Dynamics CRM 2011 – Rollup 6

I was recently discussing with Microsoft and was asking for the Update Rollup 6 schedule. I was answered that it is scheduled for January 2012.

Apparently the schedule is safe, and no delay is expected. If you are planning a deployment soon (like me), you might be interested in knowing that the rollup 6 will be released soon.

Regarding the content of the rollup 6, the only thing I know (which is not a big secret) is that it will include this fix : http://support.microsoft.com/kb/2645912 which is described in this post.

Looking forward to 2012…

CozyRoc and Dynamics CRM 2011 with Claims and IFD

Let’s assume you have a Dynamics CRM 2011 farm that is configured to use Claims and IFD (Internet Facing Deployment) and that you are also using CozyRoc SSIS (excellent by the way) to extract data from your CRM platform.

Note : If you are not using Claims and IFD, this article might not apply to your problem…

You might face the following error : The request failed with HTTP status 401: Unauthorized. (System.Web.Services).


  1. Enable Anonymous Authentication on MSCRMServices\2007\SPLA on every web front in your CRM farm
    1. Open Internet Information Services (IIS) Manager.
    2. In the Connections pane, select the Microsoft Dynamics CRM Server 2011 Web site, and then navigate to the following folder: MSCRMServices\2007\SPLA
    3. In Features View, double-click Authentication.
    4. On the Authentication page, select Anonymous Authentication.
    5. In the Actions pane, click Enable to use Anonymous authentication with the default settings.
  2. In your CozyRoc SSIS package, select a deployment type as “Hosted” instead of “Premise”.
    1. Open your SSIS package and double click on your Dynamics CRM Connection Manager
    2. Select “Hosted” in the deployment list :

That’s all you need to do. CozyRoc will then work smoothly !


Dynamics CRM 2011 – Error only secure content is displayed

Today I’m facing the following issue when I access my CRM platform :

Internet explorer complains about the fact that only secure content is displayed. Which means that some http is going through while my CRM platform is configured to use https. You’ll notive as well that the get started section is not displayed correctly.

You get exactly the same thing in the outlook plugin with a similar message that asks you if you want to display only the content that was delivered securely over https :

If have read a few articles that were talking about configuring IE to ask to mix secured and unsecured content. I did not like it, and wanted to understand why this content was not delivered through a secured channel.

I figured out that is comes from a configuration in the Dynamics CRM database that is not set correctly. After you have adjusted it, it will work smoothly. Here is the procedure to fix it :

Step 1: Open a SQL Server Management Studio on the CRM database server and open the MSCRM_CONFIG database. And perform the following query :

SELECT     HelpServerUrl
FROM         ConfigSettings

You’ll get something like that :

As you can see, the HelpServerUrl is indicating HTTP (and in my case even a wrong url because it points to a specific web front end instead of the load balancer url…).

Step 2 : Edit the value the you found in the HelpServerUrl to what you need. Especially HTTPS instead of HTTP.

Step 3 : Reboot your farm. CRM dynamics might cache those kind of values… so a reboot might be necessary (it was not the case for me though).

Done ! You’ll see a full page nicely displayed without any error or warning



Configure CRM Dynamics 2011 outlook client when connected to the internet

I have been trying to configure the outlook add-in for CRM Dynamics 2011 while I was connected to the internet (opposed to my company network) without success for days now.

I initially thought it was coming from my Claims and IFD configuration, but it was not. It was just a bug ! And there is now a hot fix.

Let’s assume you have a Dynamics CRM 2011 platform exposed over the internet (Internet Facing Deployment) and that you need or want your users to be able to configure their Outlook Add-in while connected to the Internet (without any connection to your company’s network, nor any kind of VPN) : You need to apply this fix


(My) explanation :

The rollup 5 introduced a bug. The outlook config wizard was trying to connect to the Active Directory. The problem is that in some cases, when you are not connected to your company’s network, the Active Directory is not available. The configuration wizard was just crashing, due to the fact it was not capable to contact the Active Directory. As simple as that. The hotfix above changed the behavior so that it is no longer required to have the AD available to perform the configuration.

Worked like a charm for me ! So happy !

Side note : I was using the Microsoft Dynamics CRM 2011 for Microsoft Office Outlook add-in with Rollup 5 on top.

And here was the error log I was getting while trying to configure outlook using the configuration wizard :

17:57:06|  Error| Exception : The server could not be contacted.    at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)    at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()    at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)    at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType)    at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current()    at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.SelectOrganization(Guid organizationId)    at Microsoft.Crm.Application.Outlook.Config.ClientConfig.AddDeployment(DeploymentsDeployment[] deployments, AuthUIMode uiMode)    at Microsoft.Crm.Application.Outlook.Config.ClientConfig.Run(Boolean runInsideOutlook)    at Microsoft.Crm.Application.Outlook.Config.ClientConfig.Start(String[] args, Boolean runInsideOutlook)


Dynamics CRM 2011 : Claims and IFD

Before configuring it, I was a bit scared to be honest. All the article I read about it were talking about its complexity and the poor documentation. I have to disagree with all this…

Here are the three articles or documents you need to read in order to successfuly implement Claims based authentication and IFD (Internet Facing Deployment).

  1. Microsoft offical documentation (download the doc named “Microsoft Dynamics CRM 2011 and Claims-based Authentication.doc”) :
  2. A Microsoft video (very pragmatic) :
  3. A blog article very detailed with useful tips :

After you have spent 1 day reading and understanding those documents, you’ll be able to go through Claims authentication configuration and IFD quite quickly. This includes ADFS 2.0 configuration and installation (which is not so difficult).

Here are some tips from my side that would help you to avoid classical mistakes :

  1. Pay attention to DNS records and make sure you always configure them properly. Use hosts file if you don’t have easy access to DNS servers, but make sure the DNS are fine.
  2. Use valid certificates. Doing so will simplify your life and you’ll avoid certificate error that might block you during the process. Don’t forget to install the intermediate certificate if needed, so that certificates are fully valid.
  3. Understand what happens. You first need to understand at least the basics of ADFS, Claims and IFD so that you can react when an error shows up. If you don’t understand what you are doing, it is likely that it won’t work. That’s why I recommand you spend one day reading documentations before starting the implementation.
  4. Install ADFS on a separate server. Your CRM will already expose a web site over HTTP and/or HTTPS and the last thing you want is the ADFS 2.0 installation to interract with your CRM installation. Use a separated machine (2 GB of RAM will do in most cases) for ADFS 2.0 deployment.

If after struggling with your configuration, you still don’t get it working, you can still request a Microsoft Consultant to help you.