Wednesday, August 31, 2016

MS CRM 2016 Data Encryption, things to keep in mind

Database encryption is a great stuff, but need to bare below things in mind...

  • Changing the encryption key requires that TLS/SSL be configured on the Microsoft Dynamics CRM website.
  • To help ensure the highest level of security, we recommend that you change the encryption key immediately after creating or updating an organization, and thereafter about once a year.
  • Auditing cannot be enabled on encrypted fields.
  • Encrypted fields cannot be customized.
  • Encrypted fields cannot be indexed.
  • Encrypted fields can be set and updated by using standard Create, Update, and Delete methods.
  • When doing a retrieve of an encrypted field’s value, a null is returned.

MS CRM 2016 Installation Step by Step

I know most of you knows MS CRM installation and MS CRM 2016 will be almost similar to earlier ones.

here are step by step to follow with details.

once you have downloaded the installer, open the "Splash.exe" and you will get the below screen, which guided the sequence of components you should install.
select the first one to install server components.
 you will get below screen, select get updates if server is connected to internet, else other option and click Next.
 now enter the product key that you got for this and click next.
 as usual for any product, just accept the agreement and click I Accept.
 provide the location you want to install the binaries and click Next.
 this is main section, you have to select the server components that you will be installing.
the description for each components described in right Description panel.

 here select the SQL server name, if you have instanced SQL, just provide SQL with instance name and click next.
 here provide the OU that has been created under the AD and click Next.
 now provide the service account, it is recommended to provide different service account names for each, else you will get warning @ the end and click Next.
 here you select the site you will using, either use the default site or create your own site and port and click next.
 this step is optional, what it does is, if you want to install Email router with server installation, then provide the server name and Email router will be installed together with server components. you can just skip this as well by clicking next and latter you can install email router.
 here to provide the 1st organisation details like name, currency etc and click next.
 here enter the pre-configured Report server URL and click next. make sure the url is browsable with out any error.
 this is optional and click next.
 select the option here as required and click next.
 this is the final check screen, you must have all green else you can not proceed.
warnings are OK, but try not to have warnings except the DB encryptions and click next.
 this is the warning that, it will start below services and if you have any other things depending on this will have impact, hence have to be careful not to impact other applications and click next.
 this is the summary of all inputs , just take a look and click "Install".

Take a large HOT coffee and enjoy and keep eye on this....
once you get the success screen you are good....
next you should install the reporting connector and then email router , outlook client as per your requirements...

hope this helps,


Monday, August 29, 2016

ADFS 3.0 set extended timeout in Windows 2012 R2 for MS CRM 2013, MS CRM 2015 , MS CRM 2016

if you have done default setting the timeout is 30 mnts, if you/users need more idle time out, below way you can do.
this is different that we do in earlier way for ASFD 2.0

login to the server with ADFS admin rights and open Server manager and then ADFS Management from tool menu.
in ADFS management, expand Trust Relationship and then Replying Party Trust.
take note of the replying party trust name (<Relying Party Name> that, you want to increate the timeout.
now open Windows PowerShell on admin right and run below command.

Set-ADFSRelyingPartyTrust -Targetname “<Relying Party Name>“ -TokenLifetime 720

720 here is in minutes and 12 hrs here. so you use as per your requirements.