Boost CRM dynamics Outlook client performance with IIS compression

If you are looking for better performances for your CRM Dynamics 2011 outlook add-in, one tip (not the only one, for sure) is the enable compression for the following mime-type : application/soap+xml;charset=utf-8

To do so, just launch the following command (put it on one single line !) one the web servers hosting your CRM :

%SYSTEMROOT%\system32\inetsrv\appcmd.exe set config
-section:system.webServer/httpCompression /+"dynamicTypes.[mimeType='application/soap%u002bxml; charset=utf-8',enabled='true']"

Don’t forget to perform an iisreset to get it working effectively.

Source of this post where you’ll find much more details and explanations about the improvements :


Dynamics CRM 2011 – Rollup 6

I was recently discussing with Microsoft and was asking for the Update Rollup 6 schedule. I was answered that it is scheduled for January 2012.

Apparently the schedule is safe, and no delay is expected. If you are planning a deployment soon (like me), you might be interested in knowing that the rollup 6 will be released soon.

Regarding the content of the rollup 6, the only thing I know (which is not a big secret) is that it will include this fix : which is described in this post.

Looking forward to 2012…

Dynamics CRM 2011 – Session is about to expire ADFS

If you have a Dynamics CRM 2011 farm configures to use ADFS using Claims based authentication, you must have face the timeout session problem. Long story short, after around 40 minutes (whether you are active or not), you’ll get a popup telling you that your session is about to expire :

In order to avoid getting this popup too often, you need to extend the token life time on your ADFS server.

Simply follow this procedure :

1. Open a Windows PowerShell prompt on your ADFS Server.

2. Add the AD FS 2.0 snap-in to the Windows PowerShell session:

Add-PSSnapin Microsoft.Adfs.PowerShell

3. Configure the relying party token lifetime:

Get-ADFSRelyingPartyTrust -Name "relying_party"
Set-ADFSRelyingPartyTrust -Targetname "relying_party" -TokenLifetime 480

where :
- relying_party is the name of the relying party that you created.
- 480 corresponds to 480 minutes = 8 hours.

Source & credits (really considere reading those if you want to fully understand what you are doing) :

CozyRoc and Dynamics CRM 2011 with Claims and IFD

Let’s assume you have a Dynamics CRM 2011 farm that is configured to use Claims and IFD (Internet Facing Deployment) and that you are also using CozyRoc SSIS (excellent by the way) to extract data from your CRM platform.

Note : If you are not using Claims and IFD, this article might not apply to your problem…

You might face the following error : The request failed with HTTP status 401: Unauthorized. (System.Web.Services).


  1. Enable Anonymous Authentication on MSCRMServices\2007\SPLA on every web front in your CRM farm
    1. Open Internet Information Services (IIS) Manager.
    2. In the Connections pane, select the Microsoft Dynamics CRM Server 2011 Web site, and then navigate to the following folder: MSCRMServices\2007\SPLA
    3. In Features View, double-click Authentication.
    4. On the Authentication page, select Anonymous Authentication.
    5. In the Actions pane, click Enable to use Anonymous authentication with the default settings.
  2. In your CozyRoc SSIS package, select a deployment type as “Hosted” instead of “Premise”.
    1. Open your SSIS package and double click on your Dynamics CRM Connection Manager
    2. Select “Hosted” in the deployment list :

That’s all you need to do. CozyRoc will then work smoothly !


Dynamics CRM 2011 – Error only secure content is displayed

Today I’m facing the following issue when I access my CRM platform :

Internet explorer complains about the fact that only secure content is displayed. Which means that some http is going through while my CRM platform is configured to use https. You’ll notive as well that the get started section is not displayed correctly.

You get exactly the same thing in the outlook plugin with a similar message that asks you if you want to display only the content that was delivered securely over https :

If have read a few articles that were talking about configuring IE to ask to mix secured and unsecured content. I did not like it, and wanted to understand why this content was not delivered through a secured channel.

I figured out that is comes from a configuration in the Dynamics CRM database that is not set correctly. After you have adjusted it, it will work smoothly. Here is the procedure to fix it :

Step 1: Open a SQL Server Management Studio on the CRM database server and open the MSCRM_CONFIG database. And perform the following query :

SELECT     HelpServerUrl
FROM         ConfigSettings

You’ll get something like that :

As you can see, the HelpServerUrl is indicating HTTP (and in my case even a wrong url because it points to a specific web front end instead of the load balancer url…).

Step 2 : Edit the value the you found in the HelpServerUrl to what you need. Especially HTTPS instead of HTTP.

Step 3 : Reboot your farm. CRM dynamics might cache those kind of values… so a reboot might be necessary (it was not the case for me though).

Done ! You’ll see a full page nicely displayed without any error or warning



Configure CRM Dynamics 2011 outlook client when connected to the internet

I have been trying to configure the outlook add-in for CRM Dynamics 2011 while I was connected to the internet (opposed to my company network) without success for days now.

I initially thought it was coming from my Claims and IFD configuration, but it was not. It was just a bug ! And there is now a hot fix.

Let’s assume you have a Dynamics CRM 2011 platform exposed over the internet (Internet Facing Deployment) and that you need or want your users to be able to configure their Outlook Add-in while connected to the Internet (without any connection to your company’s network, nor any kind of VPN) : You need to apply this fix

(My) explanation :

The rollup 5 introduced a bug. The outlook config wizard was trying to connect to the Active Directory. The problem is that in some cases, when you are not connected to your company’s network, the Active Directory is not available. The configuration wizard was just crashing, due to the fact it was not capable to contact the Active Directory. As simple as that. The hotfix above changed the behavior so that it is no longer required to have the AD available to perform the configuration.

Worked like a charm for me ! So happy !

Side note : I was using the Microsoft Dynamics CRM 2011 for Microsoft Office Outlook add-in with Rollup 5 on top.

And here was the error log I was getting while trying to configure outlook using the configuration wizard :

17:57:06|  Error| Exception : The server could not be contacted.    at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)    at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()    at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)    at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType)    at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current()    at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.SelectOrganization(Guid organizationId)    at Microsoft.Crm.Application.Outlook.Config.ClientConfig.AddDeployment(DeploymentsDeployment[] deployments, AuthUIMode uiMode)    at Microsoft.Crm.Application.Outlook.Config.ClientConfig.Run(Boolean runInsideOutlook)    at Microsoft.Crm.Application.Outlook.Config.ClientConfig.Start(String[] args, Boolean runInsideOutlook)


Dynamics CRM 2011 : Claims and IFD

Before configuring it, I was a bit scared to be honest. All the article I read about it were talking about its complexity and the poor documentation. I have to disagree with all this…

Here are the three articles or documents you need to read in order to successfuly implement Claims based authentication and IFD (Internet Facing Deployment).

  1. Microsoft offical documentation (download the doc named “Microsoft Dynamics CRM 2011 and Claims-based Authentication.doc”) :
  2. A Microsoft video (very pragmatic) :
  3. A blog article very detailed with useful tips :

After you have spent 1 day reading and understanding those documents, you’ll be able to go through Claims authentication configuration and IFD quite quickly. This includes ADFS 2.0 configuration and installation (which is not so difficult).

Here are some tips from my side that would help you to avoid classical mistakes :

  1. Pay attention to DNS records and make sure you always configure them properly. Use hosts file if you don’t have easy access to DNS servers, but make sure the DNS are fine.
  2. Use valid certificates. Doing so will simplify your life and you’ll avoid certificate error that might block you during the process. Don’t forget to install the intermediate certificate if needed, so that certificates are fully valid.
  3. Understand what happens. You first need to understand at least the basics of ADFS, Claims and IFD so that you can react when an error shows up. If you don’t understand what you are doing, it is likely that it won’t work. That’s why I recommand you spend one day reading documentations before starting the implementation.
  4. Install ADFS on a separate server. Your CRM will already expose a web site over HTTP and/or HTTPS and the last thing you want is the ADFS 2.0 installation to interract with your CRM installation. Use a separated machine (2 GB of RAM will do in most cases) for ADFS 2.0 deployment.

If after struggling with your configuration, you still don’t get it working, you can still request a Microsoft Consultant to help you.

Dynamics CRM 2011 Outlook client and load balancing

Let’s assume you are using :

  • Dynamics CRM 2011 farm with 2 (or more) web front ends
  • A load balancer (Microsoft TMG, Citrix Netscaler, Apache, …) to split the load between your Dynamics CRM 2011 front ends
  • The fantastic Outlook Add-in for Microsoft Dynamics CRM 2011

You might face the situation where your CRM installation works fine when you use a web browser but the outlook add-in (or client) does not work properly. It is impossible to connect or configure it through the configuration wizard.

It might be due to the fact that you need to configure your load balancer to use IP based sticky session (opposed to cookie based sessions). The reason for this is very simple, the outlook add-in does not implement any cookies mechanism and the load balancer will simply fail to stick to one specific server. This will result in authentication failures since the outlook client will not “stick” to one specific web front end.

Here are basic steps to configure “IP based sticky sessions” in Microsoft ForeFront TMG:

Step 1: Open ForeFront TMG management console and go to the firewall policies

Step 2: Double click the firewall policy you have setup to expose your multiple CRM web fronts with load balancing

Step 3: In the “Web Farm” tab, select “Source-IP based” instead of “Cookie based”

Step 4: Click Ok, and apply the modifications. You’ll see that the outlook client will now work correctly.

Side note to conclude : I got ForeFront TMG working smoothly with Microsoft Dynamics CRM 2011 and the outlook add-in as described above by using Source-IP based sessions. We also had the exact same issue with a Citrix Netscaler load balancer and after configuring it with Source-IP based sessions, it worked fine as well !

Hope this will help someone…