Tuesday, July 14, 2015

Create Status Reason Values Using C#

The CRM interface no longer allows you to enter the Value for a Status Reason.  I had to update several entities to all have the same values but some of them were created way back in CRM 4.0 when you could select the value manually.  To get around this I created the values using C# and LINQPad.


void Main()
    string connectionString = "Url=https://test.anycom.us/defenseready/XRMServices/2011/Organization.svc;";
    var orgService = CreateOrgService(connectionString);
    if (orgService != null)
        var entName = "test_myentity";
        InsertStatusValueRequest req = new InsertStatusValueRequest();
        req.EntityLogicalName = entName;
        req.AttributeLogicalName = "statuscode";
        req.Value = 3; //set the value here
        req.StateCode = 0;  //set the statecode here if you don’t it will default to 0 (active).
        //1033 below represents localeId for the United States and English
        req.Label = new Label("Pending", 1033);
        InsertStatusValueResponse resp = (InsertStatusValueResponse)orgService.Execute(req);
}private IOrganizationService CreateOrgService(string connectionString)
        CrmConnection connection = CrmConnection.Parse(connectionString);
        return new OrganizationServiceProxy(

Monday, June 29, 2015

CRM 2011 Email Router Configuration Wizard might fail during “loading data”



After you deployed the CRM 2011 on premise and the CRM e-mail router you may experience a problem when loading data from Email Router Configuration manager.

When you hit the "load data" button on the "User, Queues, and Forward Mailboxes" Tab in the Email Router Configuration manager …


… the e-mail router might not be able to load the data. Within the  CRM platform trace the below error can be seen: 

>Crm Exception: Message: The decryption key could not be obtained because HTTPS protocol is enforced, but not enabled. Enable HTTPS protocol, and try again., ErrorCode: -2147187707, InnerException: Microsoft.Crm.CrmException: The decryption key could not be obtained because HTTPS protocol is enforced, but not enabled. Enable HTTPS protocol, and try again.

at Microsoft.Crm.ObjectModel.EmailService.GetDecryptionKey(ExecutionContext context) 

On the UI the following error will be reported:

The e-mail router expects a HTTPS connection to the CRM website and if SSL is not enabled on the website the request will fail.

Add the registry key "DisableSecureDecryptionKey" on the CRM Server. If you configure the value to 1 the email router configuration manager will explicitly check for HTTP.

1. Click Start , click Run , type regedit , and then click OK .
2. Locate and then click the following registry key: 


3. On the Edit menu, click New , and then click DWORD Value .
4. Set the name of the subkey to DisableSecureDecryptionKey .
5. Right-click DisableSecureDecryptionKey, and then click Modify .
6. In the Value data box, type 1 in the Value data field, and then click OK .
7. On the File menu, click Exit . 

Greetings from the CRM team



Make sure the e-mail user is in the PrivUserGroup security group in AD.  He cannot just be part of a group that is already in the PrivUserGroup the user account must be explicity in the PrivUserGroup.

Tuesday, December 16, 2014

Disable CRL Checking in IIS 8

When working on a system with no internet access it is important to ensure that CRL checking is disabled. If not disabled you will always receive a 403.13 error after entering you pin. After a lot of searching I found an article written by Kaushal Kumar Panday. I would suggest you check out his article first, I'm just re-posting some of the commands here for my own use.
Original Article

Also if you are using ip addresses not hostname just change hostnameport to ipport.

Command to Show All Binding and Their Verify Client Certificate Revocation Setting:
netsh http show sslcert

Delete SNI Binding:
netsh http delete sslcert hostnameport=www.mysite.com:443

Add SNI Binding:
netsh http add sslcert hostnameport=www.mysite.com:443 certhash=78dd6cc2bf5785a123654d1d789c530fcb5687c2 appid={3cc2a456-a78c-2cc9-bcc9-782bc83bb789} certstorename=My verifyclientcertrevocation=disable

Tuesday, November 25, 2014

Postpone CRM Rollup Database Updates

Update Rollup 17 for CRM 2011 creates new indexes for database tables when installed.  Because of this the install can take several hours.  In the case that you have a multitenant environment with separate hardware for each org you may want to defer rolling out database updates to all the orgs so that you can install the update rollup per sever/org pair.

To disable the automatic update you can use PowerShell or update the MSCRM_CONFIG database as shown below.

  1. Open SQL Server Management Studio
  2. Expand the MSCRM_CONFIG database
  3. Right Click the dbo.DeploymentProperties table and select Edit Top 200 Rows
  4. Find the AutomaticallyInstallDatabaseUpdates key and update the BitColumn from True to False


After installing the binary files for UR17 on each server you will then need to go into the CRM Deployment Manager and manually apply the updates for the organization.

  1. Start Microsoft Dynamics CRM Deployment Manager
  2. Click on Organizations
  3. Right click on the organization you wish to update and select the Update option.

Thursday, June 26, 2014

Get Process ID of Application Pool (w3wp.exe)

When wanting to debug in VS sometimes I only want to attach to a specific Application Pool.  To find out which Process Id belongs to what Application pool open a Command Prompt and use the following command.

C:\Windows\System32\Inetsrv\> Appcmd list wp

You will get a list of all the running application pools and their process id.

Thursday, June 5, 2014

Point Internal Servers to Internal IP for Internet Facing Sub Domain

When you want to create internal DNS entries for a domain name that is also registered externally you can actually create a DNZ zone for that specific sub-domain.

The first thing I had tried was creating a zone for the entire domain, eg external.com.  I then put in A records for the specific sub-domains I wanted.  The issues I had though was that any other sub-domains were unreachable without an A record.

Instead what I did was create a zone for my specific sub-domain, eg sub.external.com.  I then put in an A record with a blank Host Name and entered the IP address of my local server.  This way when my local servers attempt to navigate to anything in the domain.com namespace they will still go to my outside name server unless I have specifically created a zone for the sub-domains I want them to access using internal Urls.

  • internal.local
    • Forward Lookup Zone
      • _msdcs.internal.local
      • internal.local
      • sub.external.com
        • A Record - Name, (same as parent folder) - Type, Host (A) - Data,

Thursday, May 1, 2014

CAC Card Authentication Using KCD With CRM 2011 and TMG


  • Allow website to use Kerberos
  • Create an SPN for CRM
    • setspn -a http/crm-2011.test.local Domain/User
  • Open TMG Computer Account in AD and allow delegation to the SNP you created earlier.

  • Install DoD Root Certificates (http://iase.disa.mil/pki-pke/function_pages/tools.html)
  • Install Tumbleweed on TMG Server ***** this is extremely important on gov sites that use this software.  *****
  • Import Tumbleweed client configuration file
  • Disable HTTPS Inspection and NIS in TMG
  • Publish DoD E-mail certs to the NT Auth Store
    • certutil -dspublish -f <filename> NTAuthCA
  • Make sure GPO for TMG machine is updated with the following.
    • Policies -> Windows Settings -> Security Settings -> Public Key Policies -> Certificate Services Client - Auto-Enrollment
    • Configuration Model should be enabled and Renew expired certificates and Update certificates should both be checked.
  • Create Listener
  • Create Rule
  • Add the EDIPI number from the back of the CAC to the User Principal Name on the AD account (ie 123456789@mil)
  • When creating the CRM users you should still use their original AD user name (ie DOMAIN\rick.wilson) not the EDIPI.