WordPress News App for iPhone / iPad Released


WordPress News App


If you are a WordPress webmaster, blogger or use a WordPress website, then this iPad / iPhone App is for you.

All the latest News, Themes, Plugins, Tips and Tricks about WordPress.
A one stop point of call for all users, developers and designers who user and work with WordPress websites.

iPhone Screenshot 5

iPad Screenshot 5


Apps By InteractiveWebs

If you would like an App Presence of your own, for your Business Club or Association, then please contact us.

CRM 2011 Email Router Problems–She’s a Fickle Bitch

CRM 2011 Email Router Problems–She’s a Fickle Bitch

imageSince we published an extensive set of step by step instructions on how to setup CRM 2011 as an Internet Facing Deployment IFD.

We have continued on to find a few issues with the Email Router Tool that are probably worth sharing.

The Tool Does Not Connect to Exchange 2010 like the CRM 4.0 tool.

We had a previous test environment that included CRM 4.0 and the well patched Email Router Tool. It was talking nicely to Exchange Server 2010 using the Exchange Web Service URL: https://server.domain.com/EWS/Exchange.asmx

In our instance the HTTPS was configured with an service signed certificate that was a trusted provider. In other words. We purchase an expensive certificate and used that for testing a real world deployment. No self signed junk.

That all hummed nicely, but we find that in CRM 2011, the Email Router Incoming Settings, using the same settings are worked in 4.0 fails.


Name: FirstName Last Name
Incoming Status: Failure – No results were found.


Note: It is worth noting that after you import an Organization into CRM 2011 from CRM 4.0 that all the user credentials in each users CRM E-mail setting for user defined access:


have the wrong passwords. They need to be reset.


We have not fixed this yet!

Try as we may, and generally we know what we are doing with this stuff, we have not as yet found a solution. We tried heaps of things, from opening up Non SSL access to the Exchange Server to running REG EDITS on the CRM server. Nothing as yet!

We can verify that the URL can be hit from the CRM server (Where the Email Router Resides) and that the return of information is the same as it was for CRM 4.0 Email Router.

We also have verified that the Error Changes once user pass words are made invalid.

Incoming Status: Failure – The remote Microsoft Exchange e-mail server returned the error “(401) Unauthorized”. Verify that you have permission to connect to the mailbox. The request failed with HTTP status 401: Unauthorized.


Indicating that it is authenticating correctly.

We have deployed Rollup 2 at this time, and really are starting to think it is a bug. So we are about to get the BIG Microsoft Involved with a support ticket. Will let you know how that works out.


One Big Problem

We did not think a lot of the issue, and left our test Environment sitting doing a few things that included a DotNetNuke integration that was running some automatic billing processes from web service calls into CRM. This generated email messages in CRM that needed to be sent, and naturally the email router would have sorted that.

Again, we thought nothing of that.

We also noted that huge amounts of memory were being allocated toward the CRM test server in Hyper-V. Like 12-14 GB. That that was high, being that it was a SQL server and website in essence. Memory sits nicely at around 3-4 GB if things are working well.

What we have since discovered is that with the invalid inbound CRM – Exchange access, the CRM Email Router service consumed huge amounts of memory (Over 48 GB if allowed), and also bogged down process time to the point that nothing else ran on the server.

She’s a Fickle Bitch! and obviously there is a memory leak of epic proportions there some place.

The solution, was to remove the invalid Inbound Rule while we sort out what the heck is going on with the program.

Stay Tuned….


After much mucking around, we found our problem.

In our instance the Default Global Address List had us listed, but our mailbox was tied to another custom address list, that was not listing our address correctly due to a typo. The access to the GA was being blocked by custom security settings.

This comes back to the same post above. Although nothing to do with the check box about  “Hide from Exchange address lists” – we were in effect being hidden from the address list that mattered.

CRM 2011 IFD Multi-Tenency Migration Tips


Today we posted a blog about How to configure IFD Hosted Setup in CRM 2011

Following on from that we tested the migration from CRM 4.0 hosted CRM instillations to the newly configured test environment for CRM 2011.

We ran into a few problems (and a few things we did not know) and thought others may benefit from this.

CRM Migration

The process was reasonably simple for us and for that reason we will just list the steps.

  1. Backup the CRM 4.0 database to file.
  2. On the new CRM 2011 SQL server, perform a normal SQL database restore from the backup file.
  3. Use the CRM 2011 deployment tool to “Import and Organisation”. Specifying the obvious settings for the database selection and user mapping. (In our case, we were on the same domain, so user mapping was easy).

All this worked well, but there were a few problems when we went to browse the new Org from outside the server. In other words, using the IFD to access the org.

Internally the org was accessible with https://internalcrm.domain.com/orgname  but external access: https://orgname.domain.com:xxx  failed.

The Problems

First one

Was simple but only because we have seen it before. Originally we had accessed the org from our IE 9 browser with https://org.domain.com and accessed the CRM 4.0 IFD. Actually we used it for over a year.

Now we wanted to use the new IFD on CRM 2011, but on the same browser. We found when going to: https://org.domain.com:444 that the browser was not even rendering the request for user name and pass that we expected:

The IE failure gave no message or indication of why. Basically a 404 failure to hit anything useful.

Yet in another “real browser” (not IE) we could at least get prompted for user and pass info.

The Cause

IE really sucks with clearing old data. The delete all / clear cache / remove cookies appears on the outset to dump everything, but it does not. In our case, it cached something from the previous connection to CRM 4.0 that was killing our access. We then also deleted data in “C:\Windows\Temp”  Can’t explain what the cause is… I would just rather put it down to the fact that IE 9 “blow chunks” (big ones).

The solution is to manually navigate to the Temporary Internet Files directory under Windows, and manually delete everything you find in there. That fixes the page rendering issue.
More information here: http://www.interactivewebs.com/blog/index.php/crm/crm-2011-server-error-404-file-or-directory-not-found/

The Second One

Second, we entered a user name and pass, and received a message:

There was a problem accessing the site. Try to browse to the site again. If the problem persists, contact the administrator of this site and provide the reference number to identify the problem. Reference number: numbers

There was a matching set of AD FS 2.0 Event Logs that looked like this:


A token request was received for a relying party identified by the key ‘https://org.domain.com:444/default.aspx’, but the request could not be fulfilled because the key does not identify any known relying party trust.
Key: https://org.domain.com:444/default.aspx

This request failed.

User Action
If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.


Encountered error during federation passive request.

Additional Data

Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust ‘https://org.domain.com:444/default.aspx’ is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

The solution

An easy one, but something we did not know. With CRM 2011 in IFD. Each time you add an org, you need to update your Relying Party Trusts from Federation Metadata. Big words that mean…

  1. Open AD FS Management Tool
  2. Expand Trust Relationships
  3. Click on Relying Party Trusts
  4. Click on you IFD Trust, Right Click and Select Update From Federation Metadata


I have no idea why this is not automatically updated every time the service starts, or even every time the service is called upon….

In any case, that fixed the issue and we are on our way for testing our CRM – DotNetNuke integration suite with CRM 2011 and DotNetNuke 6.0. Wish us luck.

DNN Word Editor Ready for DotNetNuke 06.00.00


Today we released a version of Word Editor that is ready and tested on DotNetNuke 06.00.00 release.

The popular Word Editor module allows users to edit the content of HTML on a DotNetNuke website using Microsoft Word 2007 or later.

If you have not seen the module, check out the website here:


Or the online demo here: http://demo.interactivewebs.com.au/dnnwordeditor_demo/dnnwordeditor_demo.htm

Microsoft White Papers–Kill Me now!


A Microsoft Team Member Accessing one of their White Papers!

Having just beaten the Microsoft CRM IFD challenge, I felt it necessary to blog about how mush I dislike the way Microsoft supply data about their own products.

The image above is not too far from the truth. You read a pile of “bla bal” data, only to find that the detail about the really important and difficult part is vague and relies on prior knowledge or experience to complete.

Evidence of this is the number of internal blogs, videos and instructional information that is always produced by MS team members and community members explaining the real low down on how to get their stuff to work.

Want to know what a White Paper is?

Google “Microsoft White Papers”

Returns this:


That opens to this:


This gives a URL: http://go.microsoft.com/fwlink/?LinkID=5672

That fails to this:


GO Microsoft!

So their Bing steps in with a suggestion. Did I mean

Do you mean service providers bus resources bizreswp?



Really Microsoft, things should be getting better, not worse!

Microsoft CRM 2011 How to Configure IFD Hosted Setup

Like many, we have struggled to configure Microsoft CRM 2011 as an Internet Facing Deployment. There is quite a bit of disjointed and some what typical Microsoft “junk” on how to set this up.

So after reading the White Papers, blogs and YouTube videos on the topic, I figured I would need notes for myself as much as anything. This is mostly because I am yet to find one single example that covered the setup I was after. That being:

Single Server

On an existing domain

Running true IFD ready for customer access.

The last point it telling, as all the Microsoft examples give a self generated SSL cert, that really is an example of a DEV environment only. We want to test the “real deal”, and don’t mind spending a few $ on a real Certificate to see this in a true working environment.

The Existing Setup

Because this is a test environment, we are running the server on a Hyper V server. A single VM machine, that is running a fully patched version of:

  • Windows 2008 R2 SP1 64 Bit
  • SQL 2008 R2 64 Bit
  • Microsoft CRM 2011 64 Bit

Interesting enough, something that always takes me 15 min, it ensuring I download the correct version of the ISO files from MSDN. I get it that I am somewhat lame, but if you get a wrong version you can waste a load of time and energy later.


With a list looking like this it can be painful. Anyway, these are the files we used for install:


For those who care, the VM was set to run with 6000 MB ram, and fold out to use more.



When we setup CRM, we selected the option to NOT use the default website, but configure a new one with the default settings of port 5555. This is necessary as you will see later.


Backup First

In all things Microsoft world, it is vital what you establish a working point to avoid unnecessarily installing things all over again. To get things working we have started fresh over 4 times.

Hyper V is great for this, as we just stopped the server, and made a copy of the VHD file. Then when it is time to start all over, it is just a matter of restoring from copy/backup.


Test First

Test that your CRM setup is working. Go to the local computer name (ours is VSERVER08) on the correct port: http://vserver08:5555

We called our Deployment of CRM – “CRM2011″ So the URL redirects to: http://vserver08:5555/CRM2011/main.aspx

and after being prompted for login, we are in and testing.


Apply a Wildcard SSL Certificate

In CRM, the accessing of deployments is handled by the sub domains. So if we call a deployment “business1″ we will access that as:  https://business1.domain.com

For testing, we purchased a standard Wildcard SSL certificate that applied that to the IIS7 server.

We will let you work out that bundle of joy, but a few tips.

1. Godaddy was about as cheap as you find on the net.

2. Setup involves creating a certificate request from within IIS, then pasting that text into the online providers order system. They then generate the certificates that you then import back into IIS and the server.


Application for a certificate

Here, I will be a wildcard certificate, for example, describes how to create a certificate:

1) Open IIS Manager

2) Click the server name in the main screen double click Server Certificates

3) In the right panel, click Create Certificate Request…


4) fill in the following diagram each column, click Next


5) Cryptographic Service Provider Properties page to keep the default, click Next.

6) In the File Name page, enter C: \ req.txt , and then click Finish.

7) Run cmd , run

certreq-submit -attrib “CertificateTemplate: WebServer” C: \ req.txt

8) Select the CA , click OK.

9) the certificate is stored as C: \ Wildcard.cer . ( 7-9 can also be in the CA to complete)

10) back to the IIS Manager, click No. 3)  Step graph Complete Certificate Request …

11) Select the C: \ Wildcard.cer , Friendly name named *. contoso.com , of course, you can take a different name.

12) Click OK.

13) so that we completed the wildcard certificate request.


Additional SSL Certificate Imports

1) RUN MMC at the start / search

2) Select File / Add Remove Snapin – Select Certificates – ADD


Computer Account

image NEXT / Finish

3) Expand the first two folders, and Right Click on the Certificates Folder and select: All Tasks /  Import.

4) Browse to your wildcard SSL certificate file, and import that into the Personal and Trusted Root Certification Authorities.



Ensure that you


Binding site for the default SSL certificate

1) Open IIS Manager.

2) In the Connections panel, expand Sites , click Default Web Site.

3) In the Actions pane, click Bindings.


4) In the Site Bindings dialog box, click Add.

5) Type select HTTPS.

6) SSL Certificate , select the certificate you just created *. contoso.com , and then click OK.

image Ours is interactivewebs.com

7) Click Close.

8) Repeat for the Personal certificate folder.


For the CRM 2011 binding site SSL certificate

1) Open IIS Manager.

2) In the Connections panel, expand Sites , click CRM Web Site.

3) In the Actions pane, click Bindings.

4) In the Site Bindings dialog box, click Add.

5) Type select HTTPS.

6) SSL Certificate , select the certificate you just created *. contoso.com .

7) Port to select a different 443 (e.g. 444 ) and port number, and then click OK

8) Click Close.


DNS configuration

For MS CRM 2011 configuration Claims-based authentication, you need the DNS to add some records to make CRM 2011 for each breakpoint can be resolved correctly.

There are two ways you can achieve the desired result. But first lets understand the desired result.

  1. We make the assumption that your server is running at least one static IP address.
  2. Because this is Internet Facing, that IP needs to be accessible to the world.
  3. That same IP can be used for access to your server both internally on the matching we are playing with, and externally form anyone on the net.
Lets Get Basic

Start a Command Prompt, and work out what your IP address of the server is.


Type IPCONFIG – Enter

Under the name: IPv4 Address is a number that looks like:


That is Your IP Address of the Server.

The DNS Goal

Make sure that when you PING xxx.domain.com that it points to that IP address. Both for the world and for you when you do that on your server.

(xxx is the sub domain that we are about to configure.)

To configure CRM, we need some sub domains to point to the server IP.

  1. sts.domain.com
  2. auth.domain.com
  3. dev.domain.com
  4. Your ORG name.  org.domain.com (Where ORG is the CRM deployment name of your organization or organizations), e.g.


We have two setup here: CRM and CRM2011. So we need to configure crm.interactivewebs.com and crm2011.interactivewebs.com.

Hosting Your Own DNS

If you host your own Domain Name Server (DNS) and you host the domain name that you are using to setup IFD. Then configuring an A record for the above mentioned sub domains is easy.

START > Administrative Tools > DNS

Find your Domain Name

Right Click and select NEW HOST A



Add an A record that points to your servers IP address.

Repeat this process for all of the above mentioned sub domains. auth, sts1, dev, and your own organization names.

Test DNS

You must be able to ping all of those names and get the correct server IP address. Both from computers on the internet, and from the server.

Note: If you have added the DNS records, but still encounter name resolution problems, you can try running on the client ipconfig / flushdns to clean up the cache. You can also click the DNS server root and click CLEAR CACHE so that the server is responding with the latest updates.


Note: Don’t bother proceeding past this step if you cannot ping your sub domains internally and externally correctly.


Firewall configuration

You need to set the firewall to allow the CRM 2011 and the AD FS 2.0 port used by the incoming data stream. HTTPS (SSL) is the default port 443.

For Initial setup testing etc. We recommend just turning the thing off. Better start from a place where it does not muck you around, then turn it all back on after you are successful.



Configuration Claim-based authentication -internal access

Configure the internal access Claim-based authentication requires the following steps:

  • Install and configure AD FS 2.0 .
  • Set Claims-based authentication configuration CRM 2011 server.
  • Set the Claims-based authentication configuration AD FS 2.0 server.
  • Test claims-based authentication within the access.

Install and configure AD FS 2.0

CRM 2011 with a variety of STS provider ( STS Provider ) together. This article uses Active Directory Federation Services (AD FS) 2.0 to provide a security token service (security token service ).

Note: AD FS 2.0 will be installed to the default site, so install AD FS 2.0 , you must have CRM 2011 installation in the new site. (Remember we said that earlier)

IIS Looks like this if it is correctly installed: image

If you only see the default website with CRM installed in that. Start AGAIN!


Download the AD FS 2.0

From the following link to download the AD FS 2.0

Active Directory Federation Services 2.0 RTW( http://go.microsoft.com/fwlink/?LinkID=204237 ).


Install AD FS 2.0

In the installation wizard, select the federation server role installed, for more information refer to

Install the AD FS 2.0 Software( http://go.microsoft.com/fwlink/?LinkId=192792 ).

Configure AD FS 2.0

1 in the AD FS 2.0 server, click Start , then click AD FS 2.0 Management .

2 In the AD FS 2.0 Management page , click AD FS 2.0 Federation Server Configuration Wizard .


3 In the Welcome page , select Create a new Federation Service , and then click Next.


4 In the Select Deployment Type page , select Stand-alone Federation Server , and then click Next.


5 Choose your SSL certificate (the choice of a certificate created *. contoso.com ) ,add a Federation Service name ( for example , sts1.contoso.com), and then click Next.


Note: Only you as the AD FS 2.0 sites when using the wildcard certificate, only need to add the Federation Service name.

6 Summary page, click Next.


7 Click Close to close the AD FS 2.0 Configuration Wizard.


Note: If you have not added ( sts1.contoso.com ) to add DNS records, then do it now.


Verify the AD FS 2.0 is working

Follow the steps below to verify that the AD FS 2.0 is working :

1 Open Internet Explorer.

2 Enter the federation metadata of the URL , for example:


3. to ensure that no certificate associated with the warning appears.



Claims-based authentication configuration CRM 2011server

After you install and configure the AD FS 2.0 , we need to configure the Claims-based authentication before setting CRM 2011 binding types ( Binding type ) and the root domain (root Domains) .

According to the following steps to set up CRM 2011 bound for the HTTPS and configure the root domain address :

1 Open the CRM Deployment Manager.

2 In the Actions pane , click Properties .


3 Click the Web Address page .

4 In the Binding Type , select HTTPS .

5. Ensure that the network address for the binding CRM 2011 site SSL certificate and SSL ports. Because you configured for internal access to Claims-based authentication, so the address of the host for the root domain name. Port number must IIS in CRM 2011 is set in the port the same site.

6 For example, *. contoso.com wildcard certificate, you can useinternalcrm.contoso.com: 444 as the network address.


7 Click OK .

Note: If the CRM Outlook client configuration using the old binding value, then the need to be updated to use the new value. + Make sure you have a DNS entry for: internalcrm.

From the CRM 2011 is passed to the AD FS 2.0 of Claims data you need to use the Claims-Based Authentication Configuration Wizard (described below) specified in the certificate for encryption. Therefore, CRM Web application CRMAppPool account must have read the certificate’s private key encryption ( Read ) permissions.According to the following steps to give this permission:

1 in CRM 2011 server , run the Microsoft Management Console (Start => Run MMC).

2 Click Files => Add / Remove Snap-in …

3 left panel, select Certificates , click Add to add to the right panel.

4 In the pop-up window, select Computer account .

5 next page, select Local Computer , click Finish .

6 Click OK .

7 Expand the Certificates ( Local Computer ) => Personal, select Certificates .

8. In the middle panel, right-click you will be in the Claims-Based Authentication Configuration Wizard to specify the encryption certificate (in this case *. contoso.com ), click All Tasks => Manage Private Keys.

9 Click Add , add CRMAppPool account (if you are using Network Service , select the account directly), and then give Read permissions.


Note: You can use IIS Manager to view CRMAppPool what account to use. In the Connections panel , click Application Pools , and then see CRMAppPool under Identity .


10 Click OK .


Configure Claims-Based Authentication

Below, we setup Claims-Based Authentication Configuration Wizard ( Configure Claims-Based Authentication Wizard ) to configure the Claims-Based Authentication. To learn how PowerShell to configure Claims-Based Authentication, refer to the English original.

1) Open the Deployment Manager.

2) on the left navigation panel, right-click Microsoft Dynamics CRM , and then click Configure Claims-Based Authentication.


3) click Next.


4) In the Specify the security token service page , enter the Federation metadata URL, such as



Note: The data is usually in the AD FS 2.0 website. Can this URL copied into IE to seeFederation metadata , to ensure that this is the correct URL . Using IE to access the URL can not have a certificate-related warnings (Ignore that crap!)


5) Click Next .

6) In the Specify the encryption certificate page , click on Select…

7) select a certificate, where we choose *.interactivewebs.com.



8) This certificate is used to encrypt the transmitted AD FS 2.0 authentication security token service security token.

Note: Microsoft Dynamics CRM service account must have the private key encryption certificate Read permission.

10 Click Next . Claims-Based Authentication Configuration Wizard validates the token and certificate you specified.


11 In the System Checks page, if the test passed, click Next .

12 In the Review your selections and then click Apply page , just to confirm the input, and then click Apply .


13. On this page, note which of the URL , because then, you will use this URL to add a trusted party ( Relying Party ) to the security token service.



14 IMPORTANT – Click View Log File

15 Scroll to the end, and Copy the URL from the bottom of the file.

image- This will be used in the next configuration. Note that this is different to the URL used in step 4 above, as it represents the internal URL. Subtle but vital (and the cause of frustration the first 10 times we tried this).

16 Click Finish.

17 Validate that you can browse to the URL above. If you cannot view this in a browser, then have a look again at your permissions on the certificate in relation to the account on the application pool in IIS for CRM. Read above: Claims-based authentication configuration CRM 2011server.

18. Once you can browse this URL, you are done here.


Claims-based authentication configuration AD FS 2.0server

After completion of the previous step, the next step we need AD FS 2.0 to add and configure the statement provider trust ( claims Provider trusts ) and the relying party trust ( Relying Party trusts ).

Configure claims provider trusts

You need to add a claims rule come from Active Directory to obtain user ‘s UPN (user principal name) and then as a UPN delivered to MS CRM . Follow these steps to configure the AD FS 2.0 to UPN LDAP attribute as a claim is sent to the relying party ( Relying Party ):

1 installed in the AD FS 2.0 on the server , open AD FS 2.0 Management.

2 In the Navigation Pane , expand the Trust Relationships , and then click the Claims Provider Trusts.

3 In the Claims Provider Trusts under , right-click Active Directory , and then click Edit Claims Rules.


4 in the Rules Editor , click Add Rule.


5. In Claim rule template list , select the Send LDAP Attributes as Claims template ,and then click Next.


6 Create the following rule:

  • Claim rule name: UPN Claim Rule ( or other descriptive name )

· Add the following mapping:

  • Attribute Store: Active Directory
  • LDAP Attribute: User Principal Name
  • Outgoing Claim Type: UPN image

7 Click Finish , then click OK close the Rules Editor.


Configuration relying party trusts

In the open claims-based authentication, you must ensure CRM 2011 server configured as a relying party to use from the AD FS 2.0 statement to internal access claims certification.

1 Open AD FS 2.0 Management.

2 In the Actions menu, click Add Relying Party Trust.


3 In the Add Relying Party Trust Wizard , click Start.


4 In the Select Data Source page , click Import Data about the Relying Party Online or published on a local Network , enter the positioning federation metadata.xml file URL.


Federation metadata is set Claims when created. Use Claims-Based Authentication Configuration Wizard. The URL used here is IMPORTANT – Read point 14 in the above section. It is the URL retrieved from the VIEW LOG FILE That we did when  from configuration of Claims Based Authentication:  In this case



Note: Ensure that no certificate-related warnings appear when hitting the URL.

5 Click Next .

6 In the Specify Display Name page , enter a display name, such as CRM Claims Relying Party , and then click Next.


7 In the Choose Issuance Authorization Rules page , choose Permit All users to access this Relying Party , and then click Next.


8 In the Ready to Add Trust page , click Next , then click Close .

9. When the Rule Editor appears , click Add Rule . Otherwise , the Relying Party Trusts list , right-click you create a relying party objects, click the Edit Claims Rules , and then click Add Rule.


10. In Claim rule template list , select the Pass Through or Filter an Incoming Claim template, and then click Next.


11 create the following rule:

· Claim rule name: Pass Through UPN ( or other descriptive name )

· Add the following mapping:

  • Incoming claim type: UPN
  • Pass through All claim values


12 Click Finish .

13 In the Rule Editor , click Add Rule , in Claim rule template list , select the Pass Through or Filter an Incoming Claim template , and then click Next :

· Claim rule name: Pass Through Primary SID ( or other descriptive name )

· Add the following mapping:

  •      Incoming claim type: Primary SID
  •      Pass through All claim values


14 Click Finish .

15 In the Rule Editor , click Add Rule

16. In Claim rule template list , select the Transform an Incoming Claim template , and then click Next.


17 create the following rule:

· Claim rule name: Transform Windows Account Name to Name ( or other descriptive name )

  • Incoming claim type: Windows account name
  • Outgoing claim type: Name
  • Pass through All claim values


18 Click Finish , to create a good three rule later , click OK close the Rule Editor




Test claims-based authentication within the access

You should now be able to use the claims certified to the internal access CRM 2011 a

1 Open the Deployment Manager.

2 Expand the Deployment Manager node , and then click on Organizations .

3 Right-click your organization , and then click Browse . so you can open the CRM web page of ( for example: https://internalcrm.contoso.com:444 ).


Trouble Shooting

If the CRM web page can not be displayed, then run the following iisreset and then try again.


If the CRM web page still does not show, then you may need to setup AD FS 2.0 server setup a SPN (Service Principal Name) . Re-run the Claims-Based Authentication Wizard, and then browse to the Specify the security token service page, note the AD FS 2.0 server in the Federation metadata URL in the name. (In this case sts1.interactivewebs.com )



1 Open a command line tool .

2 Enter the following command : ( application, in your own environment, substitute the name of the name of the command line )

c: \> setspn -a http/sts1.interactivewebs.com fserver4\VSERVER08$

fserver4\VSERVER08 = the domain and machine name of the server.


c: \> iisreset

3 and then re-access the Microsoft Dynamics CRM Server 2011 site, so you should be able to successfully access to the CRM 2011 Web page.


If you receive ADFS – sts1 errors.

There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: xxx

And or if you look in your log files under ADFS 2.0 You will see errors like this.


In our case, this was because we used the external Metadata URL and not the Internal URL that we should have copied from the “View Log File” When configuring the Claims Based Authentication. Step 14 in the section above.



Note the difference between this:


and the original meta data check we did with:


We incorrectly figured it would be pulling the same XML data. It does NOT!


Configuration Claim-based authentication -external access

Open to the CRM 2011 Data Claims-based authentication of external access, you need to do the following steps:

1 complete contents of the previous section: Configuring Claim-based authentication- internal access.

2 for the IFD configuration CRM 2011 server.

3 for the IFD configuration AD FS 2.0 server.

4 Test claims-based authentication external access.

The IFD configuration CRM 2011 server

When opening Claims certified internal access, you can open by IFD external claims visited. The following describes using the IFD Configuration Wizard to configure, if you want to learn how to use PowerShell to be configured, refer to the English original.

1 Open the Deployment Manager.

2 In the tree structure , right-click Microsoft Dynamics CRM , and then click Configure Internet-Facing Deployment.


3 Click Next.


4 Fill in the correct domain information for the Web Application, Org, and Discovery Web services. Remembering here that in our case: *.interactivewebs.com was the name of the wildcard certificate used, and that PORT 444 was the port we configured for the CRM Web Instance in the bindings for IIS.

Thus we use:

  • Web Application Server Domain: interactivewebs.com:444
  • Organization Web Service Domain: interactivewebs.com:444
  • Web Service Discovery Domain: dev.interactivewebs.com:444 image

Note – Enter the domain name, rather than the server name .

  • If the CRM installed on the same server or servers are installed in the same domain, then the Web Application Server Domain and Organization Web Service Domain should be the same .
  • Web Service Discovery Domain must be a Web Application Server Domain as a subdomain like the  “dev.” that we setup in DNS earlier.
  • domain name must be on the SSL certificate name

Domain examples :

  • Web Application Server Domain: contoso.com: 444
  • Organization Web Service Domain: contoso.com: 444
  • Web Service Discovery Domain: dev.contoso.com: 444

For more information on the website, please refer to Install Microsoft Dynamics CRM Server 2011 on multiple computers( http://go.microsoft.com/fwlink/?LinkID=199532 )

5 In the Enter the external domain where your Internet-facing servers are located input box , enter for your internet to CRM 2011 server located outside the domain of information, and then click Next .


You must specify the domain specified in the previous step Web Application Server Domain sub-domains . default , will be “auth.” added to the Web Application Server Domain before.

Domain examples :

  • External Domain: auth.contoso.com: 444

6 In the System Checks page , if there is no problem, click Next.


7 In Review your selections and then click Apply page , confirm your input , and then click Apply.


8 Click Finish .


9. Open a command line tool, run: iisreset


The IFD configuration AD FS 2.0 server

To open CRM 2011 on the IFD , you need to add AD FS 2.0 server for the IFD to create a relying party endpoints. Follow these steps:

1 open AD FS 2.0 Management .

2 In the Actions menu, click Add Relying Party Trust.


3 In the Add Relying Party Trust Wizard , click Start .

4 In the Select Data Source page , click Import Data about the Relying Party Online or published on a local Network , enter the positioning federation metadata.xml file URL.

Note – This is almost the same URL as we used previously, but has the .auth sub domain that we used in point 4 above. For use the Federation metadata is configured IFD when created. In this case https://auth.interactivewebs.com:444/FederationMetadata/2007-06/FederationMetadata.xml .

Check in your browser the URL, to ensure that no certificate-related warnings appear.


5 Click Next.

6 In the Specify Display Name page , enter the display name , such as CRM IFD Relying Party , and then click Next.


7 In the Choose Issuance Authorization Rules page , select the Permit all users to access this relying party options , and then click Next.


8 In the Ready to Add Trust page , click Next , then click Close .

9. If the Rule Editor appears , click Add Rule. Otherwise , the Relying Party Trusts list ,right-click you create a relying party objects, click the Edit Claims Rules, and then click Add Rule.


10. In Claim rule template list , select the Pass Through or Filter an Incoming Claim template, and then click Next.


11 create the following rule:

· Claim rule name: Pass Through UPN ( or other descriptive name )

· Add the following mapping:

  •     Incoming claim type: UPN
  •     Pass through All claim values image

12 Click Finish .

13 In the Rule Editor , click Add Rule , in Claim rule template list , select the Pass Through or Filter an Incoming Claim template , and then click Next :

· Claim rule name: Pass Through Primary SID ( or other descriptive name )

· Add the following mapping:

  •     Incoming claim type: Primary SID
  •     Pass through All claim values image

14 Click Finish .

15 in the Rules Editor , click Add Rule ,

16. In Claim rule template list , select the Transform an Incoming Claim template , and then click Next .

17 create the following rule:

· Claim rule name: Transform Windows Account Name to Name ( or other descriptive name )

  •     Incoming claim type: Windows account name
  •     Outgoing claim type: Name
  •     Pass through All claim values


18 Click Finish , you have created three rule later , climageick OK close the Rule Editor .

Test claims-based authentication to access external

Now, you should use the claims certified external access CRM 2011 a. In IE the browser CRM 2011 external address (for example: https://org.contoso.com:444 ), you will see the following pages:

Enter the user name password, log CRM 2011.


Final Notes

An additional log cleanup step here.

Like anything Microsoft, this was not easy. It took us over 10 attempts drawing on over a dozen resources to get this worked out. For us, the main tripping points related the the meta data URL’s used in configuring the endpoints. Our fault, but it also appears to be a common error to other administrators on the net.

To Microsoft – you documentation sucks badly! If I never read another White Paper it will be too soon!

Thanks to – Jackie Chen (Chen Pan) Your blog was GOLD!

Also Look at these Updates

Look for our other posts on Email Router Configurations. “is a fickle bitch!”

AD FS certificate rollover CRM 2011

CRM 2011 Rollup 10 Invalid Argument Error

Mac OSX Lion Upgrade Problems


Today, like a kid in a candy store, I upgraded to the new Mac OSX Lion from the Mac App store.

It can’t go without noting that it has been a long time since I was excited about the prospect of a new release software download. Today gave me glimpses of the days long gone when Microsoft would release new and innovative software. Those days are “dust in the rear-view mirror”. True geek like I know… but hay! You are the one reading this!

So How Did it Go?

Generally it went exceptionally well.

  1. The download was way faster than I expected. I had imagined that the apple servers would be getting hammered all day, but that was not the case. The 4 GB package came down in around 30 min on a Telstra Australia cable connection.
  2. The initial install and reboot was fast. Around 1 minute and a MacBook Pro running an SSD hard disk.
  3. The setup and install of the operating system was reported by the software to be around 30 minutes, but took less than 20. Not bad for a new 4 GB operating system. The important thing was that there were no errors or stalls. At one stage the screen went to sleep or reset with a blank screen. Space Bar fixed that. So no problems there.
  4. After reboot, there was one small glitch. The OS detected that a new version of Java was required to be downloaded. The download window started and on first attempt stopped after about 50% download. It stalled and did not go further. I could not quit the program so decided to reboot. After which it prompted again and this time the download reached 100% 63.3 Meg from memory. However it stopped and did not appear to install.

    Again I rebooted but wised up to this download. Rather than say, install. I quit the auto detected download prompt. Then went to the “Software Update” and asked it to check for updates. This time the updated worked, along with an iTunes update. All good.


More Findings – Mail

We noticed that the Mail application that was updated and previously linked with an Exchange connection to our Exchange server 2010 ended up with two accounts. Both with the same details and same settings, both of them as IMAP accounts, and not exchange accounts.

The Fix

We deleted both accounts from Mail. Then added the exchange connected account again, and this worked. Holding the details as an Exchange account.

Not sure why this happened, but it did happen on 3 machines.

More about Microsoft Office for Mac on Lion

Over the weekend Microsoft published a knowledge base article that outlines some known issues with Office for Mac on OS X 10.7. Overall, if you have Office 2004 and rely on it, then do not upgrade to OS X Lion until you have an alternative Office version installed (2008 or preferably 2011). Office 2004 is PowerPC code, and as with Intuit’s Quicken 2007 and earlier versions, if you install Lion then you will not be able to launch Office 2004.

Luckily there are options, including the ability to upgrade, or even install Snow Leopard in an alternative partition so you can still use Rosetta, but these may require you to either purchase new software licenses or set up a relatively cumbersome dual-boot situation.

In addition to the lack of support for Office 2004, there are a few situations in which Office 2008 and 2011 applications may crash. In Excel, a crash may occur when moving spread sheets between workbooks. PowerPoint may also crash when you use Command-Tab in presentation viewer mode. The only other known crash situations involve Communicator (only in Office 2011), which may shut down when initiating calls or messages.

If you regularly use any of these options or application functions, then you might consider waiting to upgrade to Lion until they are fixed.


Some Other Issues Especially in Xcode

The other interesting observation is that the scrolling is not only reversed (which we don’t essentially mind) but that in a few applications the scrolling is so bad it is virtually unusable. Xcode is a great example.

When using the new revered scrolling to browse simple lists of code, the stop start nature of the scrolling is so bad that it is almost unusable. It feels like your fingers may not have enough pressure when in actual fact they do!


All in all the update was exceptional. I cannot help but think back to MS updates that totally killed my system so often that I would NEVER consider a Windows Update, but would always start fresh with a new install. (What a pain). Never gain! Apple, your careful eye to easy end user experience has mean that as an advanced Windows Server Administrator I have never needed to “look under the hood” at your OS. Thanks for that!

That being said, clearly there are some bugs. Some of like the scrolling in Xcode make me wonder if updating is really necessary until they patch things like this.

Why use flash anymore?


The net is changing fast. Release of the iPad and other mobile devices that have correctly made the decision to discontinue Adobe Flash.

I say correct decision because not only is flash yesterdays technology, but it is far from the optimal way to produce simple motion in web pages.

Flash still has it’s place, just not as a way to inject interesting motion into websites.

So what do we use on http://www.InteractiveWebs.com home page?

We have some simple code that renders motion:

<div class="slideshow">
<div class="slide">
<div class="inblock_first">
<div class="wsc_image_frame">
<div class="wsc_frame_tl">
<div class="wsc_frame_tr">
<div class="wsc_frame_tc">
<div class="wsc_frame_cl">
<div class="wsc_frame_cr">
<div class="wsc_frame_cc">
<img alt="" src="/Portals/0/banners/slide2.jpg" />
<div class="wsc_frame_bl">
<div class="wsc_frame_br">
<div class="wsc_frame_bc">
<div class="inblock_second">
<h1>Have a Business that needs to get a message out?</h1>
<p>InteractiveWebs provides the best of Content Management Systems on our professional hosting services.<br />
Combining DotNetNuke, WordPress Blogs, iPhone Apps, Microsoft CRM &amp; hosted solutions..<br />
<br />
<a class="button2" href="/Services/Mushroom.aspx"><span><strong>More</strong></span></a>
<div class="cleaner"></div>
<div class="slide">
<div class="inblock_second">
<h1>We have a solution… that is perfect…</h1>
<p>We have some&nbsp;increasable solutions with years of experience…</p>
We would love to share them!</h4>
<p><br />
<a class="button2" href="/Services/Mushroom.aspx"><span><strong>More</strong></span></a>
<div class="inblock_first">
<div class="wsc_image_frame">
<div class="wsc_frame_tl">
<div class="wsc_frame_tr">
<div class="wsc_frame_tc">
<div class="wsc_frame_cl">
<div class="wsc_frame_cr">
<div class="wsc_frame_cc">
<img alt="" src="/Portals/0/banners/slide1.jpg" />
<div class="wsc_frame_bl">
<div class="wsc_frame_br">
<div class="wsc_frame_bc">
<div class="cleaner"></div>
<div class="slide">
<div class="wsc_image_frame">
<div class="wsc_frame_tl">
<div class="wsc_frame_tr">
<div class="wsc_frame_tc">
<div class="wsc_frame_cl">
<div class="wsc_frame_cr">
<div class="wsc_frame_cc">
<img alt="" src="/Portals/0/banners/slide.jpg" />
<div class="wsc_frame_bl">
<div class="wsc_frame_br">
<div class="wsc_frame_bc">
<div class="cleaner"></div>


The source references some jQuery effects known as cycle: http://jquery.malsup.com/cycle/

You will see on this page that it uses code in this method:

<!DOCTYPE html>



<title>JQuery Cycle Plugin – Basic Demo</title>

<style type="text/css">

.slideshow { height: 232px; width: 232px; margin: auto }

.slideshow img { padding: 15px; border: 1px solid #ccc; background-color: #eee; }


<!– include jQuery library –>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>

<!– include Cycle plugin –>

<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.latest.js"></script>

<script type="text/javascript">

$(document).ready(function() {


fx: ‘fade’ // choose your transition type, ex: fade, scrollUp, shuffle, etc…






<div class="slideshow">

<img src="http://cloud.github.com/downloads/malsup/cycle/beach1.jpg" width="200" height="200" />

<img src="http://cloud.github.com/downloads/malsup/cycle/beach2.jpg" width="200" height="200" />

<img src="http://cloud.github.com/downloads/malsup/cycle/beach3.jpg" width="200" height="200" />

<img src="http://cloud.github.com/downloads/malsup/cycle/beach4.jpg" width="200" height="200" />

<img src="http://cloud.github.com/downloads/malsup/cycle/beach5.jpg" width="200" height="200" />





Producing this page: http://jquery.malsup.com/cycle/basic.htmlimage

Within DotNetNuke

Within DotNetNuke, there are a bunch of module and skins that have this effect built in. We use a skin known as LightHeads (not developed by us) that uses some hard coded references that make the implementation of this effect really simple. As the first block of code above indicates.

We love jQuery and have used it in our Mushroom Image module and our Mushroom Lite Module.

DotNetNuke Forum Module 05.00.02 The missing link!

DotNetNuke 05.06.03 Pain

If you look at the project downloads for dotnetnuke, you will notice that the forums module has the latest version as: 05.00.01


And if you click the link from within this page: http://www.dotnetnuke.com/Resources/Downloads/Projects-Downloads.aspx

05.00.01 is exactly what you get.

All sounds neat and tidy… right?

Not really, because if you install the latest version of DotNetNuke 05.06.03 (an important security release) you will kill your forums. Dead as dead.

And if you check around for an update of the forum module, you will not find one either in your Module Definitions, or in the DotNetNuke website. But keep looking to codeplex and you find this:


05.00.02 and what is strange, it is released before the DNN 05.06.03 update, like significantly before it… like 1 month.

This Forum Update is NEEDED if you want the forum module to work on DNN 05.06.03


Release Notes

The same module as 5.0.1, except compiled against DotNetNuke 5.6.3 (and therefore is a minimum requirement) and the same version of Telerik (2011 SP2) included with it.
NOTE: This was compiled against, and for, 5.6.3 and is included with that release (Not released yet, as of June 12th (try 5 July).

All so confusing!

It waisted a lot of our time trying to work out what is going on. All we know is that DNN 05.06.03 broke a bunch of stuff, including the Forum Module. There is a fix but it is hidden on codeplex and is incorrectly referenced.

Very Unprofessional DNN Corp!

What you need to know

If you update to DNN 05.06.03 – your forums will die.

To fix it, download the hidden forum update 05.00.02 here: http://dnnforum.codeplex.com/releases/view/67840

DotNetNuke iPhone iPad App Launched

If you like DotNetNuke and have an iPhone or iPad, then DotNetNuke – DNN News App if for you!

InteractiveWebs have released a DNN community specific App to help interested people say in touch with the latest goings on in the DotNetNuke world.



Now you can browse the latest news, modules and skin information about the popular DotNetNuke CMS system all from your mobile device.

iPhone Screenshot 1iPhone Screenshot 5

iPad Screenshot 1

The App is a native Xcode universal app (meaning it works on both the iPad and iPhone natively.

It is designed to tap into community news and information and discussions around DotNetNuke to allow you to read stay up to date with the latest news and events.

Problem With DNN Blog Module 04.01.00 – 01

imageWe found an issue with what is the current release version of DotNetNuke Blog module 04.01.00 or 04.01.01.

First up, we don’t know what the version number should actually be, as the compiled version on the download is 04.01.00 but the source code is referenced as 04.01.01.

We presume there is some difference, but who knows what it is.

Anyway The Problem

The problem is that any forms on a page that run the blog module, will not allow form data to be validated. By validated, we are talking about ensuring a number is entered in a number field and text in a name filed etc.

The cause is the blog module is using an old ASP.Net 1.0 validation function. While it should be using ASP.NET 2.0 with the updated validation behaviours as found here:


With this mistake, if you use Page.Validate on ASP.NET 2.0, page validation groups are ignored and the controls are validated.

Why the BLOG module is even coded this way is quite questionable in any case. However without DNN being a true open source system, we have no ability to fix this were needed in the source.

Our solution

We fixed the problem and recompiled a version that people can download an use for free.

Blog_04.01.01_Install A

You can install this on top of any DNN blog module 04.01.00 and we would expect that future releases of the blog module will not be affected by this version we compiled. However they may well revert back to their junk code in the future releases.

DotNetNuke Automated Backlink Module



Today we released an update to the Automatic Backlink Module for DotNetNuke.

Details of the update are available here: http://www.interactivewebs.com/automaticlinkbuilder/Support/VersionHistory.aspx

But include improvements on the way site monitoring is handled and the way the module works with the known GZIP issues.


An example of the module can be seen here: http://www.interactivewebs.com/Admin/DotNetNukeWebsites.aspx?&action=add

where you can add your site for back linking.

DotNetNuke Users Online Gadget Widget iPhone App

Today we have released a new version of our Users Online gadget is getting ready for our iPhone app release that will support this module.

Today we have released a new version of the DotNetNuke Users Online Gadget module that allows you to monitor your website from:

  • Windows Gadget
  • Mac Widget
  • Google Gadget

Todays update can be seen here: http://www.interactivewebs.com/usersonline/Support/VersionHistory.aspx

and is getting the module ready for the pending release of our iPhone app that will allow you to connect and monitor your site directly on your iPhone.

Configuring Users Online Gadget Widget App

imageMonitoring your DotNetNuke users is easy with the DotNetNuke Users Online Gadget Widget App.

After Installing the DNN Module, you add it to a page on your DotNetNuke website as you would any other module.

The page can be visible to the public or visible to only administrators. Either way the module will function fine.

Once on the site the module will display something like this.




Steps to Using the Gadget Widget App on your site

1. Download the appropriate Gadget, Widget or App by selecting the “Click do Download” link at the top of the module.

2. Install the Gadget to your local website.

3. Enter the configuration of the Gadget / Widget as you would any others on your local computer.


4. In the Settings for the Gadget / Widget enter a Title to use to identify the site you are connecting to. The title will display in the top of the gadget.



5. Then enter the URL for your site, remembering to use the child portal name if you are on a child portal. For Example:

Parent Portal: http://www.interactivewebs.com

Child Portal: http://www.interactivewebs.com/usersonline

(Where UsersOnline is the Child Portal name)

6. Enter a refresh cycle for the gadget / widget to run off to your site and retrieve new data. (Recommended 300 seconds).

OK and you are done!


Clicking on the Users name in the Gadget will deliver you to the sites user profile page.


iWebs News–Now available on the iPhone and iPad

imageToday marks a big day for us at InteractiveWebs. We have had approved and released our version 2.0 update to our popular iPhone app “iWebs News”.

What’s New

The App has been totally rewritten by us, and now is released as a native Xcode iPad & iPhone app in one.

So if you have an iPad, and have previously seen our iWebs News app, then please check out the app on your iPad. It is a terrific experience.

Why is it a Big Deal for us?

Much of our focus over the last 8 months has been on enabling our team to produce rapid iPhone and iPad apps. In order to do this, we felt it necessary to develop a framework that we have called “Mushroom”.

The release of this 2.0 update for iWebs News App marks the first release of any App by us that is built entirely on our new Mushroom Framework.

Naturally we are pleased that apple process approved the app first time around, as this means that all the hard work in testing and resolving any issues paid off.

What does it mean for us?

Actually it means quite a bit! Now we have the rapid deployment framework, that is a “Universal App” running on both iPhone and iPad, we are able to use and deploy the app on behalf of our customers and clients.

Because all of the code is ours, we can take the future development in any direction we like. We are really very excited to see the result, and see how well it performs.


Would you like your own iPhone / iPad App?

If you like what you see, and are interested in having your own business with an App like this, then please contact us to discuss your needs.

YouTube Search Results as RSS Feed

imageToday we were working on producing some custom Youtube video searches that output to RSS feed. The intent being to then consume the result into a Yahoo Pipes manipulation and ultimately use the result in a new iPhone / iPad app.

Google and Youtube have made the quite easy, which was nice.

YouTube Search as RSS


If you wanted to search for the term “A380” (like the aircraft) then you would use a URL like this: http://www.youtube.com/rss/search/a380.rss 



If you wanted to find all the videos recently posted that are tagged “A380” you would use a URL like this: http://www.youtube.com/rss/tag/a380.rss

Two Words

The above examples can have a space in the search. "Airbus A380” would be:


Must have the two words

Using the + sign you can conjoin two words.


However this appears to deliver the same results as the above search.

Google YouTube API

There is an API available to do more complex searches. These produce some interesting results. The API is available here.

YouTube User Search

Using a USER ID like ours “interactivewebs” you can find all the videos published by us using this search: http://www.youtube.com/rss/user/interactivewebs/videos.rss


It is possible to sort the search results using a tag on the end that looks like this:




Did you know, you can use complex boolean searches at YouTube, and get these out as an RSS feed, but that you may need to fiddle with the feed url to get it to work properly.
You can use:
  quoted strings
  parenthesis ( …. )
  "-" for negation (or is it just excluding the next word)
in searches.  For example here is a search I just conducted:
("light sport aircraft" OR (microlight OR ultralight OR lightsportaircraft OR lsa)) AND -ultralightnews
Fancy huh.  You can grab this as an RSS by using the rss link in your browser should it provide it, however take note, that YouTube seems to cut the query short in the RSS link if it’s too long (and doesn’t fully evaluate it either if you force it), and it does not return in the expected "most recent upload" order, so some modification of the string is necessary to make it useful.  Here’s the RSS feed for the above search

Returning Large Images of the Feed

We also found a neat little search that looks like this:


The end result of this produces some great looking feeds for our use.

Hope this helps others.