Wednesday, August 12, 2015

Enable Kerberos Logging in Event Viewer

  1. Open the Registry Editor (regedit.exe)
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
  3. Add a new DWORD Value called “LogLevel” set the value to 1
  4. The logging should start without any reboot

After you have completed your testing delete the LogLevel key reboot the server to ensure you stop logging.

ADFS 2.1 & 3.0 Config Debug Tracing

  1. Run CMD as Administrator
  2. WEVTUTIL sl "AD FS Tracing/Debug" /l:5
  3. Open the file “C:\Windows\ADFS\Microsoft.IdentityServer.Servicehost.exe.config”
  4. Find the following sections shown in the image
  5. Update the switchValues for Microsoft.IdentityModel and System.ServiceModel to Verbose instead of Off.  Also remove the comments from around the system.serviceModel section.
  6. Open Event Viewer.
  7. To open Event Viewer, click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
  8. On the View menu, click Show Analytic and Debug Logs.
  9. In the console tree, expand Applications and Services Logs, expand AD FS Tracing, and then click Debug.
  10. In the Actions pane, click Enable Log.
  11. Tracing for AD FS is now enabled.
  12. Restart the Active Directory FederationServices windows service.
  13. Open the AD FS Management tool
  14. Right click on the Service folder and select Edit Federation Service Properties…
    ADFS Events
  15. Select the Events tab and select all the checkboxes to make sure all errors will be displayed in the event log.
    ADFS Events 2

Tuesday, July 14, 2015

Create Status Reason Values Using C#

The CRM interface no longer allows you to enter the Value for a Status Reason.  I had to update several entities to all have the same values but some of them were created way back in CRM 4.0 when you could select the value manually.  To get around this I created the values using C# and LINQPad.


void Main()
    string connectionString = "Url=;";
    var orgService = CreateOrgService(connectionString);
    if (orgService != null)
        var entName = "test_myentity";
        InsertStatusValueRequest req = new InsertStatusValueRequest();
        req.EntityLogicalName = entName;
        req.AttributeLogicalName = "statuscode";
        req.Value = 3; //set the value here
        req.StateCode = 0;  //set the statecode here if you don’t it will default to 0 (active).
        //1033 below represents localeId for the United States and English
        req.Label = new Label("Pending", 1033);
        InsertStatusValueResponse resp = (InsertStatusValueResponse)orgService.Execute(req);
}private IOrganizationService CreateOrgService(string connectionString)
        CrmConnection connection = CrmConnection.Parse(connectionString);
        return new OrganizationServiceProxy(

Monday, June 29, 2015

CRM 2011 Email Router Configuration Wizard might fail during “loading data”



After you deployed the CRM 2011 on premise and the CRM e-mail router you may experience a problem when loading data from Email Router Configuration manager.

When you hit the "load data" button on the "User, Queues, and Forward Mailboxes" Tab in the Email Router Configuration manager …


… the e-mail router might not be able to load the data. Within the  CRM platform trace the below error can be seen: 

>Crm Exception: Message: The decryption key could not be obtained because HTTPS protocol is enforced, but not enabled. Enable HTTPS protocol, and try again., ErrorCode: -2147187707, InnerException: Microsoft.Crm.CrmException: The decryption key could not be obtained because HTTPS protocol is enforced, but not enabled. Enable HTTPS protocol, and try again.

at Microsoft.Crm.ObjectModel.EmailService.GetDecryptionKey(ExecutionContext context) 

On the UI the following error will be reported:

The e-mail router expects a HTTPS connection to the CRM website and if SSL is not enabled on the website the request will fail.

Add the registry key "DisableSecureDecryptionKey" on the CRM Server. If you configure the value to 1 the email router configuration manager will explicitly check for HTTP.

1. Click Start , click Run , type regedit , and then click OK .
2. Locate and then click the following registry key: 


3. On the Edit menu, click New , and then click DWORD Value .
4. Set the name of the subkey to DisableSecureDecryptionKey .
5. Right-click DisableSecureDecryptionKey, and then click Modify .
6. In the Value data box, type 1 in the Value data field, and then click OK .
7. On the File menu, click Exit . 

Greetings from the CRM team


Make sure the e-mail user is in the PrivUserGroup security group in AD.  He cannot just be part of a group that is already in the PrivUserGroup the user account must be explicity in the PrivUserGroup.

Tuesday, December 16, 2014

Disable CRL Checking in IIS 8

When working on a system with no internet access it is important to ensure that CRL checking is disabled. If not disabled you will always receive a 403.13 error after entering you pin. After a lot of searching I found an article written by Kaushal Kumar Panday. I would suggest you check out his article first, I'm just re-posting some of the commands here for my own use.
Original Article

Also if you are using ip addresses not hostname just change hostnameport to ipport.

Command to Show All Binding and Their Verify Client Certificate Revocation Setting:
netsh http show sslcert

Delete SNI Binding:
netsh http delete sslcert

Add SNI Binding:
netsh http add sslcert certhash=78dd6cc2bf5785a123654d1d789c530fcb5687c2 appid={3cc2a456-a78c-2cc9-bcc9-782bc83bb789} certstorename=My verifyclientcertrevocation=disable

Tuesday, November 25, 2014

Postpone CRM Rollup Database Updates

Update Rollup 17 for CRM 2011 creates new indexes for database tables when installed.  Because of this the install can take several hours.  In the case that you have a multitenant environment with separate hardware for each org you may want to defer rolling out database updates to all the orgs so that you can install the update rollup per sever/org pair.

To disable the automatic update you can use PowerShell or update the MSCRM_CONFIG database as shown below.

  1. Open SQL Server Management Studio
  2. Expand the MSCRM_CONFIG database
  3. Right Click the dbo.DeploymentProperties table and select Edit Top 200 Rows
  4. Find the AutomaticallyInstallDatabaseUpdates key and update the BitColumn from True to False


After installing the binary files for UR17 on each server you will then need to go into the CRM Deployment Manager and manually apply the updates for the organization.

  1. Start Microsoft Dynamics CRM Deployment Manager
  2. Click on Organizations
  3. Right click on the organization you wish to update and select the Update option.

Thursday, June 26, 2014

Get Process ID of Application Pool (w3wp.exe)

When wanting to debug in VS sometimes I only want to attach to a specific Application Pool.  To find out which Process Id belongs to what Application pool open a Command Prompt and use the following command.

C:\Windows\System32\Inetsrv\> Appcmd list wp

You will get a list of all the running application pools and their process id.