Saturday, May 18, 2013

Reserved Organization Names in MS CRM 2011

There are several names that cannot be used to name an organization.
To view a list of reserved names, open the ReservedNames table in the MSCRM_CONFIG database, and review the names in the ReservedName column.
below are the values...most are few key words for MS CRM


CREATE VIEW failed because column 'column_name' in view 'view_name' exceeds the maximum of 1024 columns upgrade from MS CRM 4.0 to MS CRM 2011

while upgrading MS CRM 4.0 to MS CRM 2011, if you get the below message and it failed then the reason is as below.
"If you have more than 1023 attributes defined for an entity, you must delete the additional attributes before you run the upgrade."

hope this will help...


AD FS 2.0 federation server sessions are valid up to 8 hours even for invalid users MS CRM 2011 CBA

By default, Active Directory Federation Services (AD FS) 2.0 server tokens allocate a Web single sign-on (SSO) cookie expiration of eight (8) hours. Therefore, even when a user is deactivated or deleted from an authentication provider, such as AD FS 2.0, as long as the user session is still active the user can continue to be authenticated to secure resources.
to change the value to any minumum of 1 hr or max to 24 hrs, please follow the below...

The lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. By default, Microsoft Dynamics CRM Server 2011 is configured to display the Authentication is Required dialog box 20 minutes before the token expires.

In the Authentication is Required dialog box, if you click Cancel, the token expires as indicated. When the security token expires, you will need to start a new browser session to Microsoft Dynamics CRM to access your data. Any unsaved changes will be lost.

In the Authentication is Required dialog box, if you click Sign In, the Sign-Out page appears. When you close the Sign-Out page, one of the following occurs:

           If you have not deployed an Internet-facing deployment (IFD), you will automatically re-authenticate with domain credentials and a new security token will be issued.

           If you have an IFD deployment, you will be required to re-authenticate by entering your credentials on the login page.

By using Windows PowerShell, you can change the TokenLifetime property for the relying party objects that you created from 60 minutes to a longer period, such as 480 minutes (8 hours):

1.         Open a Windows PowerShell prompt.

2.         Add the AD FS 2.0 snap-in to the Windows PowerShell session:

PS > Add-PSSnapin Microsoft.Adfs.PowerShell

3.         Configure the relying party token lifetime:

PS > Get-ADFSRelyingPartyTrust -Name "relying_party"

PS > Set-ADFSRelyingPartyTrust -Targetname "relying_party" -TokenLifetime 480
o          relying_party is the name of the relying party that you created.
o          480  is the time in minutes.

hope this helps...


Thursday, May 16, 2013

Retrieve more than 5000 records frm MS CRM 2011 SDK

while we use the SDK for ms crm 2011 for retrieving records from any entities, by default it will fetch max 5000 records.
hw if there are more than that?
ans is, it ll not get more than 5000, it will fetch the 1st 5000 records.
to fetch all records, we need to do some changes in the regedit on the server.(if you have multiple servers, please add to all the crm servers).

just create a DWORD value named "TurnOffFetchThrottling" and set value to "1" under HKEY_LOCAL_MACHINE\Software\Microsoft\MSCRM in registry key (run regedit to get it).

hope this will help.
it may have some performance impact, as it will be applicable for all the entities.


Tuesday, May 14, 2013

MS CRM 2011 E-mail Router Configuration Manager fails to Load data

The problem i got when i install CRM 2011 E-mail router and configure it , i can not Load Data from the server, i got error:

"The E-mail router configuration manager was unable to retrieve user and queue information from the Microsoft Dynamics CRM server. This may indicate that the Microsoft Dynamics CRM server is busy. Verify that URL http://<server name:port>/<orgname> is correct. Additionaly, this problem can occur if specified access credentials are insufficient. To try again click Load Data. (The caller was not authenticated by the service.)". below is the message...

i have followed the below URLs, still did not help me...

while troubling shooting, i found some wierd things.
in the same if i use different organization, its able to fetch and the same was also fetching.
suddenly it stopped fetching.
so i suspect there is something to the organization itself.
even i restored the affected org to different name and tried to configured, still same issue.

then i tried to disable all users except the crm admin, then its loaded happily.
then i keep enabling the users bathc wise, and found one user is causing problem.
if that user is disabled then its loading happily.
in that user i saw, the incoming profile for email was email router and out going also.
i just change the incoming to outlook and enabled the user. now it loaded.
BTW the user was just a test user.
so prefered to disable that and let the things go happily.

hope this finding will help some one.


Wednesday, May 8, 2013

Windows Credential keep asking for MS CRM 2011, log on screen, after configured SSL

After configuring SSL(certificate) installation, if you access MS CRM, if it will keep prompting the credential screen. then follow the below to over come this.

go to regedit and then HKEY>LOCAL_MACHINE -> SYSTEM ->Current ControlSet -> Control -> Lsa
inside this created D_Word named "DisableLoopbackCheck" and set value to 1.
then do an iis reset if needed.
do this in CRM server .
below is the screen shot.


An error occurred during an attempt to build the certificate chain for the relying party trust '' certificate identified by thumbprint ""

While doing CBA configuration in one of my installation, i got error while accessing the URL.
and fro
m the ADFS event viewer(as in the below pic) i found the below error message...
"An error occurred during an attempt to build the certificate chain for the relying party trust '' certificate identified by thumbprint 'XXXXXXXX'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's encryption certificate revocation settings or certificate is not within its validity period."
This is cause of the server and the certificates used. need to make encryptioncertificaterevocationcheck to none.
please use the below commands, after opening the windows powershell command.
the 1st line "Add-pssnapin microsoft.adfs.powershell" is used to get into the adfs powershell ...
donot miss that...
Add-pssnapin microsoft.adfs.powershell
set-adfsrelyingpartytrust -targetname "your relying party trust name" -encryptioncertificaterevocationcheck none

set-adfsrelyingpartytrust -targetname "your relying party trust name" -signingcertificaterevocationcheck none

now if you will try then u must be able to login.

again here if you get the prompts again and again then, you need to follow the below
go to regedit and then HKEY>LOCAL_MACHINE -> SYSTEM ->Current ControlSet -> Control -> Lsa
inside this created D_Word named "DisableLoopbackCheck" and set value to 1.
then do an iis reset if needed.
do this in ADFS server and also the CRM server if both are different.