Hot To Enable TLS 1.2 in Windows Server 2008 or 2016 We previously had a post that handled this solutions called: How to Enable TLS 1.2 on Windows 2008 R2 This post is an update to how the enable and Mange TLS 1.2 on Windows Servers. The reason for the update is because we now use a free tool when we are managing our servers. But first some background. What you need to know about TLS 1.2 According to…https://docs.microsoft.com/en-us/windows/desktop/SecAuthN/protocols-in-tls-ssl–schannel-ssp- TLS 1.2 client and server are enabled by default. But… https://social.technet.microsoft.com/Forums/en-US/cb1a695b-a15c-4fa7-94f0-1aaa20c1279d/enabling-tls-12-on-windows-server-2012-amp-2016?forum=winserversecurity …says Turns out it is, but not enabled for SCHANNEL service Hence you MUST follow… https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-and-disable-tls-12 Please articulate this! Say… You can enable and disable SSL 2.0 and 3.0 and TLS versions 1.0, 1.1, and 1.2 using Manage SSL Protocols in AD FS. On Windows Server 2016, to use TLS 1.2, you must explicity enable it by following instructions at… Read More »Hot To Enable TLS 1.2 in Windows Server 2008 or 2016
Problem While trying to run the OAuth provider setup in Microsoft Dynamics CRM, to configure among other things the Post-instillation setup to allow connectivity by devices and applications. I was banging my head on a problem following the instructions: Configure the OAuth provider Follow these steps to configure the OAuth provider in Microsoft Dynamics 365. Log on to the Microsoft Dynamics 365 server as an administrator. In a Windows PowerShell console window, run the following script. Windows PowerShell $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings $ClaimsSettings.Enabled = $true Set-CrmSetting -Setting $ClaimsSettings Found on this page: https://msdn.microsoft.com/en-us/library/hh699726.aspx#BKMK_WS2012R2 I was getting in the Power Shell: PS C:\Users\administrator.FSERVER4> $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings Get-CrmSetting : The term ‘Get-CrmSetting’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and… Read More »Get-CrmSetting : The term 'Get-CrmSetting' is not recognized as the name of a cmdlet
Microsoft CRM IFD The SSL certificate does not contain all UPN suffix values that exist in the enterprise – Cannot Login
Cannot Login to a Previously working Microsoft CRM IFD A previously working IFD deployment of CRM 2016 (but could be CRM 2015 or CRM 2013). About 1 year after you set the system up, you start receiving: An error has occurred. Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization’s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support. When researching this error, we suspected what it was, and related to an article we covered here: http://www.interactivewebs.com/blog/index.php/crm-2013/microsoft-crm-2013-or-2015-event-id-1309-adfs-ifd-resolution/ However we never found and EVENT ID 1309 or anything close to that in our logs. The closest error we found (and we are not even certain that it was pointing as a result fo this problem) was the error: EVENT ID 415 The SSL certificate does not contain all UPN suffix values that exist in the enterprise. Users with UPN suffix values not… Read More »Microsoft CRM IFD The SSL certificate does not contain all UPN suffix values that exist in the enterprise – Cannot Login
When attempting to login to an IFD deployment of CRM 2013 or 2015 you receive an event Error: 1309 looking like this: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 7/01/2016 12:08:14 AM Event time (UTC): 6/01/2016 1:08:14 PM Event ID: 0daeff15a8f24e939623db80c40522d5 Event sequence: 3 Event occurrence: 2 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-130965592186041416 Trust level: Full Application Virtual Path: / Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\ Machine name: VSERVER07 Process information: Process ID: 2300 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: SecurityTokenException Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer. at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender,… Read More »Microsoft CRM 2013 or 2015 Event ID 1309 ADFS IFD Resolution
While importing a solution to CRM 2011, CRM 2013, or CRM 2015 you receive an error Fields that are not valid were specified for the entity The Cause The cause of this is likely that one of the attributes that you are importing (from a dev environment) already exists in the CRM instance, but with a different attribute. For Example: In your Live Environment Within Accounts, you create a new attribute called “Friendly Cusomter” and mark it TEXT Publish and all is well and good. In you Dev Environment Within Accounts, you create a new attribute called “Friendly Customer” and make it a PICK LIST in other words, the same name for the attribute, but a different kind of field. Then try to export from DEV and import to LIVE. You get the error. The solution You have to remove the conflicting fields from the destination (live… Read More »Microsoft CRM Solution Import Fields that are not valid were specified for the entity
CRM 2015 and CRM 2016 IFD will Automatically Logout the user with a Message: Your session in Microsoft Dynamics CRM is about to expire. To continue working, you must sin in again. By Default this setting is 60 minutes, and the message will pop up around 20 minutes before logout. Any unsaved changes will be lost as your session ends. The Fix To extend the automatic logout time in CRM 2015, we must extend the time set in ADFS 3.0 using the PowerShell command. First we need to know the name that was used to set up the Relying Party Trust in ADFS. 1. Open Server Manager and from the Tools menu select ADFS Management 2. in AD FS management, open Relying Party Trusts and find the Display name for the CRM IFD Relying Party Trust In this case, we have called the Relying Party Trust – “CRM IFD… Read More »CRM 2015 Extend Auto Logout Time in IFD
The message cannot be sent to all selected recipients. When running a workflow / process in Microsoft CRM, you receive a message that looks like this: The e-mail address for one or more recipients is either blank or not a valid e-mail address The Cause This error message is a little misleading as it points to an email address problem. As the title of the error suggests, the problem could be from: 1. A blank email address. 2. An email address with an error, such as a “.” at the end of it: email@example.com. 3. The more likely one is that the contact or account record associated with the flow has a setting to E-mail Do Not Allow. This setting will prevent any workflows in CRM from running and sending email messages. The Solution The fix is easy… just change the setting back to allow. Then save the associated record.… Read More »The e-mail address for one or more recipients is either blank or not a valid e-mail address
CRM 2013 has an annoying CRM 2013 Welcome Popup (First Things First) Not exactly sure why they did not predict the need to turn of this popup Organisation by organisation, however the solution is to just turn it off for good. The Solution On the CRM server, run “Regedit.exe” as an administrator. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRMAdd and right click to new 32 Bit DWord Name the new Dword: DisableNavTour Set the Data Value to 1 Restart IIS That’s it, your CRM server should never show the Popup again.
When browsing to your CRM server: /adfs/services/trust/mex you receive an 503 Error. In our case this was to “https://sts1.iwebscrm.com/adfs/services/trust/mex” and we received the 503 Error. This became evident as we were testing the importing and upgrading of custom JS scripts from CRM 4.0 and CRM 2011 to use the new SDK in CRM 2013 (also applicable to CRM 2015). When we used fiddler to look at why the test environment failed we noticed a call to the ADFS mex endpoint. Looking at the ADFS Logs for the server will show a 102 Error: There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. Additional Data Exception details: System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808. This could happen if there is another application already listening on this endpoint or if you have multiple service endpoints in your… Read More »adfs/services/trust/mex Returns 503 on CRM 2013 Windows 2012 IFD – MEX EndPoint Fix
When importing a database from CRM 2011 to CRM 2013, you may receive an error: Data encryption will be active after the install or upgrade. We strongly recommend that you copy the organization encryption key and store it in a safe place. For more information, see http://go.microsoft.com/fwlink/?LinkId=316366. Understanding This Microsoft Dynamics CRM 2013 uses standard SQL Server cell level encryption for a set of default entity attributes that contain sensitive information, such as user names and email passwords for Server-Side Sync and authentication tokens for Yammer integration capabilities. This feature can help organizations meet FIPS 140-2 compliance by ensuring that the data is encrypted “at rest” so that local database admins cannot read the data in the database tables directly. For Microsoft Dynamics CRM Online, all new and upgraded organizations use data encryption. For on-premise versions of Microsoft Dynamics CRM 2013, users who have the system administrator security role (and in the… Read More »CRM 2013 Warning Data encryption will be active after the install or upgrade.