Category Archives: Server Tips

CRM 2015 IFD Adding a New Organization Additional Steps

Error when attempting to login to a New Organisation in CRM 2015 IFD

When attempting to login to a newly configured Organisation you may receive an error looking like this.

 

             An error occurred
An error occurred. Contact your administrator for more information.

 

  • Activity ID: 00000000-0000-0000-1400-0080010000ff
  • Error time: Sat, 28 Mar 2015 07:37:45 GMT

 

The Cause

Because IFD (Internet Facing Deployment) uses the AD FS Authentication it requires an additional step after using the CRM Deployment Manager to setup a new Organisation to then register at login with the AD FS setup.

Basically it is saying that you have set up the org, but not gin figured the authentication login settings in AD FS.

 

The Fix

1. Open AD FS Mananagement

 

2. Click on AD FS / Trust Relationships / Relying Party Trusts and local your CRM IFD Relying Party Trust associated with the IFD Authentication.

 

3. Highlight it, and select Update Federation Metadata

 

4. Update

 

And you are done!

You should now be able to login to the CRM server without getting the error message, and with no need to reset IIS or any other services.

 

 

 

CRM 2015 Reporting Extension Setup Error The SQL Server Reporting Services account is a local user and is not supported

Error Message installing CRM 2015 Reporting Extensions

When installing Microsoft Dynamics CRM Reporting Extension Setup you receive an error message: The SQL Server Reporting Services account is a local user and is not supported. This is during the System Checks.

SQL 2014 CRM 2015 Reporting Extension Setup Error.png

In our instance this was with MS CRM 2015 on SQL 2014 on the same server in a test environment.

The Solution

The fix is easy.

1. Open the SQL 2014 Reporting service configuration Manager

Screenshot 2015 03 28 17 56 17

2. Connect to your Server.

Screenshot 2015 03 28 17 57 04

3. Select the Service Account

Screenshot 2015 03 28 17 57 37

4. Select the Local System account and apply with the appropriate security levels.

Screenshot 2015 03 28 17 58 25

That’s about it. Run the setup process again and you should be good to go.

Windows 2012 Turn off Password Complexity

How to disable (turn off) the default Windows 2012 Administrator Complexity

1. Open the Administrative Tool

Windows 2012 Password Complexity.png

2. This places you in the Administrative Tools section. Select Local Security Policy.

Windows 2012 Password Local Security Policy.png

3. Change the password Must Meet Complex Requirements option to Disabled.

In a Domain Environment, for an Active Directory Domain Server.

  • In the Server Manager click on Tools and from the drop down click Group Policy Management
  • Expand Forrest >> Domains >> Your Domain Controller.
  • Right click on the Default Domain Policy and click on the Edit from the context menu.
  • Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
  • Double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
  • Select Disabled  under define this policy setting:
  • Click Apply then OK all the way out and close the GPO window.
  • In order to refresh the policy type the following command: “gpupdate /force”  in the CMD window and click ENTER.

Windows 2012 R2 Remote Desktop Enabled Cannot RDP Connect

Windows 2012 RDP Remote Desktop Enabled but you Cannot Connect

You find that after you enable the Windows 2012 RDP or Remote Desktop Connection features to allow you to remote desktop into your new server, you are still unable to connect to the server.

The Cause

By default on new installs of Windows 2012 R2 the server firewall is enabled for TCP IP on Remote Desktop User Mode In TCP-IP.

The Fix

Enable the rule that permits access through the Windows Firewall.

1. Search for Firewall and open “Windows Firewall and Advanced Security”.

2. Find the rule “Remote Desktop – User Mode TCP-in” and ENABLE Rule

Windows 2012 Remote Desktop Firewall Rule

Enabling Replication Failed The System Cannot Find the Path Specified Hyper-V

Enabling Replication Failed The System Cannot Find the Path Specified Hyper-V

While trying to replicate a Hyper-V server you receive the following error:

Enabling replication failed

Hyper-V failed to enable replication for virtual machine “Machine Name”: The system cannot find the path specified. (I0x80070003). (Virtual machine ID “ID Number”)

HyperV Replication Failed Path

Cause

The likely cause is that you have removed the path that was set under the replication server (or receiving servers) replication settings.

Under the Hyper-V Setting on the receiving or replication server, click on the “Replication Configuration Enabled as a Replication server”

Screenshot 2014 10 09 02 47 09

The Fix

Browse to the directory defined under “Specify the default location to store replica files” and ensure that the path is valid. 

The likely cause is that the folder defined here was removed and needs to be redefined. This can happen when you are cleaning shop.

Replciation Folder Selection Hyper-V

 

 

Microsoft CRM 2011 Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry

Error

When attempting to login to an IFD (Internet Facing Deployment of CRM) you receive this error:

Event code: 3005 Event message: An unhandled exception has occurred. Event time: 10/06/2014 1:54:52 AM Event time (UTC): 9/06/2014 3:54:52 PM Event ID: 6da606a9a6794c2a8f504cc6b8b3be3e Event sequence: 2 Event occurrence: 1 Event detail code: 0  Application information:     Application domain: /LM/W3SVC/2/ROOT-1-130468028783689054     Trust level: Full     Application Virtual Path: /     Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\     Machine name: VSERVER08  Process information:     Process ID: 1540     Process name: w3wp.exe     Account name: NT AUTHORITY\NETWORK SERVICE  Exception information:     Exception type: SecurityTokenException     Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  Request information:     Request URL: https://auth.interactivewebs.com:444/default.aspx     Request path: /default.aspx     User host address: 101.164.212.248     User:      Is authenticated: False     Authentication Type:      Thread account name: NT AUTHORITY\NETWORK SERVICE  Thread information:     Thread ID: 8     Thread account name: NT AUTHORITY\NETWORK SERVICE     Is impersonating: True     Stack trace:    at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)  Custom event details: 

The Problem

For unidentified problems, the ADFS authentication is failing and needs to be reset.

Solution:

Run the Deployment Manager with same certificate

These instructions are the last part of the instructions we have created for updating an out of date SSL certificate used in an IFD deployment. Basically we are following the same instructions, but skipping the step of replacing with a new SSL certificate. We are just running the deployment again against the same certificate. 

1. Run the CRM deployment manager:

image

2. Run the Configure Claims-based Authentication

image

Select the default settings.

image

image

Which should be the default from your IFD setup

But when you get to the Certificate, you need to select the new certificate.

image

image

Which should be visible from the list after importing it in the steps above.

3. Run the Configure Internet Facing Deployment action and just step though it with the default settings.

image

4. Restart the AD FS 2.0 Windows Service

image

Configure AD

Set the Service Communication Certificate

1. Start AD FS 2.0 Management

image

2. Expand certificates and select Set Service Communications Certificate

image

3. Select the new certificate that will be listed here.

image

Update Relying Party Trusts

1. From the AD FS 2.0 Management, Select your replying party trusts and update from the federation metadata one by one.

image

Update both listed. They will likely have a red cross before you do this.

Restart Services

Restart AD FS Service:

image

and restart IIS the usual way.

And you should be done. Login to your CRM IFD again and enjoy.

 

Windows 2008 Server Blocking RDP IP Address Hacks

Find out the IP address of the Prick who is trying to hack your server.

Go to the Windows Event Log, and select Security. Look for the Audit Failure event and you will see the IP there.

image

Setup a custom rule in Firewall With Advanced Security to block this incoming IP from attempting a hack.

Start -> administrative tools > windows firewall with advanced security.

Select Inbound Rules / New Rule

image

Select Custom / Next

image

Select All Programs / Next

image

Leave Default / Next

image

Leave the Local IP set to ANY, but Change the Remote IP to ADD

image

Ensure that you have added the prick who is hacking you, then Next

image

Select Block the Connection / Next

image

Leave Default / Next

image

Give the rule a name / Finish

image

Microsoft CRM IFD SSL Certificate Renewal

Following on from our very popular IFD configuration for Microsoft CRM.

http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

The time will come around where you need to renew the SSL certificate for your CRM IFD configuration.

This will include the renewal of the SSL certificate as used by IIS and and ADFS. Couple of steps we followed based exactly on the configuration outlined in our above linked blog post.

Generate a new SSL Request.

1. Open IIS Manager and click on server certificates.

image

2. Create certificate request

image

3. Fill in the data:

image Next

4. Change to 2048 Bit

image

5. Give it a name:

image

Finish and you are done.

Now Open the certificate text file and copy the text to your clip board, or use this with your certificate authority to issue you a new Wild Card Certificate. *.interactivewebs.com is what we use.

To get the certificate we use a service called “startssl.com” who allow you to issue certificates like this for 2 years for free once you are validated as a user.

Complete the Certificate Request

Once the new certificate has been issued to you you need to complete the request on IIS.

1. In IIS Manager click on Complete Certificate Request

image

2. Browse to the certificate from your issuer provider and give it a friendly name. We like to use a year in the name to help distinguish from the old one.

image

Finish the import.

Change the certificate used by IIS

1. Expand the two sites on the CRM server and click on Default Website first then Bindings / https

image

Then EDIT

2. Select the new certificate that you just imported and click on OK

image

3. Repeat this process fro the Microsoft Dynamics CRM website

image

selecting the new certificate here and OK.

4. Restart IIS

Set Permissions on SSL Certificate

1.  Click Start, and then click Run.
2.  Type MMC.
3.  On the File menu, click  Add/Remove Snap-in.
4.  In the Available snap-ins list, select Certificates, and then click Add. The Certificates Snap-in Wizard starts.
5.  Select Computer account, and then click Next.
6.  Select Local computer: (the computer this console is running on), and then click Finish.
7.  Click OK.
8.  Expand Console Root\Certificates (Local Computer)\Personal\Certificates.
9.  Right-click Certificates, click All Tasks, and then click Import.

Step 2: Add to the ADFS service account the permissions to access the private key of the new certificate. To do this, follow these steps:

1.  With the local computer certificate store still open, select the certificate that was just imported.
2.  Right-click the certificate, click All Tasks, and then  click Manage Private Keys.
3.  Add the account that is running the ADFS Service, and then give the account at least read permissions. (for us this is the Network Service)

Run the Deployment Manager with new Certificate

1. Run the CRM deployment manager:

image

2. Run the Configure Claims-based Authentication

image

Select the default settings.

image

image

Which should be the default from your IFD setup

But when you get to the Certificate, you need to select the new certificate.

image

image

Which should be visible from the list after importing it in the steps above.

3. Run the Configure Internet Facing Deployment action and just step though it with the default settings.

image

4. Restart the AD FS 2.0 Windows Service

image

Configure AD

Set the Service Communication Certificate

1. Start AD FS 2.0 Management

image

2. Expand certificates and select Set Service Communications Certificate

image

3. Select the new certificate that will be listed here.

image

Update Relying Party Trusts

1. From the AD FS 2.0 Management, Select your replying party trusts and update from the federation metadata one by one.

image

Update both listed. They will likely have a red cross before you do this.

Restart Services

Restart AD FS Service:

image

and restart IIS the usual way.

And you should be done. Login to your CRM IFD again and enjoy.

Please feel free to link to / reference this blog. Comments welcome below.

Font Icons Not Displaying in Internet Explorer IE 9 / 10

With the Bulk Emailer application we have used font icons to improve response and scalability with different devices. So far we have been happy with how they work using some boot strap code that is used for our user interface.

What we have noticed, and it’s no big surprise… Internet Explorer 9 and IE 10 will not display font icons correct.

What you should see is this:

image

But ends up rendering like this:

image

The Problem is WOFF Fonts on IIS

For IIS 6 and later, they do not handle WOFF fonts as icons for Internet Explorer. Most other browsers will support them, however IE like usual will behave like a black sheep.

There appears to be two solutions to this problem.

Solution 1 – Adding a MIME type to Internet Information Server IIS

Add the following MIME type to the IIS server settings.

  • .woff application/x-woff
    1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

    2. In Features View, double-click MIME Types.

    3. In the Actions pane, click Add.

    4. In the Add MIME Type dialog box, type a file name extension in the File name extension text box. For example, type .xyz.

    5. Type a MIME type in the MIME type text box. For example, type application/octet-stream.

    6. Click OK.

image

Solution 2 – Adding some code to the web.config

A lot of people don’t have access to configure IIS in DotNetNuke, so you can add the following to the web.config.

Under the yellow below add the green lines

<system.webServer>
    <staticContent>

       <mimeMap fileExtension=”.woff” mimeType=”application/x-font-woff” />
    </staticContent>
  </system.webServer>

This should get you out of trouble.

1 2 3 4