Server Tips

alphassl the requested property value is empty Exception for HRESULT 0x80094004

alphassl the requested property value is empty Exception for HRESULT 0x80094004

Problem

When completing an Alphassl certificate install on IIS using the “Complete Certificate Request" you receive the error:

There was an error while performing this operation.

Details:

The requested property value is empty. (Exception from HRESULT: 0x80094004)

Exception for HRESULT 0x80094004

Now this is a Typical Microsoft Error in that it really only has meaning to the person who created the error. For us end users stuck in this weird Microsoft world, the error message is trying to tell us that the Certificate you pointed to for the “Complete Certificate Request function in IIS

IIS Complete Certificate Request

is pointing to a .CER file that is not valid as a certificate for import.

So at this point it is time to check what certificate you placed in the .CER file that you are trying to import.

Solution

In particular with Alphassl certificates, the process of completing a new certificate request is completed by email. The end of the process involves receiving an email with instructions on how to complete the process of import.

Screenshot 2018 03 14 13 12 32

Now if you are anything like me, and you think you know what you are doing having completed this process a few times. You tend to work fast and read instructions later (like an IKEA assembly job). And on several of my certificate install jobs I have made the same error. That being that I read to point 2 above. Click the link which if I read it is obviously to the Root Certificate Install. Then proceed to copy and paste the SHA-256 Certificate into the process and save is as a .cer file, then try to complete the process with that hash. 

Screenshot 2018 03 14 13 16 13

So basically this is all wrong. The certificate Hash is actually included in the bottom of the email received from Alphassl and that hash from the bottom fo the email is the correct hash to copy and paste to your IIS server and save as a .cer file. It is then this file that you use to complete the process with your IIS “Complete Certificate Request” function. Not the above Root certificate.

RTFM.

 

 

There was an error while performing this operation.

Details:

The requested property value is empty. (Exception from HRESULT: 0x80094004)

Windows Server 2016 Download Maps Manager Delayed Start

Windows Server 2016 Download Maps Manager Delayed Start Red in Server Manager Dashboard

Its kind of annoying to find that after a fresh install of Windows 2016 Server you have a service that fails to behave correctly. Download Maps Manager Delayed Start When you click on the service, you will see something like this. Screenshot 2017 08 02 22 40 27 Even if you attempt to force a start, it does not resolve this issue. The good news is that this service is really not something you want anyway if you have a windows server doing actual server functions.

The Fix

The simple fix is to disable this service. The easy way to do this is to: Open Windows Powershell Be sure to open this by right clicking on PowerShell and select Execute as Admin. This is necessary even if you are logged in as an admin. Windows 2016 Server Power Shell Windows Powershell Type this command:
Get-Service -Name MapsBroker | Set-Service -StartupType Disabled -Confirm:$false
Enter Disable MapsBroker in Powershell Problem is now fixed, and this annoying service is off and will not bother you again.

How Install Disk Cleanup Tools Windows 2012 or Windows 2016

Install Disk Cleanup Tools Windows 2012 or Windows 2016 Server.

Installing the function to clean your disk, requires that you install the Desktop Experience module from the Windows Feature list. 

Install Disk Cleanup on Windows.png

1. Open a PowerShell with Administrator rights.

2. Exercute:

Import-Module ServerManager

Install-WindowsFeature Desktop-Experience

 

 

That’s it. A Reboot of the Computer is required.

Windows PowerShell Module you receive NotSpecified: (:) [Import-Module], FileLoadException

Windows PowerShell Module you receive NotSpecified: (:) [Import-Module], FileLoadException

This is a typical error for Modules that have been downloaded from the internet and are not given permission to run on the computer.

The solution

Really Easy. 

Open PowerShell

Navigate to the directory in the error message that contains the Module you intend to run. Running a command like:

cd C:\Users\administrator\Documents\WindowsPowerShell\Modules\ACMESharp\

Then Run the Command: 

Get-ChildItem . | Unblock-File

This will set the module files to be able to be used by PowerShell

That’s it. Now the module should run fine.

Enable TLS 1.2 on Windows 2008 R2

Problem

How to enable TLS 1.2 on Windows Server 2008 R2?

Resolution

QuoVadis recommends enabling and using the TLS 1.2 protocol on your server.  TLS 1.2 has improvements over previous versions of the TLS and SSL protocol which will improve your level of security.  By default, Windows Server 2008 R2 does not have this feature enabled.  This KB article will describe the process to enable this.

 

    1. Start the registry editor by clicking on Start and Run. Type in "regedit" into the Run field (without quotations).

     

      1. Highlight Computer at the top of the registry tree.  Backup the registry first by clicking on File and then on Export.  Select a file location to save the registry file.


      Note:

           You will be editing the registry.  This could have detrimental effects on your computer if done incorrectly, so it is strongly advised to make a backup.



          1. Browse to the following registry key:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

           

            1. Right click on the Protocols folder and select New and then Key from the drop-down menu. This will create new folder.  Rename this folder to TLS 1.2.

             

              1. Right click on the TLS 1.2 key and add two new keys underneath it.

               

                1. Rename the two new keys as:
                  • Client
                  • Server

                 

                  1. Right click on the Client key and select New and then DWORD (32-bit) Value from the drop-down list.

                   

                    1. Rename the DWORD to DisabledByDefault.

                     

                      1. Right-click the name DisabledByDefault and select Modify... from the drop-down menu.

                       

                        1. Ensure that the Value data field is set to 0 and the Base is Hexadecimal.  Click on OK.

                         

                          1. Create another DWORD for the Client key as you did in Step 7.

                           

                            1. Rename this second DWORD to Enabled.

                             

                              1. Right-click the name Enabled and select Modify... from the drop-down menu.

                               

                                1. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.

                                 

                                  1. Repeat steps 7 to 14 for the Server key (by creating two DWORDs, DisabledByDefault and Enabled, and their values underneath the Server key).

                                   

                                  1. Reboot the server.

                                  Your server should now support TLS 1.2.

                                   

                                  Note: This article cannot be used on a Windows Server 2003 (IIS 6).  Windows Server 2003 does not support the TLS 1.2 protocol.

                                  Reverting Back

                                  If you make a mistake or something just isn't right, you can revert back to your previous registry settings by opening the Registry Editor and importing the backup you made in step x.

                                  The trust relationship between this workstation and the primary domain failed Hyper-V Server

                                  The trust relationship between this workstation and the primary domain failed

                                  When playing around with some Hyper-V servers that have been inactive for some time, we received an error:

                                  Screenshot 2016 01 05 19 31 45

                                  The cause of this is due to the fact that Active Directory is doing a lot more than simple user name and password storage. We found that a Hyper-V system that remains off for some time, then is turned on again can suffer this. The reason for this has to do with the way that some applications use the Active Directory. Take Exchange Server, for example. Exchange Server stores messages in a mailbox database residing on a mailbox server. However, this is the only significant data that is stored locally on Exchange Server. All of the Exchange Server configuration data is stored within the Active Directory. In fact, it is possible to completely rebuild a failed Exchange Server from scratch (aside from the mailbox database) simply by making use of the configuration data that is stored in the Active Directory.

                                  The suggestion by some other blogs is to: simply reset the computer account. To do so, open the Active Directory Users and Computers console and select the Computers container. Right click on the computer that you are having trouble with. Select the Reset Account command from the shortcut menu, as shown in Figure 2. When you do, you will see a prompt asking you if you are sure that you want to reset the computer account.  Click Yes and the computer account will be reset.

                                  NewImage

                                  This is perfectly safe to do, but is not likely to resolve the issue.

                                  The Fix

                                  1. Log into the server in question using the non domain admin account.

                                  2. Open the Power Shell and run the command:

                                  $credential = Get-Credential

                                  (When prompted, you need to enter the domain administrator account and name.)

                                  3. Then run the command: 

                                  Reset-ComputerMachinePassword -Server ClosestDomainControllerNameHere

                                  (Replacing the “ClosestDomainControllerNameHere” with your domain AD domain. domain.com for example.)

                                  After running this you should be good to login.

                                  CRM 2015 Extend Auto Logout Time in IFD

                                  CRM 2015 and CRM 2016 IFD will Automatically Logout the user with a Message:

                                  Your session in Microsoft Dynamics CRM is about to expire. To continue working, you must sin in again.

                                  CRM 2015 Auto Logout

                                  By Default this setting is 60 minutes, and the message will pop up around 20 minutes before logout.

                                  Any unsaved changes will be lost as your session ends.

                                   

                                  The Fix

                                  To extend the automatic logout time in CRM 2015, we must extend the time set in ADFS 3.0 using the PowerShell command. First we need to know the name that was used to set up the Relying Party Trust in ADFS.

                                  1. Open Server Manager and from the Tools menu select ADFS Management

                                  ADFS Management

                                  2. in AD FS management, open Relying Party Trusts and find the Display name for the CRM IFD Relying Party Trust

                                  Screenshot 2015 04 03 17 30 58

                                  In this case, we have called the Relying Party Trust - “CRM IFD Relying Party” as we keep things simple when we create things. Using the exact name for the title of the trust as we created it. But really it could be anything. One distinguishing feature is that the URL identifier is going to be optioning to the URL that displays in the browser window when you are in the process of login into your IFD CRM.

                                  3. Start PowerShell

                                  Screenshot 2015 04 03 17 35 57

                                  4.  Check you have the correct name of the Relying Party Trust by typing the following command.

                                  Get-ADFSRelyingPartyTrust -Name "relying_party"

                                  Where you replace the “relying_party” with the name you identified in Step 2 above. In our case the command will be: 

                                  Get-ADFSRelyingPartyTrust -Name “CRM IFD Relying Party

                                   

                                  The result should look something like this if you get it correct.

                                  Screenshot 2015 04 03 17 40 02

                                  5. Not type the command to set the time you want to set for Auto Logout.

                                  Set-ADFSRelyingPartyTrust -Targetname “CRM IFD Relying Party“ -TokenLifetime 720

                                  (Again replacing the “CRM IFD Relying Party” with the name used on your system.)

                                  Note: The 720 is time in minutes. 12 Hours in this case. You can change the value up and down as liked.

                                  Set-ADFSRelyingPartyTrust -Targetname “CRM IFD Relying Party“ -TokenLifetime 720

                                  Screenshot 2015 04 03 17 43 47

                                  6. Close out the PowerShell and you are done.

                                  CRM 2015 IFD Adding a New Organization Additional Steps

                                  Error when attempting to login to a New Organisation in CRM 2015 IFD

                                  When attempting to login to a newly configured Organisation you may receive an error looking like this.

                                  Screenshot 2015 03 28 18 43 05 

                                               An error occurred
                                  An error occurred. Contact your administrator for more information.

                                   

                                  • Activity ID: 00000000-0000-0000-1400-0080010000ff
                                  • Error time: Sat, 28 Mar 2015 07:37:45 GMT

                                   

                                  The Cause

                                  Because IFD (Internet Facing Deployment) uses the AD FS Authentication it requires an additional step after using the CRM Deployment Manager to setup a new Organisation to then register at login with the AD FS setup.

                                  Basically it is saying that you have set up the org, but not gin figured the authentication login settings in AD FS.

                                   

                                  The Fix

                                  1. Open AD FS Mananagement

                                  Screenshot 2015 03 28 18 46 58 

                                  2. Click on AD FS / Trust Relationships / Relying Party Trusts and local your CRM IFD Relying Party Trust associated with the IFD Authentication.

                                  Screenshot 2015 03 28 18 49 52 

                                  3. Highlight it, and select Update Federation Metadata

                                   Screenshot 2015 03 28 18 50 30

                                  4. Update

                                  Screenshot 2015 03 28 19 04 29 

                                  And you are done!

                                  You should now be able to login to the CRM server without getting the error message, and with no need to reset IIS or any other services.

                                   

                                   

                                   

                                  CRM 2015 Reporting Extension Setup Error The SQL Server Reporting Services account is a local user and is not supported

                                  Error Message installing CRM 2015 Reporting Extensions

                                  When installing Microsoft Dynamics CRM Reporting Extension Setup you receive an error message: The SQL Server Reporting Services account is a local user and is not supported. This is during the System Checks.

                                  SQL 2014 CRM 2015 Reporting Extension Setup Error.png

                                  In our instance this was with MS CRM 2015 on SQL 2014 on the same server in a test environment.

                                  The Solution

                                  The fix is easy.

                                  1. Open the SQL 2014 Reporting service configuration Manager

                                  Screenshot 2015 03 28 17 56 17

                                  2. Connect to your Server.

                                  Screenshot 2015 03 28 17 57 04

                                  3. Select the Service Account

                                  Screenshot 2015 03 28 17 57 37

                                  4. Select the Local System account and apply with the appropriate security levels.

                                  Screenshot 2015 03 28 17 58 25

                                  That’s about it. Run the setup process again and you should be good to go.

                                  Windows 2012 Turn off Password Complexity

                                  How to disable (turn off) the default Windows 2012 Administrator Complexity

                                  1. Open the Administrative Tool Windows 2012 Password Complexity.png 2. This places you in the Administrative Tools section. Select Local Security Policy. Windows 2012 Password Local Security Policy.png' 3. Change the password Must Meet Complex Requirements option to Disabled.

                                  In a Domain Environment, for an Active Directory Domain Server.

                                    • In the Server Manager click on Tools and from the drop down click Group Policy Management
                                    • Expand Forrest >> Domains >> Your Domain Controller. NOTE: There are some steps in the comments that some have made, that advise of additional steps at this point. Try without, but if you fail... have a look in the comments.
                                    • Right click on the Default Domain Policy and click on the Edit from the context menu.
                                    • Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
                                    • Double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
                                    • Select Disabled  under define this policy setting:
                                    • Click Apply then OK all the way out and close the GPO window.
                                  • In order to refresh the policy type the following command: “gpupdate /force”  in the CMD window and click ENTER.

                                  Windows 2012 R2 Remote Desktop Enabled Cannot RDP Connect

                                  Windows 2012 RDP Remote Desktop Enabled but you Cannot Connect

                                  You find that after you enable the Windows 2012 RDP or Remote Desktop Connection features to allow you to remote desktop into your new server, you are still unable to connect to the server.

                                  The Cause

                                  By default on new installs of Windows 2012 R2 the server firewall is enabled for TCP IP on Remote Desktop User Mode In TCP-IP.

                                  The Fix

                                  Enable the rule that permits access through the Windows Firewall.

                                  1. Search for Firewall and open “Windows Firewall and Advanced Security”.

                                  2. Find the rule “Remote Desktop - User Mode TCP-in” and ENABLE Rule

                                  Windows 2012 Remote Desktop Firewall Rule

                                  Enabling Replication Failed The System Cannot Find the Path Specified Hyper-V

                                  Enabling Replication Failed The System Cannot Find the Path Specified Hyper-V

                                  While trying to replicate a Hyper-V server you receive the following error:

                                  Enabling replication failed

                                  Hyper-V failed to enable replication for virtual machine “Machine Name”: The system cannot find the path specified. (I0x80070003). (Virtual machine ID "ID Number”)

                                  HyperV Replication Failed Path

                                  Cause

                                  The likely cause is that you have removed the path that was set under the replication server (or receiving servers) replication settings.

                                  Under the Hyper-V Setting on the receiving or replication server, click on the “Replication Configuration Enabled as a Replication server"

                                  Screenshot 2014 10 09 02 47 09

                                  The Fix

                                  Browse to the directory defined under “Specify the default location to store replica files” and ensure that the path is valid. 

                                  The likely cause is that the folder defined here was removed and needs to be redefined. This can happen when you are cleaning shop.

                                  Replciation Folder Selection Hyper-V

                                   

                                   

                                  Microsoft CRM 2011 Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry

                                  Error

                                  When attempting to login to an IFD (Internet Facing Deployment of CRM) you receive this error:

                                  Event code: 3005 Event message: An unhandled exception has occurred. Event time: 10/06/2014 1:54:52 AM Event time (UTC): 9/06/2014 3:54:52 PM Event ID: 6da606a9a6794c2a8f504cc6b8b3be3e Event sequence: 2 Event occurrence: 1 Event detail code: 0  Application information:     Application domain: /LM/W3SVC/2/ROOT-1-130468028783689054     Trust level: Full     Application Virtual Path: /     Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\     Machine name: VSERVER08  Process information:     Process ID: 1540     Process name: w3wp.exe     Account name: NT AUTHORITY\NETWORK SERVICE  Exception information:     Exception type: SecurityTokenException     Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
                                    Request information:     Request URL: https://auth.interactivewebs.com:444/default.aspx     Request path: /default.aspx     User host address: 101.164.212.248     User:      Is authenticated: False     Authentication Type:      Thread account name: NT AUTHORITY\NETWORK SERVICE  Thread information:     Thread ID: 8     Thread account name: NT AUTHORITY\NETWORK SERVICE     Is impersonating: True     Stack trace:    at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)  Custom event details: 

                                  The Problem

                                  For unidentified problems, the ADFS authentication is failing and needs to be reset.

                                  Solution:

                                  Run the Deployment Manager with same certificate

                                  These instructions are the last part of the instructions we have created for updating an out of date SSL certificate used in an IFD deployment. Basically we are following the same instructions, but skipping the step of replacing with a new SSL certificate. We are just running the deployment again against the same certificate. 

                                  1. Run the CRM deployment manager:

                                  image

                                  2. Run the Configure Claims-based Authentication

                                  image

                                  Select the default settings.

                                  image

                                  image

                                  Which should be the default from your IFD setup

                                  But when you get to the Certificate, you need to select the new certificate.

                                  image

                                  image

                                  Which should be visible from the list after importing it in the steps above.

                                  3. Run the Configure Internet Facing Deployment action and just step though it with the default settings.

                                  image

                                  4. Restart the AD FS 2.0 Windows Service

                                  image

                                  Configure AD

                                  Set the Service Communication Certificate

                                  1. Start AD FS 2.0 Management

                                  image

                                  2. Expand certificates and select Set Service Communications Certificate

                                  image

                                  3. Select the new certificate that will be listed here.

                                  image

                                  Update Relying Party Trusts

                                  1. From the AD FS 2.0 Management, Select your replying party trusts and update from the federation metadata one by one.

                                  image

                                  Update both listed. They will likely have a red cross before you do this.

                                  Restart Services

                                  Restart AD FS Service:

                                  image

                                  and restart IIS the usual way.

                                  And you should be done. Login to your CRM IFD again and enjoy.

                                   

                                  Windows 2008 Server Blocking RDP IP Address Hacks

                                  Find out the IP address of the Prick who is trying to hack your server.

                                  Go to the Windows Event Log, and select Security. Look for the Audit Failure event and you will see the IP there.

                                  image

                                  Setup a custom rule in Firewall With Advanced Security to block this incoming IP from attempting a hack.

                                  Start -> administrative tools > windows firewall with advanced security.

                                  Select Inbound Rules / New Rule

                                  image

                                  Select Custom / Next

                                  image

                                  Select All Programs / Next

                                  image

                                  Leave Default / Next

                                  image

                                  Leave the Local IP set to ANY, but Change the Remote IP to ADD

                                  image

                                  Ensure that you have added the prick who is hacking you, then Next

                                  image

                                  Select Block the Connection / Next

                                  image

                                  Leave Default / Next

                                  image

                                  Give the rule a name / Finish

                                  image

                                  Microsoft CRM IFD SSL Certificate Renewal

                                  Following on from our very popular IFD configuration for Microsoft CRM. [gard] http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/ The time will come around where you need to renew the SSL certificate for your CRM IFD configuration. This will include the renewal of the SSL certificate as used by IIS and and ADFS. Couple of steps we followed based exactly on the configuration outlined in our above linked blog post.

                                  Generate a new SSL Request.

                                  1. Open IIS Manager and click on server certificates. image 2. Create certificate request image 3. Fill in the data: image Next 4. Change to 2048 Bit image 5. Give it a name: image Finish and you are done. Now Open the certificate text file and copy the text to your clip board, or use this with your certificate authority to issue you a new Wild Card Certificate. *.interactivewebs.com is what we use. To get the certificate we use a service called “startssl.com” who allow you to issue certificates like this for 2 years for free once you are validated as a user.

                                  Complete the Certificate Request

                                  Once the new certificate has been issued to you you need to complete the request on IIS. 1. In IIS Manager click on Complete Certificate Request image 2. Browse to the certificate from your issuer provider and give it a friendly name. We like to use a year in the name to help distinguish from the old one. image Finish the import.

                                  Change the certificate used by IIS

                                  1. Expand the two sites on the CRM server and click on Default Website first then Bindings / https image Then EDIT 2. Select the new certificate that you just imported and click on OK image 3. Repeat this process fro the Microsoft Dynamics CRM website image selecting the new certificate here and OK. 4. Restart IIS

                                  Set Permissions on SSL Certificate

                                  1.  Click Start, and then click Run. 2.  Type MMC. 3.  On the File menu, click  Add/Remove Snap-in. 4.  In the Available snap-ins list, select Certificates, and then click Add. The Certificates Snap-in Wizard starts. 5.  Select Computer account, and then click Next. 6.  Select Local computer: (the computer this console is running on), and then click Finish. 7.  Click OK. 8.  Expand Console Root\Certificates (Local Computer)\Personal\Certificates. 9.  Right-click Certificates, click All Tasks, and then click Import.
                                  Step 2: Add to the ADFS service account the permissions to access the private key of the new certificate. To do this, follow these steps:
                                  1.  With the local computer certificate store still open, select the certificate that was just imported. 2.  Right-click the certificate, click All Tasks, and then  click Manage Private Keys. 3.  Add the account that is running the ADFS Service, and then give the account at least read permissions. (for us this is the Network Service)

                                  Run the Deployment Manager with new Certificate

                                  1. Run the CRM deployment manager: image 2. Run the Configure Claims-based Authentication image Select the default settings. image image Which should be the default from your IFD setup But when you get to the Certificate, you need to select the new certificate. image image Which should be visible from the list after importing it in the steps above. 3. Run the Configure Internet Facing Deployment action and just step though it with the default settings. image 4. Restart the AD FS 2.0 Windows Service image Configure AD

                                  Set the Service Communication Certificate

                                  1. Start AD FS 2.0 Management image 2. Expand certificates and select Set Service Communications Certificate image 3. Select the new certificate that will be listed here. image Update Relying Party Trusts 1. From the AD FS 2.0 Management, Select your replying party trusts and update from the federation metadata one by one. image Update both listed. They will likely have a red cross before you do this. Restart Services Restart AD FS Service: image and restart IIS the usual way. And you should be done. Login to your CRM IFD again and enjoy. Please feel free to link to / reference this blog. Comments welcome below.

                                  Font Icons Not Displaying in Internet Explorer IE 9 / 10

                                  With the Bulk Emailer application we have used font icons to improve response and scalability with different devices. So far we have been happy with how they work using some boot strap code that is used for our user interface.

                                  What we have noticed, and it’s no big surprise… Internet Explorer 9 and IE 10 will not display font icons correct.

                                  What you should see is this:

                                  image

                                  But ends up rendering like this:

                                  image

                                  The Problem is WOFF Fonts on IIS

                                  For IIS 6 and later, they do not handle WOFF fonts as icons for Internet Explorer. Most other browsers will support them, however IE like usual will behave like a black sheep.

                                  There appears to be two solutions to this problem.

                                  Solution 1 – Adding a MIME type to Internet Information Server IIS

                                  Add the following MIME type to the IIS server settings.

                                  • .woff application/x-woff
                                    1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

                                    2. In Features View, double-click MIME Types.

                                    3. In the Actions pane, click Add.

                                    4. In the Add MIME Type dialog box, type a file name extension in the File name extension text box. For example, type .xyz.

                                    5. Type a MIME type in the MIME type text box. For example, type application/octet-stream.

                                    6. Click OK.

                                  image

                                  Solution 2 – Adding some code to the web.config

                                  A lot of people don’t have access to configure IIS in DotNetNuke, so you can add the following to the web.config.

                                  Under the yellow below add the green lines

                                  <system.webServer>
                                      <staticContent>

                                         <mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
                                      </staticContent>
                                    </system.webServer>

                                  This should get you out of trouble.

                                  .zip files from Mac OS show up as green/encrypted

                                  Green files and folders on Windows 7 indicate they are encrypted.

                                  Usually this is a function of a program that will make these files encrypted for a reason. Security is usually the reason. But…

                                  An interesting little bug in the process of creating a .zip file on a mac and moving it over to a Windows computer.

                                  When a .zip file is created according to standards for .zip files found here:

                                  http://www.pkware.com/documents/casestudies/APPNOTE.TXT

                                  They specify that .zip archives include a tag informing about itself to the program trying to decompress the archive. This tag information is known as the “version made by” and as the name suggest, it would tag information about the program version of .zip and the files system in use.

                                   0 - MS-DOS and OS/2 (FAT / VFAT / FAT32 file systems)
                                            1 - Amiga                     2 - OpenVMS
                                            3 - UNIX                      4 - VM/CMS
                                            5 - Atari ST                  6 - OS/2 H.P.F.S.
                                            7 - Macintosh                 8 - Z-System
                                            9 - CP/M                     10 - Windows NTFS
                                           11 - MVS (OS/390 - Z/OS)      12 - VSE
                                           13 - Acorn Risc               14 - VFAT
                                           15 - alternate MVS            16 - BeOS
                                           17 - Tandem                   18 - OS/400
                                           19 - OS/X (Darwin)            20 thru 255 - unused

                                  When the Mac system encrypts the files, it marks them with the attribute of being UNIX based files. Correct considering the Mac operating system is based on UNIX.

                                  The problem arises at the Windows end. Because Windows is created by the most arrogant computer company in the world, it does not recognise that a .zip file could have been created with a computer that is not running Windows. It fails to correctly see the flag as UNIX and marks the files as Encrypted.

                                  Leaving Files Encrypted

                                  If the files are left as encrypted, you may find that there are problems if the files are shred on a network drive etc. Taking ownership will not change this flag, and resetting permissions does nothing.

                                  The Easy Fix – Remove Encrypted Tag

                                  Removing the incorrect Encrypted Flag on a green file in Windows 7, or Windows Server is really easy. Right click the file or files (holding the shift key to select multiple folders and files) then Click: Properties / Advanced / Un-tick the Encrypted Option

                                   

                                  That’s about it. All fixed.

                                  CRM 2011 Email Router Setup and Settings

                                  Often with the setup of CRM 2011. Users experience messages about Pending e-mail warning and sometimes email messages are not sending. [gard] This can be especially frustrating as both the CRM email queuing and tracking system and the Email router application are terrible to help you understand exactly what is going on with your CRM e-mail. We mentioned some of the issues we have experience here: http://www.interactivewebs.com/blog/index.php/server-tips/crm-2011-email-router-problemsshes-a-fickle-bitch/

                                  Here are some basic setup tips for email in Microsoft CRM 2011

                                  1. Out of the box, CRM does not send email messages. You need to configure an application known as CRM 2011 Email Router to have email messages send. 2. You also need a working SMTP (email server) that is configured to allow the relay of email messages from email accounts at your domain name. This can be achieved with Amazon SES message service or your own servers. We can assist you setup Amazon SES if you need assistance with this. 3. You should install and configure your Email Router. Some notes to help you may include these: http://www.interactivewebs.com/blog//?s=email+router

                                  Recommended email settings in CRM 2011

                                  1. Out of the box. CRM will only be able to send email messages to leads, contacts, and accounts. Until you change this setting found in the Admin / System Settings in CRM. image 2. Avoid delayed email messages in CRM by Approve Email Address. In the Administration / Users. Go into each user and approve the configured email address. image There is a view of users who are Pending Email address approval to help identify who is needing approval. image Also uncheck the option for Process emails only for approved users and process email only for approved queues. Administration / System Settings. image   3. Configure users email settings to use the email router for outbound email messages. (optionally inbound configuration too). image Our recommendation is to set the outbound processing for the email router. This will allow emails generated by the crm system to be delivered right away via the email router. This also means that you do need to install and configure the email router. The above settings can be set automatically for all users by the use of a simpler out of the box workflow that runs on create of new users. image 4. The next setting is recommended. Knowing that email can be tracked in CRM with the outlook client: image Email messages can automatically be tracked too. image 5. The all powerful features of creating contacts in CRM when and email address is not known. image This is a great way to automatically get more leads or contacts (depending on your business) in crm. And depending on your business can also be a great way to pollute your crm full of contacts or leads that you don’t want.

                                  Troubleshooting Tips

                                  To troubleshoot an E-mail Router outgoing profile configuration, follow these steps:
                                  1. Make sure that you follow the incoming profile configuration procedures in the E-mail Router Configuration Manager Help.
                                  2. For more information about how to configure an incoming profile, see the E-mail Router configuration information in the latest version of the Installing Guide that is included in the Microsoft Dynamics CRM 4.0 Implementation Guide.
                                  3. Refer to the following sections for information about how to resolve commonly encountered outgoing profile issues.
                                  Test Access error If there is a problem with your outgoing e-mail configuration, you may receive the following error message when you click Test Access on the E-mail Router Configuration Manager: "Outgoing status: Failure - An error occurred while checking the connection to e-mail server EXSERVERNAME. The requested address is not valid in its context" If you receive this message, follow these steps to troubleshoot the problem:
                                  1. Run a telnet command to verify that connectivity is functioning between the computer that is running CRM Router and the Exchange Server. For example, start the TELNET utility and enter the following command:TELNET EXSERVERNAME PORT
                                  2. Make sure that you have no antivirus services running on the Exchange Server computer that prevent connection by using port 25.
                                  3. For information about how to configure the SMTP server to allow relay messages from Microsoft Dynamics CRM, see KB article 915827.
                                  E-mail error when message sent from the Web application Symptom: When a user sends an e-mail message by using the Web application, the user might receive one of the following messages: This message has not yet been submitted for delivery. 1 attempts have been made so far. The message delivery failed. It must be resubmitted for any further processing. Resolution: For information about how to resolve this issue, see KB article 915827. Load Data error When you click Load Data in the E-mail Router Configuration Manager, you receive the following error: The E-mail Router Configuration Manager was unable to retrieve user and queue information from the Microsoft Dynamics CRM server. This may indicate that the Microsoft Dynamics CRM server is busy. Verify that URL 'http://OrganizationName' is correct. Additionally, this problem can occur if the specified access credentials are insufficient. To try again, click Load Data. (The request failed with HTTP status 404: Not Found.) To resolve this problem, follow these steps:
                                  1. Make sure that the user account that is running the E-mail Router Configuration Manager service is a member of the Active Directory PrivUserGroup security group.
                                  2. The account that is specified in the Access Credentials field on the General tab of the E-mail Router Configuration Manager must be a Microsoft Dynamics CRM administrative user. If the access credentials are set to Local System Account, the computer account must be a member of the Active Directory PrivUserGroup security group.
                                  3. Make sure that the URL is spelled correctly. The organization name in the URL field is case-sensitive and must be spelled exactly as it appears in the Microsoft Dynamics CRM server. To view the organization name as it appears in the Microsoft Dynamics CRM server, start the Web application. The organization name appears in the upper-right corner of the application window.
                                  4. The DeploymentProperties table may have incorrect values if you have modified the port or hostheaders on your Web site. To update the DeploymentProperties table see, KB article 950248.

                                  Pending Email warning

                                  image On the Email Router, configure: 1. Check event view for Email Router related errros 2. Change the send email 3. Restart CRM email Router service 4. Reduce the pooling time and conneciton timeout image  

                                  Automatically Resending Failed Email Messages

                                  The Advanced find can be used to find email messages that have not sent. A workflow can also be created to resend messages automatically. However constant failures is going to indicate a problem some other place. So the use of this automatic workflow should not be introduced in place of fixing your sending issues. Steps to create the workflow to re-send failed e-mails: 1. Create a new Workflow in CRM | Processes on the E-mail entity image 2. Set the workflow to be Available to Run “As an on-demand process”, Change the scope to Organization and uncheck “Record is created”.  This will make the workflow available to run On-Demand, function for all e-mails in the organization and also not run when every time a new e-mail is created as we just want to use this when needed on specific e-mails. image 3. Click “Add Step” and choose “Change Status” image 4. Set the E-mail to a status of “Pending Send” image 5. Click Save and then Activate in the toolbar.  Click ”OK” to the message to confirm you want to Activate the workflow and then click “Close” on the workflow. image Advanced Find to see how many e-mails are in a failed status: 1. Open Advanced Find by clicking the “Advanced Find” button in the CRM ribbon image 2. Select “E-mail Messages” in the Look For option set and then select “Status Reason” and set it equal to “Failed”. Then click the Results button in the Advanced Find ribbon. image 3. You can refine the results using the filter criteria from here as well in case you do not want to re-send all of the e-mails. Once you are done, multi-select the e-mails you want to re-send and then click the “Run Workflow” button in the CRM ribbon. 4. Select the e-mail workflow that you created using the steps above and click OK. The workflow will then run and change the status of all the e-mails you had selected back to “Pending Send”.  This is an asynchronous process, so it may take a few minutes depending on your current asynchronous workload in CRM.  Then the CRM e-mail router will process them again and send them out through SMTP as expected.

                                  Still Need Help?

                                  Here at InteractiveWebs we know how terrible this component of Microsoft CRM is. Actually, in our opinion, it is difficulties like these that really shows Microsoft is not at all interested in giving it’s customers a good experience. Much of the multitude of steps and better monitoring could be fixed with very little effort from Microsoft, yet after years of CRM, much remains the same. In any case, if you need paid administration assistance to get your email working on your CRM system, be it Cloud Microsoft Hosted, IFD, or On Premises, we are available. Please contact us at: http://www.interactivewebs.com by submitting a support ticket.

                                  CRM 2011 Rollup 10 Invalid Argument Error

                                  CRM 2011 Rollup 10 Killed My CRM

                                  image

                                  After installing CRM 2011 Rollup 10 (not 9 as that is MIA) you receive an Invalid Argument messages as per the image above. This happens after you login to an IFD deployment.

                                  For all we know it may happen on the CRM on premises but we have not managed to test that.

                                  You may also have a CRM Platform Trace Error:

                                  Crm Exception: Message: A non valid page number was received: 0, ErrorCode: –2147220989

                                  CRM’s Fetch Throttling abilities have been disabled or modified from the default values.
                                  Re-enable CRM’s default Fetch Throttling settings.

                                  The solution

                                  1. START | RUN | “regedit” | OK

                                  2. Locate and select the registry subkey: HKEY_LOCAL_MACHINESoftwareMicrosoftMSCRM

                                  image

                                  Change the value on: TurnOffFetchThrottling

                                  to 0

                                  image

                                  In fact if you find either MaxRowsPerPage or the TurnOffFetchThrottling registry keys set them both to 0 or delete them.

                                  3. START | RUN | “iisreset” | OK

                                  (This will restart IIS)

                                  Login to CRM and you should be good to go.

                                  Opencart on IIS 7.5 Windows 2008 Server FTP Permissions Changing

                                  Opencart and PHP running on IIS, we found Permissions incorrect on uploaded files

                                  After working with IIS server running PHP, we found the files uploaded through the web interface of the opencart CMS failed to inherit the correct permissions. After spending weeks time to resolve this problem, believing that it was a glitch that required file permissions to be reset we found an easy solution.

                                  The Problem

                                  The problem lies with the PHP system running on IIS. When you use a web interface to upload files to your PHP CMS website, they are initially loaded to the PHP defined temporary folder. The temporary folder is set in the PHP.ini file. To find this file and check the setting, you do this: Open IIS and select PHP Manager NewImage   Then Check phpinfo() NewImage   Then search the php.ini file that opens for "upload_tmp_dir" Notice that the default location (unless you have changed it) is: c:\windows\temp NewImage Now navigate to that folder on your IIS server rick click and select Properties / Security Tab and find the IIS_IUSRS security group. NewImage Edit the permissions there to match the permissions of your IIS website folder that is causing you the grief. Probably Read Write at least is needed.

                                  Why the solution works.

                                  As files are uploaded through the website interface, they land in the temp directory. Once there they inherit the temp directory permissions before being moved onto the website folders. By adding the website security to the temp folder, you allow the files to move across with the correct permissions set. This would be applicable for Wordpress running on IIS server, or Opencart.

                                  WordPress 3.5 Manual Fix

                                  Below is the manual fix you can apply to be able to get your WordPress 3.5 install working correctly, there are two options that should work. 1) In the file wp-config.php, add the following line before “That’s all, stop editing”
                                  define( 'WP_TEMP_DIR', ABSPATH . 'wp-content/' );
                                  or 2) In the file /wp-includes/class-http.php comment out lines 144 and 145, which look like the following:
                                  if ( ! is_writable( dirname( $r['filename'] ) ) )
                                  	return new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) );
                                  After applying one of the above fixes you should be able to add/upgrade your plugins and upgrade your themes, and will allow you to use the auto upgrade feature when WordPress version 3.5.1 is released.

                                  Opencart .php on IIS 7.5 Permission Denied

                                  image

                                  The Problem

                                  We ran into an interesting issue while playing with Opencart on IIS 7.5. The issue was around a common third party module being used called Magic Zoom Plus. The error showed it’s self with the loading of some junk text at the beginning of many pages when loading. The text looked like this:
                                  Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus .css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module\ magictoolbox/magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/ magiczoomplus.css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module \magictoolbox/magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus .css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module\ magictoolbox/magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus .css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox /magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus .css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/ magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173
                                    We knew immediately that it is a windows server permission error. However the strange thing is that we were pretty sure that the permissions were correct. We looked around at the settings and found them to be correct too.

                                  The Solution

                                  We ended up going to the website root, and selecting permission (on the server with RDP) and resetting the entire folder and all sub folders permissions. This fixed the problems. Can’t explain why but this is the second time we have needed to do this while running PHP on IIS. May be time to change back to a real php server.

                                  The Permanent Fix

                                  We have done details here that explain how to stop the being necessary. http://www.interactivewebs.com/blog/index.php/server-tips/opencart-on-iis-7-5-windows-2008-server-ftp-permissions-changing/

                                  SmarterMail Autodiscover setup configuration

                                  Setup of SmarterMail Autodiscover configuration

                                  image

                                  A simple understanding of autodiscover is that it is the configuration necessary to allow advanced email programs like macmail and outlook to configure themselves with only an email address and password. No more telling clients all the server settings necessary to get them all setup.

                                  At least that is the theory.

                                  Exchange server has supported it for some time, but configuration under a multi domain setup is a total pain in the butt. Typical off MS to dream something up, then balls it up in the implementation.

                                  SmarterMail does a much better job of it. Configuration is virtually non existent, it basically just works.

                                  http://portal.smartertools.com/KB/a2415/set-up-auto-discovery-with-smartermail.aspx

                                  But their article is a little skimp for the non server admins.. so this is a step through course.

                                  Assuming that you are using Microsoft DNS server for your DNS hosting (and I realise that most probably don’t but it is the more difficult to configure), this is how you add the SRV records mentioned in the article above.

                                  On the DNS server, select New other record on the domain in question.

                                  image

                                  Scroll down and select SRV

                                  image

                                  Type the name: _autodiscover

                                  Change the port to: 443

                                  Put in your mail servers address that will respond to an HTTPS request.

                                  image

                                  The resulted record looks like this:

                                  image

                                  If you click on the _tcp link, it will look like this:

                                  image

                                  Local Testing

                                  On your local machine, bring up a command prompt “CMD” and type in nslookup:

                                  image

                                  Gives this:

                                  image

                                  Type in “set type=SRV”

                                  image

                                  Then type in :_autodiscover._tcp.dnnform.com  (replace dnnfrom.com with your domain that you just configured above) It should reply wiht the sver hostname matching the record you created in the DNS server above:

                                  image

                                  External Testing

                                  Performing an external test of the SRV record, and the fact that the server responds with XML reply.

                                  Navigate to: https://www.testexchangeconnectivity.com

                                  image

                                  Select the Outlook Autodiscover from the list of services.

                                  Enter an email address on the domain you have just set up with the service.

                                  In the case above, we are using the domain “dnnform.com” so the test address we will use is: test.dnnform.com (it does not need to exist on the smartermail server)

                                  The Domain \ User name: test\test (it will not be used)

                                  Password: test (it will not be used)

                                  Then perform test.

                                  image

                                  The result you are looking for when expanded looks something like this.

                                  image

                                  This shows that the request was directed to and received some XML response from the server.

                                  All good.

                                  Help

                                  If anyone needs professional assistance with their SmarterMail setup or similar, please feel free to contact us on our website at: http://www.interactivewebs.com

                                  Opencart – HTTP Error 500.50 – URL Rewrite Module Error 0x80070005 Handler StaticFile

                                  Problem

                                  500 - Internal server error.

                                  There is a problem with the resource you are looking for, and it cannot be displayed.

                                   

                                  While working with Opencart shopping cart on an IIS server, we encountered this while browsing to a static image file that was uploaded as a website logo file.

                                  image

                                  Solution

                                  The problem turned out to be related to IIS permissions. The folder structure hosting the website needed: IIS_IUSRS(<servername>\IIS_IUSRS) – modify to include Modify permissions.

                                  As per this article: http://www.interactivewebs.com/blog/index.php/websites/creating-a-new-opencart-deployment-on-a-windows-server-iis/

                                  Once we fixed that the problems all were solved.

                                  AD FS certificate rollover CRM 2011

                                  You find that you can’t logon to your CRM 2011 IFD deployment that you have configured around 12 months earlier.

                                  image

                                  In the browser you may see:

                                  HTTP Error 401 - Unauthorized: Access is denied
                                  <html><body><p>
                                  An error has occurred.
                                  <br/><br/>
                                  Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization's Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.
                                  </p></body></html>
                                   
                                  Looking at the server log may show:

                                  SERVER Log Error show: 1309

                                  Event code: 3005
                                  Event message: An unhandled exception has occurred.
                                  Event time: 9/07/2012 12:09:59 PM
                                  Event time (UTC): 9/07/2012 2:09:59 AM
                                  Event ID: 50c7c9d7c3ba4b839bca7c72b9edf410
                                  Event sequence: 51779
                                  Event occurrence: 11
                                  Event detail code: 0
                                   
                                  Application information:
                                      Application domain: /LM/W3SVC/2/ROOT-1-129862684501956875
                                      Trust level: Full
                                      Application Virtual Path: /
                                      Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\
                                      Machine name: VSERVER08
                                   
                                  Process information:
                                      Process ID: 3208
                                      Process name: w3wp.exe
                                      Account name: NT AUTHORITY\NETWORK SERVICE
                                   
                                  Exception information:
                                      Exception type: SecurityTokenException
                                      Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
                                     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
                                     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
                                     at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
                                     at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
                                     at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
                                     at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
                                     at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
                                     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
                                     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

                                   
                                   
                                  Request information:
                                      Request URL: https://auth.interactivewebs.com:444/default.aspx
                                      Request path: /default.aspx
                                      User host address: 124.189.39.157
                                      User: FSERVER4\Administrator
                                      Is authenticated: True
                                      Authentication Type: Negotiate
                                      Thread account name: NT AUTHORITY\NETWORK SERVICE
                                   
                                  Thread information:
                                      Thread ID: 15
                                      Thread account name: NT AUTHORITY\NETWORK SERVICE
                                      Is impersonating: True
                                      Stack trace:    at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
                                     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
                                     at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
                                     at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
                                     at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
                                     at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
                                     at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
                                     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
                                     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
                                   
                                   
                                  Custom event details:

                                  And you find an error in the login attempt that gives you a 401 error.

                                  ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

                                  Cause

                                  The likely cause is that the ADFS certificate rollover has happened. Basically the self issued certificate that is used and configured as part of your IFD setup with CRM and AD FS has issued a new certificate around 1 week before the expiry of the old one.

                                  If you start the SD SF services and look under:

                                  Service >> Certificates

                                  You will notice a primary and secondary certificate.

                                  image

                                  The Fix

                                  Basically the certificate automatically rolls over to a new one and ADFS won’t authenticate any more. Here are the steps that seem to fix this issue:

                                  1. Open windows Powershell as administrator (right click runas)image
                                  2. Run the following commands:
                                  3. add-pssnapin Microsoft.adfs.powershell
                                  4. set-adfsproperties -autocertificaterollover $true
                                  5. update-adfscertificate -urgent
                                  6. Run the CRM deployment manager
                                    image
                                  7. Run through Configure Claims-Based Authentication Wizard (no changes)
                                  8. Run through Configure Internet-Facing Deployment Wizard (no changes)
                                  9. Restart the adfs service
                                    From a Command Prompt “cmd” Type
                                    net stop adfssrv
                                    then
                                    net
                                    start adfssrv
                                  10. Restart the Microsoft Asynchronous processing service
                                    From Services Windows
                                    Click the Restart Icon while the Service is selected
                                    image
                                  11. run an iisreset from the elevated command prompt
                                    Start RUN “cmd”
                                    iisreset

                                  From here you should be good to go.

                                  If you need assistance with CRM IFD setup see this post: http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

                                  NOTE: In our case, the running through of the authentication wizard had defaulted the names back to the server name. We needed to manually put in the address correctly as per the setup of the IFD explained in the link above.

                                   

                                  ERROR The terminal server has exceeded the maximum number of allowed connections. RDP Solution

                                  image

                                  Using RDP from windows to access a remote server of Windows 2003. The problem sometimes appears that you cannot connect with an error reported as:

                                  ERROR The terminal server has exceeded the maximum number of allowed connections

                                  image

                                   

                                  The Problem

                                  The cause of this is that you have remote sessions that have not exited correctly. Either the connection to the server was lost, or the user simply clicked the close X at the top of the session.

                                  AND

                                  You have your settings in Terminal Server set to hold dropped or inactive sessions either for a period of time or forever.

                                   

                                  To Solution

                                  At the Start Button on the computer where you would normally run Remote Desktop Connection from.

                                  Click Start

                                  Run

                                  Type in “mstsc.exe –admin”

                                  image

                                  Then enter the connection details that you would normally use, and away you go.

                                  Creating a New OpenCart Deployment on a Windows Server IIS

                                  We are going to cover the deployment of an OpenCart (open source shopping cart) on a Windows 2003 Server, 2008 Server.

                                  We are assuming that the server is setup to run IIS websites, and that you have some general idea about running websites in general on IIS. If this is not the case and you are learning from scratch. Better to learn on Linux server.

                                  Assuming you want to get OpenCart running on IIS.

                                   

                                  Step 1 – Web Platform Installer

                                  Install the Microsoft Web Platform Installer on the server from this link.

                                  http://www.microsoft.com/web/downloads/platform.aspx

                                  In Windows 2003 you need to:

                                  Go to the directory on your server: C:\php

                                  Find the file: php.ini

                                  Edit the file in a text browser, finding the following lines:

                                  extension=php_curl.dll

                                  extension=php_gd2.dll

                                  extension=php_mysql.dll

                                  And remove the ; before each line:

                                  image

                                  Then save the file.

                                  Start a Command Prompt “cmd” and type “iisreset”

                                  image

                                  This enabled MySQL, GD, and cURL,

                                   

                                  Step 2 – Setup PHP on the server.

                                  Start the Web Platform Installer and search PHP in the top right of the search window.

                                  Select and install the latest version of PHP from the list.

                                  image

                                   

                                  Step 3 – Install MySQL on the server.

                                  Also from the Web Platform Installer, search “MySQL” and install that.

                                  image

                                  During the install, you will be asked for a password for the –root- user. This is the Administrator account and the password should be very well guarded and complex.

                                   

                                  Step 4 – Create a Database in MySQL.

                                  Open the My SQL Command Line Tool and enter the –root- password selected above.

                                  image

                                  Modify the following script to replace the database name, user name and password.

                                  create database mydb;
                                   
                                  CREATE USER 'myuser'@'localhost' IDENTIFIED BY 'mypassword';
                                  CREATE USER 'myuser'@'%' IDENTIFIED BY 'mypassword';
                                   
                                  GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'@'localhost';
                                  GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'@'%';
                                   
                                  FLUSH PRIVILEGES;

                                  Enter your own values where highlighted above.

                                  Copy and paste that line by line into the MySQL Command Line Window. You only need to run one from the first two, then one from the second two.

                                  If you need to change a password.

                                  SET PASSWORD FOR 'myuser'@'localhost' = PASSWORD('newpass');

                                  SET PASSWORD FOR 'myuser'@'%' = PASSWORD('newpass');

                                  FLUSH PRIVILEGES;

                                   

                                  Step 5 – Download and unzip to Web Located Folder the contents of OpenCart

                                  Download here: http://www.opencart.com/index.php?route=download/download

                                  The contents of the download package is in a folder called “upload”

                                  image

                                  Extracted in our case to a folder we called: opencart.interactivewebs.com

                                  image

                                   

                                  Step 6 – Create an IIS instance to hit that directory.

                                  Using the IIS skills that we suggested you should have. Create a new site that hits the directory you dropped the Upload contents to above.

                                  image

                                  For Windows make sure the following folders and files permissions allow Read and Write.
                                  image/
                                  image/cache/
                                  cache/
                                  download/
                                  config.php
                                  admin/config.php

                                   

                                  Step 7 – Set the permissions for IIS.

                                  From the Exploring, Right click the folder with the web files in it, and select Security Tab. Modify the permissions for:

                                  IUSR – Modify (you will probably need to add this)

                                  image

                                  IIS_IUSRS(<servername>\IIS_IUSRS) - modify

                                  image

                                   

                                  Step 8 – Visit the home page.

                                  Visit the store homepage
                                  e.g. http://www.example.com or http://www.example.com/store/

                                  Accept the license

                                  image

                                  Check the permissions you need.

                                  image

                                  Fill in the following details with the relevant information.

                                  image

                                  Using the MYSQL database settings you created above.

                                  image

                                  As per the instruction above, you need to delete the Instillation directory.

                                  image

                                   

                                  Step 9 - Deleted this directory.

                                  Restart IIS from the command prompt again. “iisreset”

                                  Common problem if permissions are not set correctly.

                                  http://www.opencart.com/index.php?route=documentation/documentation&path=7_57

                                  Read more about steps you can take to resolve this problem (error number 0x80072EE7) yourself–solved.

                                  image

                                  We were receiving this error constantly when trying to run either the Microsoft Update service or Windows update service.

                                  Read more about steps you can take to resolve this problem (error number 0x80072EE7) yourself.

                                  image

                                  Solution (fix)

                                  As you would expect, there is no help from Microsoft here.

                                  We found that the DNS server for the internet connection on this machine was pointing to a local server of ours. We changed this to the Google free DNS service:

                                  IP 8.8.8.8

                                  IP 8.8.5.5

                                  image

                                  And ran the update process again. We found that it worked right away.

                                  The likely cause relates to the DNS server we host being unable to look up something Microsoft correctly. We will fix that by updating the way that the server references Microsoft resources. But for now, it is handy to know that the error above was related to a DNS problem.