.
HTTP Error 401.1 – Unauthorized: Access is denied due to invalid credentials.

This has got to be the #1 most common error people run into when installing Microsoft Dynamics CRM 4.0. In all of the production, testing, and development environments I have set up, the 401.1 error is the one I have spent the most time troubleshooting. It is ALWAYS caused by a problem with Kerberos and double-hop authentication. The trouble is that there are SO MANY ways you can break Kerberos. Over the weekend, I went through another marathon troubleshooting session to resolve yet another Kerberos issue. This time it was in our Sandbox (testing) hosting environment. It came down to an incorrect SPN this time.

Service Principal Names (SPNs) and Delegation
For Kerberos double-hop authentication to work, you must have the proper SPNs configured and you must configure delegation for the computer account or service account that the service runs under. For CRM, this is the identity that your CRM web site’s application pool uses.

The SPNs you need to configure for Kerberos double-hop authentication to work properly are set up as follows:

setspn –A HTTP/servername:5555 domain\serviceusername_or_computername
setspn –A HTTP/servername.company.com domain\serviceusername_or_computername

If you configure the application pool to use an AD user account (service account) as its identity, you should use the name of that account in the above configuration. If you use Network Service, you should use the computer name (and you won’t need to prefix it with domain\). These commands add an SPN in Active Directory. You can also use ADSIEdit to configure this. Note that you need to use the port number for the short (NetBIOS) name version of the SPN but NOT for the FQDN version. This one got me recently.

Next, you need to allow delegation for the computer or service account using ADUC.

Incorrect or Missing SPN
You need to make sure that you have the correct SPN configured. Use setspn -L “computer_or_account_name” to list all SPNs for the service account and computer accounts.

Ex:
setspn -L CRMSERVERNAME
setspn -L Domain\service_account_name

In a recent troubleshooting experience, I had the port number added to the FQDN SPN and I got the following misleading error in the event log:

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 1/20/2009
Time: 1:55:03 PM
User: N/A
Computer: ONCCRM01
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/crmdiscoveryserver.domain.net. The target name used was HTTP/crmdiscoveryserver.domain.net. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (MSCRMHOST.NET), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at

All of the info I found while searching indicated that the problem was due to the next issue, Duplicate SPNs, when in reality, it was because Kerberos was looking for an SPN without the TCP port and I had configured it with the TCP port.

Duplicate SPNs
Duplicate SPNs can be difficult to resolve if you don’t know how. 

Knowledgebase Article Windows 2000 Server Prompts Domain User for Credentials describes how to use LDP and Adsiedit.msc to troubleshoot and fix a duplicate SPN problem.  When you run LDP, make your search string http/* to return all SPNs configured for web sites.  You can narrow that down further to http/computername* if the former string yields too many results.  Do the same for host/* and MSSQLServer/* just in case.

Event ID 11 — Service Principal Name Configuration
Note the important comment that the “setspn -X” option is only available in Windows Server 2008, not 2003.  If you have Server 2008, this is much simpler than using LDP which can be daunting to those unfamiliar with AD and LDAP.

“Negotiate,NTLM” not configured on the web site and/or virtual directories
Your web site must have Negotiate/NTLM configured or the client and server will not negotiate Kerberos. This is the default setting but any number of things can change this configuration. The following article discusses how to configure this parameter using adsutil. I prefer to use the Metabase Explorer in the IIS Resource kit because it lets me see all of the configuration parameters and edit them directly. Either way will work.

Error message when you try to access the Microsoft Dynamics CRM Web site: “You are not authorized to view this page”

Keepalives not enabled on the CRM web site
Keepalives are turned on by default in IIS. If they are turned off, Kerberos will break. This is the most difficult issue I have ever had to troubleshoot related to the 401.1 error in CRM. I don’t know how it got turned off but the only thing that led me to the fix was to analyze the traffic with Netmon then use IIS Diagnostics to troubleshoot Kerberos. Use Metabase Explorer or adsutil to examine and change the keepalive setting.

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to FurlAdd to Newsvine

Filed under: Tips & Tricks, Troubleshooting | Tagged: , , , | 16 Comments »