Category Archives: Server Tips

Enabling Replication Failed The System Cannot Find the Path Specified Hyper-V

Enabling Replication Failed The System Cannot Find the Path Specified Hyper-V

While trying to replicate a Hyper-V server you receive the following error:

Enabling replication failed

Hyper-V failed to enable replication for virtual machine “Machine Name”: The system cannot find the path specified. (I0x80070003). (Virtual machine ID “ID Number”)

HyperV Replication Failed Path

Cause

The likely cause is that you have removed the path that was set under the replication server (or receiving servers) replication settings.

Under the Hyper-V Setting on the receiving or replication server, click on the “Replication Configuration Enabled as a Replication server”

Screenshot 2014 10 09 02 47 09

The Fix

Browse to the directory defined under “Specify the default location to store replica files” and ensure that the path is valid. 

The likely cause is that the folder defined here was removed and needs to be redefined. This can happen when you are cleaning shop.

Replciation Folder Selection Hyper-V

 

 

Microsoft CRM 2011 Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry

Error

When attempting to login to an IFD (Internet Facing Deployment of CRM) you receive this error:

Event code: 3005 Event message: An unhandled exception has occurred. Event time: 10/06/2014 1:54:52 AM Event time (UTC): 9/06/2014 3:54:52 PM Event ID: 6da606a9a6794c2a8f504cc6b8b3be3e Event sequence: 2 Event occurrence: 1 Event detail code: 0  Application information:     Application domain: /LM/W3SVC/2/ROOT-1-130468028783689054     Trust level: Full     Application Virtual Path: /     Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\     Machine name: VSERVER08  Process information:     Process ID: 1540     Process name: w3wp.exe     Account name: NT AUTHORITY\NETWORK SERVICE  Exception information:     Exception type: SecurityTokenException     Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  Request information:     Request URL: https://auth.interactivewebs.com:444/default.aspx     Request path: /default.aspx     User host address: 101.164.212.248     User:      Is authenticated: False     Authentication Type:      Thread account name: NT AUTHORITY\NETWORK SERVICE  Thread information:     Thread ID: 8     Thread account name: NT AUTHORITY\NETWORK SERVICE     Is impersonating: True     Stack trace:    at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)  Custom event details: 

The Problem

For unidentified problems, the ADFS authentication is failing and needs to be reset.

Solution:

Run the Deployment Manager with same certificate

These instructions are the last part of the instructions we have created for updating an out of date SSL certificate used in an IFD deployment. Basically we are following the same instructions, but skipping the step of replacing with a new SSL certificate. We are just running the deployment again against the same certificate. 

1. Run the CRM deployment manager:

image

2. Run the Configure Claims-based Authentication

image

Select the default settings.

image

image

Which should be the default from your IFD setup

But when you get to the Certificate, you need to select the new certificate.

image

image

Which should be visible from the list after importing it in the steps above.

3. Run the Configure Internet Facing Deployment action and just step though it with the default settings.

image

4. Restart the AD FS 2.0 Windows Service

image

Configure AD

Set the Service Communication Certificate

1. Start AD FS 2.0 Management

image

2. Expand certificates and select Set Service Communications Certificate

image

3. Select the new certificate that will be listed here.

image

Update Relying Party Trusts

1. From the AD FS 2.0 Management, Select your replying party trusts and update from the federation metadata one by one.

image

Update both listed. They will likely have a red cross before you do this.

Restart Services

Restart AD FS Service:

image

and restart IIS the usual way.

And you should be done. Login to your CRM IFD again and enjoy.

 

Windows 2008 Server Blocking RDP IP Address Hacks

Find out the IP address of the Prick who is trying to hack your server.

Go to the Windows Event Log, and select Security. Look for the Audit Failure event and you will see the IP there.

image

Setup a custom rule in Firewall With Advanced Security to block this incoming IP from attempting a hack.

Start -> administrative tools > windows firewall with advanced security.

Select Inbound Rules / New Rule

image

Select Custom / Next

image

Select All Programs / Next

image

Leave Default / Next

image

Leave the Local IP set to ANY, but Change the Remote IP to ADD

image

Ensure that you have added the prick who is hacking you, then Next

image

Select Block the Connection / Next

image

Leave Default / Next

image

Give the rule a name / Finish

image

Microsoft CRM IFD SSL Certificate Renewal

Following on from our very popular IFD configuration for Microsoft CRM.

http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

The time will come around where you need to renew the SSL certificate for your CRM IFD configuration.

This will include the renewal of the SSL certificate as used by IIS and and ADFS. Couple of steps we followed based exactly on the configuration outlined in our above linked blog post.

Generate a new SSL Request.

1. Open IIS Manager and click on server certificates.

image

2. Create certificate request

image

3. Fill in the data:

image Next

4. Change to 2048 Bit

image

5. Give it a name:

image

Finish and you are done.

Now Open the certificate text file and copy the text to your clip board, or use this with your certificate authority to issue you a new Wild Card Certificate. *.interactivewebs.com is what we use.

To get the certificate we use a service called “startssl.com” who allow you to issue certificates like this for 2 years for free once you are validated as a user.

Complete the Certificate Request

Once the new certificate has been issued to you you need to complete the request on IIS.

1. In IIS Manager click on Complete Certificate Request

image

2. Browse to the certificate from your issuer provider and give it a friendly name. We like to use a year in the name to help distinguish from the old one.

image

Finish the import.

Change the certificate used by IIS

1. Expand the two sites on the CRM server and click on Default Website first then Bindings / https

image

Then EDIT

2. Select the new certificate that you just imported and click on OK

image

3. Repeat this process fro the Microsoft Dynamics CRM website

image

selecting the new certificate here and OK.

4. Restart IIS

Set Permissions on SSL Certificate

1.  Click Start, and then click Run.
2.  Type MMC.
3.  On the File menu, click  Add/Remove Snap-in.
4.  In the Available snap-ins list, select Certificates, and then click Add. The Certificates Snap-in Wizard starts.
5.  Select Computer account, and then click Next.
6.  Select Local computer: (the computer this console is running on), and then click Finish.
7.  Click OK.
8.  Expand Console Root\Certificates (Local Computer)\Personal\Certificates.
9.  Right-click Certificates, click All Tasks, and then click Import.

Step 2: Add to the ADFS service account the permissions to access the private key of the new certificate. To do this, follow these steps:

1.  With the local computer certificate store still open, select the certificate that was just imported.
2.  Right-click the certificate, click All Tasks, and then  click Manage Private Keys.
3.  Add the account that is running the ADFS Service, and then give the account at least read permissions. (for us this is the Network Service)

Run the Deployment Manager with new Certificate

1. Run the CRM deployment manager:

image

2. Run the Configure Claims-based Authentication

image

Select the default settings.

image

image

Which should be the default from your IFD setup

But when you get to the Certificate, you need to select the new certificate.

image

image

Which should be visible from the list after importing it in the steps above.

3. Run the Configure Internet Facing Deployment action and just step though it with the default settings.

image

4. Restart the AD FS 2.0 Windows Service

image

Configure AD

Set the Service Communication Certificate

1. Start AD FS 2.0 Management

image

2. Expand certificates and select Set Service Communications Certificate

image

3. Select the new certificate that will be listed here.

image

Update Relying Party Trusts

1. From the AD FS 2.0 Management, Select your replying party trusts and update from the federation metadata one by one.

image

Update both listed. They will likely have a red cross before you do this.

Restart Services

Restart AD FS Service:

image

and restart IIS the usual way.

And you should be done. Login to your CRM IFD again and enjoy.

Please feel free to link to / reference this blog. Comments welcome below.

Font Icons Not Displaying in Internet Explorer IE 9 / 10

With the Bulk Emailer application we have used font icons to improve response and scalability with different devices. So far we have been happy with how they work using some boot strap code that is used for our user interface.

What we have noticed, and it’s no big surprise… Internet Explorer 9 and IE 10 will not display font icons correct.

What you should see is this:

image

But ends up rendering like this:

image

The Problem is WOFF Fonts on IIS

For IIS 6 and later, they do not handle WOFF fonts as icons for Internet Explorer. Most other browsers will support them, however IE like usual will behave like a black sheep.

There appears to be two solutions to this problem.

Solution 1 – Adding a MIME type to Internet Information Server IIS

Add the following MIME type to the IIS server settings.

  • .woff application/x-woff
    1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

    2. In Features View, double-click MIME Types.

    3. In the Actions pane, click Add.

    4. In the Add MIME Type dialog box, type a file name extension in the File name extension text box. For example, type .xyz.

    5. Type a MIME type in the MIME type text box. For example, type application/octet-stream.

    6. Click OK.

image

Solution 2 – Adding some code to the web.config

A lot of people don’t have access to configure IIS in DotNetNuke, so you can add the following to the web.config.

Under the yellow below add the green lines

<system.webServer>
    <staticContent>

       <mimeMap fileExtension=”.woff” mimeType=”application/x-font-woff” />
    </staticContent>
  </system.webServer>

This should get you out of trouble.

.zip files from Mac OS show up as green/encrypted

Green files and folders on Windows 7 indicate they are encrypted.

Usually this is a function of a program that will make these files encrypted for a reason. Security is usually the reason. But…

An interesting little bug in the process of creating a .zip file on a mac and moving it over to a Windows computer.

When a .zip file is created according to standards for .zip files found here:

http://www.pkware.com/documents/casestudies/APPNOTE.TXT

They specify that .zip archives include a tag informing about itself to the program trying to decompress the archive. This tag information is known as the “version made by” and as the name suggest, it would tag information about the program version of .zip and the files system in use.

 0 - MS-DOS and OS/2 (FAT / VFAT / FAT32 file systems)
          1 - Amiga                     2 - OpenVMS
          3 - UNIX                      4 - VM/CMS
          5 - Atari ST                  6 - OS/2 H.P.F.S.
          7 - Macintosh                 8 - Z-System
          9 - CP/M                     10 - Windows NTFS
         11 - MVS (OS/390 - Z/OS)      12 - VSE
         13 - Acorn Risc               14 - VFAT
         15 - alternate MVS            16 - BeOS
         17 - Tandem                   18 - OS/400
         19 - OS/X (Darwin)            20 thru 255 - unused

When the Mac system encrypts the files, it marks them with the attribute of being UNIX based files. Correct considering the Mac operating system is based on UNIX.

The problem arises at the Windows end. Because Windows is created by the most arrogant computer company in the world, it does not recognise that a .zip file could have been created with a computer that is not running Windows. It fails to correctly see the flag as UNIX and marks the files as Encrypted.

Leaving Files Encrypted

If the files are left as encrypted, you may find that there are problems if the files are shred on a network drive etc. Taking ownership will not change this flag, and resetting permissions does nothing.

The Easy Fix – Remove Encrypted Tag

Removing the incorrect Encrypted Flag on a green file in Windows 7, or Windows Server is really easy. Right click the file or files (holding the shift key to select multiple folders and files) then Click: Properties / Advanced / Un-tick the Encrypted Option

 

That’s about it. All fixed.

CRM 2011 Email Router Setup and Settings

Often with the setup of CRM 2011. Users experience messages about Pending e-mail warning and sometimes email messages are not sending.

This can be especially frustrating as both the CRM email queuing and tracking system and the Email router application are terrible to help you understand exactly what is going on with your CRM e-mail.

We mentioned some of the issues we have experience here:

http://www.interactivewebs.com/blog/index.php/server-tips/crm-2011-email-router-problemsshes-a-fickle-bitch/

Here are some basic setup tips for email in Microsoft CRM 2011

1. Out of the box, CRM does not send email messages. You need to configure an application known as CRM 2011 Email Router to have email messages send.

2. You also need a working SMTP (email server) that is configured to allow the relay of email messages from email accounts at your domain name. This can be achieved with Amazon SES message service or your own servers. We can assist you setup Amazon SES if you need assistance with this.

3. You should install and configure your Email Router. Some notes to help you may include these: http://www.interactivewebs.com/blog//?s=email+router

Recommended email settings in CRM 2011

1. Out of the box. CRM will only be able to send email messages to leads, contacts, and accounts. Until you change this setting found in the Admin / System Settings in CRM.

image

2. Avoid delayed email messages in CRM by Approve Email Address. In the Administration / Users. Go into each user and approve the configured email address.

image

There is a view of users who are Pending Email address approval to help identify who is needing approval.

image

Also uncheck the option for Process emails only for approved users and process email only for approved queues. Administration / System Settings.

image

 

3. Configure users email settings to use the email router for outbound email messages. (optionally inbound configuration too).

image

Our recommendation is to set the outbound processing for the email router. This will allow emails generated by the crm system to be delivered right away via the email router. This also means that you do need to install and configure the email router.

The above settings can be set automatically for all users by the use of a simpler out of the box workflow that runs on create of new users.

image

4. The next setting is recommended. Knowing that email can be tracked in CRM with the outlook client:

image

Email messages can automatically be tracked too.

image

5. The all powerful features of creating contacts in CRM when and email address is not known.

image

This is a great way to automatically get more leads or contacts (depending on your business) in crm. And depending on your business can also be a great way to pollute your crm full of contacts or leads that you don’t want.

Troubleshooting Tips

To troubleshoot an E-mail Router outgoing profile configuration, follow these steps:

  1. Make sure that you follow the incoming profile configuration procedures in the E-mail Router Configuration Manager Help.
  2. For more information about how to configure an incoming profile, see the E-mail Router configuration information in the latest version of the Installing Guide that is included in the Microsoft Dynamics CRM 4.0 Implementation Guide.
  3. Refer to the following sections for information about how to resolve commonly encountered outgoing profile issues.

Test Access error

If there is a problem with your outgoing e-mail configuration, you may receive the following error message when you click Test Access on the E-mail Router Configuration Manager:

“Outgoing status: Failure – An error occurred while checking the connection to e-mail server EXSERVERNAME. The requested address is not valid in its context”

If you receive this message, follow these steps to troubleshoot the problem:

  1. Run a telnet command to verify that connectivity is functioning between the computer that is running CRM Router and the Exchange Server. For example, start the TELNET utility and enter the following command:TELNET EXSERVERNAME PORT
  2. Make sure that you have no antivirus services running on the Exchange Server computer that prevent connection by using port 25.
  3. For information about how to configure the SMTP server to allow relay messages from Microsoft Dynamics CRM, see KB article 915827.

E-mail error when message sent from the Web application

Symptom: When a user sends an e-mail message by using the Web application, the user might receive one of the following messages:

This message has not yet been submitted for delivery. 1 attempts have been made so far.

The message delivery failed. It must be resubmitted for any further processing.

Resolution: For information about how to resolve this issue, see KB article 915827.

Load Data error

When you click Load Data in the E-mail Router Configuration Manager, you receive the following error:

The E-mail Router Configuration Manager was unable to retrieve user and queue information from the Microsoft Dynamics CRM server. This may indicate that the Microsoft Dynamics CRM server is busy. Verify that URL ‘http://OrganizationName‘ is correct. Additionally, this problem can occur if the specified access credentials are insufficient. To try again, click Load Data. (The request failed with HTTP status 404: Not Found.)

To resolve this problem, follow these steps:

  1. Make sure that the user account that is running the E-mail Router Configuration Manager service is a member of the Active Directory PrivUserGroup security group.
  2. The account that is specified in the Access Credentials field on the General tab of the E-mail Router Configuration Manager must be a Microsoft Dynamics CRM administrative user. If the access credentials are set to Local System Account, the computer account must be a member of the Active Directory PrivUserGroup security group.
  3. Make sure that the URL is spelled correctly. The organization name in the URL field is case-sensitive and must be spelled exactly as it appears in the Microsoft Dynamics CRM server. To view the organization name as it appears in the Microsoft Dynamics CRM server, start the Web application. The organization name appears in the upper-right corner of the application window.
  4. The DeploymentProperties table may have incorrect values if you have modified the port or hostheaders on your Web site. To update the DeploymentProperties table see, KB article 950248.

Pending Email warning

image

On the Email Router, configure:

1. Check event view for Email Router related errros

2. Change the send email

3. Restart CRM email Router service

4. Reduce the pooling time and conneciton timeout

image

 

Automatically Resending Failed Email Messages

The Advanced find can be used to find email messages that have not sent. A workflow can also be created to resend messages automatically. However constant failures is going to indicate a problem some other place. So the use of this automatic workflow should not be introduced in place of fixing your sending issues.

Steps to create the workflow to re-send failed e-mails:

1. Create a new Workflow in CRM | Processes on the E-mail entity

image

2. Set the workflow to be Available to Run “As an on-demand process”, Change the scope to Organization and uncheck “Record is created”.  This will make the workflow available to run On-Demand, function for all e-mails in the organization and also not run when every time a new e-mail is created as we just want to use this when needed on specific e-mails.

image

3. Click “Add Step” and choose “Change Status”

image

4. Set the E-mail to a status of “Pending Send”

image

5. Click Save and then Activate in the toolbar.  Click ”OK” to the message to confirm you want to Activate the workflow and then click “Close” on the workflow.

image

Advanced Find to see how many e-mails are in a failed status:

1. Open Advanced Find by clicking the “Advanced Find” button in the CRM ribbon

image

2. Select “E-mail Messages” in the Look For option set and then select “Status Reason” and set it equal to “Failed”. Then click the Results button in the Advanced Find ribbon.

image

3. You can refine the results using the filter criteria from here as well in case you do not want to re-send all of the e-mails. Once you are done, multi-select the e-mails you want to re-send and then click the “Run Workflow” button in the CRM ribbon.

4. Select the e-mail workflow that you created using the steps above and click OK.

The workflow will then run and change the status of all the e-mails you had selected back to “Pending Send”.  This is an asynchronous process, so it may take a few minutes depending on your current asynchronous workload in CRM.  Then the CRM e-mail router will process them again and send them out through SMTP as expected.

Still Need Help?

Here at InteractiveWebs we know how terrible this component of Microsoft CRM is. Actually, in our opinion, it is difficulties like these that really shows Microsoft is not at all interested in giving it’s customers a good experience. Much of the multitude of steps and better monitoring could be fixed with very little effort from Microsoft, yet after years of CRM, much remains the same.

In any case, if you need paid administration assistance to get your email working on your CRM system, be it Cloud Microsoft Hosted, IFD, or On Premises, we are available. Please contact us at: http://www.interactivewebs.com by submitting a support ticket.

CRM 2011 Rollup 10 Invalid Argument Error

CRM 2011 Rollup 10 Killed My CRM

image

After installing CRM 2011 Rollup 10 (not 9 as that is MIA) you receive an Invalid Argument messages as per the image above. This happens after you login to an IFD deployment.

For all we know it may happen on the CRM on premises but we have not managed to test that.

You may also have a CRM Platform Trace Error:

Crm Exception: Message: A non valid page number was received: 0, ErrorCode: –2147220989

CRM’s Fetch Throttling abilities have been disabled or modified from the default values.
Re-enable CRM’s default Fetch Throttling settings.

The solution

1. START | RUN | “regedit” | OK

2. Locate and select the registry subkey: HKEY_LOCAL_MACHINESoftwareMicrosoftMSCRM

image

Change the value on: TurnOffFetchThrottling

to 0

image

In fact if you find either MaxRowsPerPage or the TurnOffFetchThrottling registry keys set them both to 0 or delete them.

3. START | RUN | “iisreset” | OK

(This will restart IIS)

Login to CRM and you should be good to go.

Opencart on IIS 7.5 Windows 2008 Server FTP Permissions Changing

Opencart and PHP running on IIS, we found Permissions incorrect on uploaded files

After working with IIS server running PHP, we found the files uploaded through the web interface of the opencart CMS failed to inherit the correct permissions.

After spending weeks time to resolve this problem, believing that it was a glitch that required file permissions to be reset we found an easy solution.

The Problem

The problem lies with the PHP system running on IIS. When you use a web interface to upload files to your PHP CMS website, they are initially loaded to the PHP defined temporary folder. The temporary folder is set in the PHP.ini file.

To find this file and check the setting, you do this:

Open IIS and select PHP Manager

NewImage

 

Then Check phpinfo()

NewImage

 

Then search the php.ini file that opens for “upload_tmp_dir”

Notice that the default location (unless you have changed it) is: c:\windows\temp

NewImage

Now navigate to that folder on your IIS server rick click and select Properties / Security Tab and find the IIS_IUSRS security group.

NewImage

Edit the permissions there to match the permissions of your IIS website folder that is causing you the grief. Probably Read Write at least is needed.

Why the solution works.

As files are uploaded through the website interface, they land in the temp directory. Once there they inherit the temp directory permissions before being moved onto the website folders. By adding the website security to the temp folder, you allow the files to move across with the correct permissions set.

This would be applicable for WordPress running on IIS server, or Opencart.

WordPress 3.5 Manual Fix

Below is the manual fix you can apply to be able to get your WordPress 3.5 install working correctly, there are two options that should work.

1) In the file wp-config.php, add the following line before “That’s all, stop editing”

define( 'WP_TEMP_DIR', ABSPATH . 'wp-content/' );

or

2) In the file /wp-includes/class-http.php comment out lines 144 and 145, which look like the following:

if ( ! is_writable( dirname( $r['filename'] ) ) )
	return new WP_Error( 'http_request_failed', __( 'Destination directory for file streaming does not exist or is not writable.' ) );

After applying one of the above fixes you should be able to add/upgrade your plugins and upgrade your themes, and will allow you to use the auto upgrade feature when WordPress version 3.5.1 is released.

1 2 3 4