Tuesday, November 25, 2014

Postpone CRM Rollup Database Updates

Update Rollup 17 for CRM 2011 creates new indexes for database tables when installed.  Because of this the install can take several hours.  In the case that you have a multitenant environment with separate hardware for each org you may want to defer rolling out database updates to all the orgs so that you can install the update rollup per sever/org pair.

To disable the automatic update you can use PowerShell or update the MSCRM_CONFIG database as shown below.

  1. Open SQL Server Management Studio
  2. Expand the MSCRM_CONFIG database
  3. Right Click the dbo.DeploymentProperties table and select Edit Top 200 Rows
  4. Find the AutomaticallyInstallDatabaseUpdates key and update the BitColumn from True to False


After installing the binary files for UR17 on each server you will then need to go into the CRM Deployment Manager and manually apply the updates for the organization.

  1. Start Microsoft Dynamics CRM Deployment Manager
  2. Click on Organizations
  3. Right click on the organization you wish to update and select the Update option.

Thursday, June 26, 2014

Get Process ID of Application Pool (w3wp.exe)

When wanting to debug in VS sometimes I only want to attach to a specific Application Pool.  To find out which Process Id belongs to what Application pool open a Command Prompt and use the following command.

C:\Windows\System32\Inetsrv\> Appcmd list wp

You will get a list of all the running application pools and their process id.

Thursday, June 5, 2014

Point Internal Servers to Internal IP for Internet Facing Sub Domain

When you want to create internal DNS entries for a domain name that is also registered externally you can actually create a DNZ zone for that specific sub-domain.

The first thing I had tried was creating a zone for the entire domain, eg external.com.  I then put in A records for the specific sub-domains I wanted.  The issues I had though was that any other sub-domains were unreachable without an A record.

Instead what I did was create a zone for my specific sub-domain, eg sub.external.com.  I then put in an A record with a blank Host Name and entered the IP address of my local server.  This way when my local servers attempt to navigate to anything in the domain.com namespace they will still go to my outside name server unless I have specifically created a zone for the sub-domains I want them to access using internal Urls.

  • internal.local
    • Forward Lookup Zone
      • _msdcs.internal.local
      • internal.local
      • sub.external.com
        • A Record - Name, (same as parent folder) - Type, Host (A) - Data,

Thursday, May 1, 2014

CAC Card Authentication Using KCD With CRM 2011 and TMG


  • Allow website to use Kerberos
  • Create an SPN for CRM
    • setspn -a http/crm-2011.test.local Domain/User
  • Open TMG Computer Account in AD and allow delegation to the SNP you created earlier.

  • Install DoD Root Certificates (http://iase.disa.mil/pki-pke/function_pages/tools.html)
  • Install Tumbleweed on TMG Server ***** this is extremely important on gov sites that use this software.  *****
  • Import Tumbleweed client configuration file
  • Disable HTTPS Inspection and NIS in TMG
  • Publish DoD E-mail certs to the NT Auth Store
    • certutil -dspublish -f <filename> NTAuthCA
  • Make sure GPO for TMG machine is updated with the following.
    • Policies -> Windows Settings -> Security Settings -> Public Key Policies -> Certificate Services Client - Auto-Enrollment
    • Configuration Model should be enabled and Renew expired certificates and Update certificates should both be checked.
  • Create Listener
  • Create Rule
  • Add the EDIPI number from the back of the CAC to the User Principal Name on the AD account (ie 123456789@mil)
  • When creating the CRM users you should still use their original AD user name (ie DOMAIN\rick.wilson) not the EDIPI.

Wednesday, April 30, 2014

Recently I have been working with two plugins in my web pages. DirtyForm, which allows you to detect when changes have been made to fields, and JQueryUI which has a very flexible popup calendar for date fields. One issue i have been having is that the Datepicker does not call the blur even when it's closed which means the DirtyForm plugin doesn't pick up the change. In order to fix this issue I added an onClose handler to my DatePicker selector. DirtyForm: https://github.com/acvwilson/dirty_form
Datepicker: http://jqueryui.com/datepicker/

Update 2014/05/13: I changed from using trigger to triggerHandler as the latter does not re-open the calendar control but still has the same functionality of calling the dirty form handler.

Monday, April 21, 2014

Debug App that Uses ADFS: The SecurityToken is rejected because the validation time is out of range

When debugging an app which connected to CRM using IFD connection I kept getting the following in the trace log. The issue was that debugging the call caused the time the ticket was generated to be off. In order to fix this I utilized a property that allows tickets to be off by a certain amount of time. The PowerShell command below will allow tickets to be out of the time range by 5 minutes.

Monday, March 10, 2014

Could Not Load Type System.ServiceModel .net 4 Web App


While attempting to load a .Net 4 website I kept getting a configuration error and the following item in the Event Log

Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: Could not load type 'System.ServiceModel.Activation.HttpModule' from assembly 'System.ServiceModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'.

Turns our that IIS didn’t have all the .Net components installed.  To fix this you can run the following command which will update IIS with the correct .Net components.  Didn’t even require a reboot.

c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -iru