Microsoft CRM IFD The SSL certificate does not contain all UPN suffix values that exist in the enterprise – Cannot Login

Cannot Login to a Previously working Microsoft CRM IFD

A previously working IFD deployment of CRM 2016 (but could be CRM 2015 or CRM 2013). About 1 year after you set the system up, you start receiving: An error has occurred. 
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization’s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.

When researching this error, we suspected what it was, and related to an article we covered here:

However we never found and EVENT ID 1309 or anything close to that in our logs. The closest error we found (and we are not even certain that it was pointing as a result fo this problem) was the error:  EVENT ID 415

The SSL certificate does not contain all UPN suffix values that exist in the enterprise.  Users with UPN suffix values not represented in the certificate will not be able to Workplace-Join their devices.  For more information, see

The Problem

This problem arises from a Certificate Rollover that the ADFS server does about 1 month out from your 1 year anniversary. The problem is that the ADFS certificate rolls over, but the CRM configuration does not pickup that new certificate.


The Fix

o locate your ADFS Certificates, navigate to the ADFS Console. Under “Service”, click on “Certificates”, where you will find a Primary and Secondary certificate. If the current date is close to the date of your Primary certificate “Effective Date”, it’s safe to assume that this is the underlying issue.


To resolve this issue:

1. Navigate to the ADFS Console >> Trust Relationships >> Relying Party Trusts.
2. Right click on the trust and select “Update from Federation Metadata…”
a. If there are two trusts, do them both. This may be a case where you have one for Internal and External.


3. Open Command Prompt. Be sure to right-click and “Run as Administrator”.
a. From within CMD, type “iisreset”.


4. Open “Services” and restart the “ADFS” service.


a. If ADFS does not start, be sure to check the “Windows Internal Database” service and make sure it is started, and then try restarting the ADFS service.

If these initial steps do not resolve your issue for any reason, continue with the following steps below:

5. Navigate to “CRM Deployment Manager”.
a. Run “Configure Claims-Based Authentication” wizard, upper right hand corner.
b. Click “Next” all the way through the wizard, nothing needs to be changed here.


6. Run “Configure Internet Facing Deployment” wizard.
a. Click “Next” all the way through the wizard, nothing needs to be changed here either.


7. Now, perform Steps 1-4 again as outlined above.
a. Update Federation Metadata
b. IISReset
c. Restart ADFS Service

Your users should be able to log-in to Dynamics CRM again. I hope you find this helpful and that it resolved your issue.

Outlook Mac Office 365 Sorry, we’re having server problems, so we can’t add Office 365 SharePoint right now. Please try again later”

Outlook Mac Office 365 Sorry, we’re having server problems, so we can’t add Office 365 SharePoint right now. Please try again later”

For no particular reason you end up with an error message: Outlook Mac Office 365 Sorry, we’re having server problems, so we can’t add Office 365 SharePoint right now. Please try again later”


This starts to ask you for two or three factor authentication on your email accounts that are based on Office 365 product. My issues started December 2016

we can't add Office 365 SharePoint right now

To Resolve this error:

1. Make sure you have quitted Outlook and other Office apps. Go to KeyChain Access 

Outlook Not Connecting to Office 365 Mac

2. Search “Exchange” under Login –> All Items and delete everything 
3. Search “Office” and delete everything 
4. Search “ADAL” and delete everything  
5. Launch Outlook 
6. You will get the activation prompt.  If the account is already added, you will see the password prompt for app and ADAL again. Please do 2-Factor Authentication if asked. And then you should be able to login.

Cannot be sure what changed at Microsoft end to cause this, but obviously it is related to certificates. 

Microsoft CRM global search fails causing in-line search SQL error

CRM in-line search fails with SQL error

After upgrading Microsoft CRM from earlier versions we found that the global search function when enabled failed to return any results, and once the index for the global search had run over a 24-hour period, the in-line search function for any entity would cause a crash and SQL error message to be displayed on page.

The problem

In our particular instance this CRM environment had been upgraded from much earlier versions of CRM and included an attempt to solve some upgrade issues by dropping indexes. Initially our thoughts were that the dropping of the indexes were responsible for the problems. However it appears retrospectively that was a fragmentation of indexes that cause the issue. I cannot be exactly sure why the maintenance procedure that is run on the SQL Server did not rebuild and reorganise the indexes sufficiently that the global social function. However the following solution did work for us.

 We had pretty much followed the recommendation of this discussion forum.

The Solution

After submitting a support ticket to Microsoft they requested us to:

  • Run following command on CRM database to check fragmentation percentage:


SELECT object_id AS ObjectID,  index_id AS IndexID, avg_fragmentation_in_percent AS PercentFragment,

fragment_count AS TotalFrags, avg_fragment_size_in_pages AS PagesPerFrag,  page_count AS NumPages

FROM sys.dm_db_index_physical_stats(DB_ID(”), NULL, NULL, NULL , ‘DETAILED’) WHERE avg_fragmentation_in_percent > 0 ORDER BY ObjectID, IndexID



  • In case the fragmentation percent is more than 25-30% we have to rebuild the indexes.


  the reference provided by Microsoft was helpful, but not as helpful as we would have liked. We ended up running the following query that automatically rebuilt all the indexes.

DECLARE @fillfactor INT
SET @fillfactor = 80
SELECT OBJECT_SCHEMA_NAME([object_id])+’.’+name AS TableName
FROM sys.tables
OPEN TableCursor
FETCH NEXT FROM TableCursor INTO @TableName
SET @sql = ‘ALTER INDEX ALL ON ‘ + @TableName + ‘ REBUILD WITH (FILLFACTOR = ‘ + CONVERT(VARCHAR(3),@fillfactor) + ‘)’
Exec (@sql)
FETCH NEXT FROM TableCursor INTO @TableName
CLOSE TableCursor


After doing this, we were then able to turn on the global search and weight the relevant period of time for it to complete the indexing. It appears to have fixed our problem with both global search returning valid results, and in-line search no longer broken when global search was unable.

ZenDesk to Microsoft CRM integration password change

Changing your password in ZenDesk may affect your Microsoft CRM integration

 if you are to upgrade or change the password that you utilise in your ZenDesk system for the account that has been set to synchronise data with the Microsoft CRM platform, you will notice that the synchronisation may not function correctly or may only perform a one-way synchronisation. 

You will remember from the instructions that you likely followed in your initial configuration:  

 that part of these configuration settings is to set up your password and username in the SETTINGS / ZD Personal Settings –  area of your Microsoft CRM system.

 Below is an extract from the vendor’s configuration portal found here

Step 2: Setting up new security roles

The Zendesk integration introduces two new security roles to Microsoft Dynamics CRM that must be assigned before you can proceed to the next step:

  • Zendesk – Read configuration settings – grants the user  access to Zendesk ticket details in read-only mode  To gain access to create/edit Zendesk tickets functionality directly from Microsoft Dynamics CRM, these users must have a valid Zendesk liecense and enter their own personal Zendesk credentials on the ZD Personal Settings page.
  • Zendesk administrator – grants access to the global Zendesk Settings page and the Zendesk Entity mappings .  Have full access to create/edit Zendesk tickets directly from Microsoft Dynamics CRM.

By default, all users can view Zendesk ticket information in Microsoft Dynamics CRM if the panels are enabled.

To enable the roles, do the following:

  1. In Microsoft Dynamics CRM, select Settings System Administration Users .
  2. In the Users page, click New if you need to add new users. 
    If you are editing a list of existing users, select the user you want to modify and click on the Manage Roles button.
  3. In the Add Users dialog box, select the role for the group you want to configure. 
    The two new roles created by the Zendesk integration are at the bottom. Click Next to select and assign the users to a particular role and to send email invitations.  Make sure you give yourself the Zendesk administrator role for now so you can complete the setup.

Users are now configured to use the Z endesk for Microsoft Dynamics CRM integration!  If you have pre-existing users, you can simply add the appropriate roles to each of your uses.

Note: For users with the Zendesk – Read configuration settings permission, they can individually add their own credentials by navigating to Settings->ZD Personal Settings in Microsoft Dynamics and clicking the New button to add credentials. Enter the Zendesk User ID andPassword then save the record and it will be applied when they access Zendesk tickets. The password will be encrypted so others cannot see the value. 

InteractiveWebs Email (smartermail) With Mac Mail Exchange Connection

Mac Mail using Exchange Connection to SmarterMail InteractiveWebs

To Set up your mac mail with and Exchange Connection using Mac Mail you will need to follow these instructions carefully.

  1. On your Mac, open System Preferences.
    Screenshot 2016 05 04 10 58 55
  2. Click Internet accounts.
    Screenshot 2016 05 04 10 59 24
  3. Click Exchange.
    Screenshot 2016 05 04 10 59 58
  4. Complete the display name, full email address and password fields.
    Screenshot 2016 05 04 11 00 36
  5. Click Sign In.
  6. Ensure that you’re email address is et for your User Name, and Type the internal and external URL to read: 2016 05 04 11 02 08
  7. Click Sign In.
  8. An account summary screen will display. You can select or unselect any features that you do not wish to sync.
    Screenshot 2016 05 04 11 04 48
  9. Click Done.
  10. Click Add Account.

DNN – Hide a Page from the Menu

To Hide a DNN Page from the Menu

Note: This page will still be available to those who know the URL of that page (if for example you had put the page in a news letter).

Select Edit / Page Settings

Screenshot 2016 03 15 06 26 56


Page Details / Unselect the Include in Menu Option

Screenshot 2016 03 15 06 29 26

Update Page

The Page will no longer appear in the menu system. It can still be hit with the permissions that have previously been set.

Alternatively – To Change Permissions on the page to hide and stop access:



DNN – Change Permissions on a Page to Stop Users Being Able to Access The Page

To Stop users (Either members or visitors) from being able to access a page on the DNN Site.

Select Edit / Page Settings

Screenshot 2016 03 15 06 26 56

Select the Permissions Tab

Screenshot 2016 03 15 06 33 01

Uptick the All users View Settings. With no view pages permissions set. No users other than the Default Administrator settings will be able to visit the page.

Update Page

Note This hides the page from users in the menu too. Alternatively you can just hide the page from the menu, but still allow people how know where the page exists to still access it by following this post:


Enable TLS 1.2 on Windows 2008 R2


How to enable TLS 1.2 on Windows Server 2008 R2?


QuoVadis recommends enabling and using the TLS 1.2 protocol on your server.  TLS 1.2 has improvements over previous versions of the TLS and SSL protocol which will improve your level of security.  By default, Windows Server 2008 R2 does not have this feature enabled.  This KB article will describe the process to enable this.


    1. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run field (without quotations).


      1. Highlight Computer at the top of the registry tree.  Backup the registry first by clicking on File and then on Export.  Select a file location to save the registry file.


           You will be editing the registry.  This could have detrimental effects on your computer if done incorrectly, so it is strongly advised to make a backup.

          1. Browse to the following registry key:


            1. Right click on the Protocols folder and select New and then Key from the drop-down menu. This will create new folder.  Rename this folder to TLS 1.2.


              1. Right click on the TLS 1.2 key and add two new keys underneath it.


                1. Rename the two new keys as:
                  • Client
                  • Server


                  1. Right click on the Client key and select New and then DWORD (32-bit) Value from the drop-down list.


                    1. Rename the DWORD to DisabledByDefault.


                      1. Right-click the name DisabledByDefault and select Modify… from the drop-down menu.


                        1. Ensure that the Value data field is set to 0 and the Base is Hexadecimal.  Click on OK.


                          1. Create another DWORD for the Client key as you did in Step 7.


                            1. Rename this second DWORD to Enabled.


                              1. Right-click the name Enabled and select Modify… from the drop-down menu.


                                1. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.


                                  1. Repeat steps 7 to 14 for the Server key (by creating two DWORDs, DisabledByDefault and Enabled, and their values underneath the Server key).


                                  1. Reboot the server.

                                  Your server should now support TLS 1.2.


                                  Note: This article cannot be used on a Windows Server 2003 (IIS 6).  Windows Server 2003 does not support the TLS 1.2 protocol.

                                  Reverting Back

                                  If you make a mistake or something just isn’t right, you can revert back to your previous registry settings by opening the Registry Editor and importing the backup you made in step x.

                                  Microsoft.Crm.CrmException: Database having version is not supported for upgraded Microsoft.Crm.CrmException: Database having version is not supported for upgraded.

                                  When upgrading from CRM 2013 to CRM 2015 you get an error: Microsoft.Crm.CrmException: Database having version is not supported for upgraded.


                                  This is usually because there is already a database that exists with the same ID. You will need to delete that Organisation in CRM deployment manager before upgrading the new organisation from the same name.

                                  CRM 2016 Import Upgrade from CRM 2015 Failure: Timeout expired

                                  CRM 2016 Import  Upgrade from CRM 2015 Failure: Timeout expired

                                  On attempting to upgrade a Microsoft CRM Dynamics 2015 Database to CRM 2016 (without service pack) you receive a Failure: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding..

                                  This happens at the System Check stage.

                                  There are a bunch of suggestions online from earlier releases of CRM like 4.0 etc suggesting that you may need to change the timeout settings on the settings with some DWord changes in the registry. In this case it is not the cause.


                                  Microsoft has again released an initial version of their software with some significant bugs. The biggest of these being that you cannot import your CRM 2015 database to upgrade to CRM 2016 if it has a Full Text Catalogue. Something that is likely if you have been using the improved searching functions of CRM 2015.

                                  The Fix

                                  All care and no responsibility with this one. The prudent process would be to either upgrade an existing CRM 2015 environment in place, which form all reports will correctly update the CRM database in question to CRM 2016 without error. Alternatively you can wait the months that are likely required for Microsoft to get around to releasing a patch for this problem.

                                  1. Fresh on CRM 2016 SQL Server. Restore your backup of your CRM 2015 database.

                                  2. On the SQL manager, select the Database in question, and select “New Query” (our 2015 dates restore is CRM_MSCRM)

                                  CRM 2016 Upgrade from CRM 2015.png


                                  3. In the new Query window. Paste the following code and click Execute.

                                  declare @catid int

                                  select @catid=fulltext_catalog_id from sys.fulltext_catalogs wherename=‘CRMFullTextCatalog’

                                  declare c cursor for

                                   select, sys.fulltext_indexes.unique_index_id from sys.fulltext_indexesinner join sys.tables on sys.fulltext_indexes.object_id = sys.tables.object_id wheresys.fulltext_indexes.fulltext_catalog_id=@catid

                                   open c

                                   declare @TableName varchar(200), @UniqueID as integer

                                   fetch next from c into @TableName, @UniqueID

                                   while @@fetch_status = 0


                                   declare d cursor for

                                   select, sys.tables.object_id from sys.tables inner join sys.indexeson sys.tables.object_id = sys.indexes.object_id where andsys.indexes.index_id = @UniqueID

                                   open d

                                   declare @KeyIndex varchar(200), @object_id as integer

                                   fetch next from d into @KeyIndex, @object_id

                                   if @@FETCH_STATUS <> 0 


                                   Print ‘Error with’ + @TableName


                                   while @@fetch_status = 0


                                   BEGIN TRY

                                   Print ‘CREATE FULLTEXT INDEX ON [dbo].’+@TableName+‘ KEY INDEX [‘+@KeyIndex+‘] on([CRMFullTextCatalog]) WITH (CHANGE_TRACKING AUTO)’

                                   Print ‘GO’

                                   declare e cursor for

                                   select from sys.columns inner join sys.fulltext_index_columns onsys.columns.object_id=sys.fulltext_index_columns.object_id andsys.columns.column_id=sys.fulltext_index_columns.column_id wheresys.columns.object_id=@object_id

                                   open e

                                   declare @ColumnName varchar(200)

                                   fetch next from e into @ColumnName

                                   while @@fetch_status = 0


                                   Print ‘ALTER FULLTEXT INDEX ON [dbo].’+@TableName+‘ Add (‘+@ColumnName+‘)’

                                   Print ‘GO’

                                   fetch next from e into @ColumnName


                                   close e

                                   deallocate e

                                   END TRY

                                   BEGIN CATCH

                                   print ‘Error’ + @KeyIndex

                                   END CATCH

                                   fetch next from d into @KeyIndex, @object_id


                                   close d

                                   deallocate d

                                   fetch next from c into @TableName, @UniqueID


                                   close c

                                   deallocate c

                                  Like this:

                                  SQL Execute Query Key

                                  4. When the query executes successfully. Copy to the Clipboard all of the “Message” output in the bottom half of the screen to your clipboard.

                                  Screenshot 2016 01 21 10 09 54

                                  5. Now Expand the “Storage / Full Text Catalogues” section of the Database in question and select Properties.

                                  Screenshot 2016 01 21 10 11 52

                                  6. Select Table / Views

                                  Screenshot 2016 01 21 10 13 44

                                  7.Using the the little Left pointing arrow. Click it as many times as needed to move all the items on the right to the left. 

                                  Screenshot 2016 01 21 10 15 10

                                  Like this:

                                  CRM 2015 Upgrade to CRM 2016

                                  8. Once finished, select he Script Dropdown and select “Script Action to New Window” (or just click on OK both actions should work)

                                  Screenshot 2016 01 21 10 16 59


                                  You should see a Progress script Completed Successfully.

                                  Screenshot 2016 01 21 10 18 32

                                  9. Now Close all the Management for the SQL Server. This is Important.

                                  10. Upgrade your CRM database the normal way using the Microsoft Dynamics Deployment Manager / Organisations / Import Organisation 

                                  Screenshot 2016 01 21 10 21 03

                                  Skip through the steps here as you normally would Noticing that it no longer stalls on the recheck before upgrade.

                                  11. Once the upgrade has finished and you have your database imported and upgraded to CRM 2016, Open the SQL manager for the database in question again, and run a new query against the database as we did in step 3 above.

                                  This time however we are going to paste the output we captured to clipboard in step 4 above, and run that output as a script.

                                  Screenshot 2016 01 21 10 25 15

                                  Click Execute again. And you should be rebuilding the database indexes to a state that will function with the new CRM upgraded database.

                                  P.S. Microsoft. You suck balls at initial releases!