Get-CrmSetting : The term ‘Get-CrmSetting’ is not recognized as the name of a cmdlet

Problem

While trying to run the OAuth provider setup in Microsoft Dynamics CRM, to configure among other things the Post-instillation setup to allow connectivity by devices and applications. I was banging my head on a problem following the instructions:

Configure the OAuth provider

 

Follow these steps to configure the OAuth provider in Microsoft Dynamics 365.

  1. Log on to the Microsoft Dynamics 365 server as an administrator.

  2. In a Windows PowerShell console window, run the following script.

     
    $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
    $ClaimsSettings.Enabled = $true
    Set-CrmSetting -Setting $ClaimsSettings
    
    
Found on this page: https://msdn.microsoft.com/en-us/library/hh699726.aspx#BKMK_WS2012R2 
 
I was getting in the Power Shell: 
PS C:\Users\administrator.FSERVER4> $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings

Get-CrmSetting : The term ‘Get-CrmSetting’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if
a path was included, verify that the path is correct and try again.
At line:1 char:19
+ $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
+ ~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-CrmSetting:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

Driving me nuts!

 

The Fix

Turns out from these instructions found here: https://msdn.microsoft.com/en-us/library/dn531010.aspx

That an additional step is required:

Dynamics 365 server setup

 

To configure the Dynamics 365 server to enable federated claims, follow these steps.

Configure claims settings

  1. Log on as administrator on the Dynamics 365 server that hosts the deployment service role and open a Windows PowerShell command window.

  2. Add the Dynamics 365Windows PowerShell snap-in (Microsoft.Crm.PowerShell.dll). More information: TechNet: Administer the deployment using Windows PowerShell

     
    Add-PSSnapin Microsoft.Crm.PowerShell
    
  3. Enter the following Windows PowerShell commands.

     
    $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
    $ClaimsSettings.Enabled = $true
    Set-CrmSetting -Setting $ClaimsSettings
    
    
 Note the step 2: 

Add-PSSnapin Microsoft.Crm.PowerShell

Now it works!

Screenshot 2017 01 10 14 36 47

Microsoft CRM IFD The SSL certificate does not contain all UPN suffix values that exist in the enterprise – Cannot Login

Cannot Login to a Previously working Microsoft CRM IFD

A previously working IFD deployment of CRM 2016 (but could be CRM 2015 or CRM 2013). About 1 year after you set the system up, you start receiving: An error has occurred. 
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization’s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.

When researching this error, we suspected what it was, and related to an article we covered here: http://www.interactivewebs.com/blog/index.php/crm-2013/microsoft-crm-2013-or-2015-event-id-1309-adfs-ifd-resolution/

However we never found and EVENT ID 1309 or anything close to that in our logs. The closest error we found (and we are not even certain that it was pointing as a result fo this problem) was the error:  EVENT ID 415

The SSL certificate does not contain all UPN suffix values that exist in the enterprise.  Users with UPN suffix values not represented in the certificate will not be able to Workplace-Join their devices.  For more information, see http://go.microsoft.com/fwlink/?LinkId=311954.

The Problem

This problem arises from a Certificate Rollover that the ADFS server does about 1 month out from your 1 year anniversary. The problem is that the ADFS certificate rolls over, but the CRM configuration does not pickup that new certificate.

 

The Fix

o locate your ADFS Certificates, navigate to the ADFS Console. Under “Service”, click on “Certificates”, where you will find a Primary and Secondary certificate. If the current date is close to the date of your Primary certificate “Effective Date”, it’s safe to assume that this is the underlying issue.

adfs2

To resolve this issue:

1. Navigate to the ADFS Console >> Trust Relationships >> Relying Party Trusts.
2. Right click on the trust and select “Update from Federation Metadata…”
a. If there are two trusts, do them both. This may be a case where you have one for Internal and External.

adfs3

3. Open Command Prompt. Be sure to right-click and “Run as Administrator”.
a. From within CMD, type “iisreset”.

adfs4

4. Open “Services” and restart the “ADFS” service.

adfs5

a. If ADFS does not start, be sure to check the “Windows Internal Database” service and make sure it is started, and then try restarting the ADFS service.

If these initial steps do not resolve your issue for any reason, continue with the following steps below:

5. Navigate to “CRM Deployment Manager”.
a. Run “Configure Claims-Based Authentication” wizard, upper right hand corner.
b. Click “Next” all the way through the wizard, nothing needs to be changed here.

adfs6

6. Run “Configure Internet Facing Deployment” wizard.
a. Click “Next” all the way through the wizard, nothing needs to be changed here either.

adfs7

7. Now, perform Steps 1-4 again as outlined above.
a. Update Federation Metadata
b. IISReset
c. Restart ADFS Service

Your users should be able to log-in to Dynamics CRM again. I hope you find this helpful and that it resolved your issue.