CRM 2013 – Check if your CRM 2013 installation uses best practises

Power objects blog have written some very useful blogs on CRM 2013 and I read this one the other day about the Best practices analyzer for dynamics.

I had never heard of the best practices analyzer, so here Microsoft’s description

    Microsoft Baseline Configuration Analyzer 2.0 (MBCA 2.0) can help you maintain optimal system configuration by analyzing configurations of your computers against a predefined set of best practices, and reporting results of the analyses. Best practices are developed by a product development team or domain experts, and are packaged in the form of a best practice model. Models are available as separately-downloadable packages that can be run and analyzed by MBCA. MBCA lets users work with best practice models in a consistent, user-friendly way.


This picture from the powerobjects blog gives you a good idea of what the tool does


So the tool is basically used to check that you have installed CRM using the best practices in terms of service accounts, ports etc.

This would have been very useful when I was doing some CRM installations because it would have enabled me to check if I was on the right course, I see this as style cop type thing to check you programming to a standard.

I thought it might be useful to some CRM installers out there





CRM 2011 – SPN’s can be hell

If you have installed CRM you might have been unluckily enough to come up against some SPN (Service Principal Name) problems.

SPN problems are usually difficult to resolve because it usually involves explaining to an IT department what SPN’s are and what they do and finally the changes that need to be made.

The changes usually have to be made on the Domain Controller which instantly makes the IT department very suspicious (although why they think you are going to sabotage a customers domain controller doesn’t make sense but then you could do it accidently)

So what are SPN’s, they are ways for helping Kerberos authentication when software is split over different servers.

For CRM they are very important because the standard installation involves CRM on seperate server and SQL and SSRS reporting services on at least one other server.  This will mean that when a user’s credentials will need to be passed between servers and that is where Kerberos comes in.

Rather than actually passing credentials CRM will impersonate the user and it will be validated by Kerboros on the different servers.

So how do SPN’s come into play, well a Hosky explanation is when you set an SPN it is basically saying that Kerbero’s authentication is ok on/from this server.

So usually for the CRM server it has an SPN for the crm service account something like

  • HTTP/CRMAppServer
  • HTTP/
  • HTTP/

and the for the CRM server

  • HOST/CRMAppServer
  • HOST/
  • HTTP/

The reason I am writing this blog is because although I have tried to explain it but also so I can always find the link I am going to post below, it is without doubt the most comprehension explanation with instructions I have found on the internet.

It also has lots of other links on how to troubleshoot spn problems.  I would also recommend the article above for people installing the Dynamic Connector because when I have installed that I have run into quite a few SPN problems and the Dynamic Connector has zero help with it and no forum!!!

Using Windows 8 and Windows Server 2012 and CRM 2011

I have been installing some software on Windows Server 2012 and setting up the CRM Outlook Addin on Windows 8.

Using the new version of windows is tricky to begin with because you can’t find anything, navigating around feels like waundering around in a maze.

You come to a crossroads and then head off in one direction hoping it’s the right one.

Some of this is just because it’s different and I’m not used to it and some of it’s weird because it’s made for touch screen devices.  The best way I can describe this is it all feels a bit odd and unintuitive.

Still I don’t want to be a Windows 8 basher, soon enough we will all be used to it and it’s quirks (hopefully with company tablets to ease the pain).

Although I cannot imagine how scores of Office workers will cope, I saw people struggling for months when Microsoft brought in the Ribbon menu.

My installation of CRM 2011 on Windows 2012 was problametic and some of the reason for this is because it isn’t supported.  I stupidly assumed that given the amount of time Microsoft has had they would have sorted this but I ran into a couple of problems and thinking about this it may take them some time to fix these issue

The first problem was the Indexing Services.  One of the prerequisites for installing CRM is turning on File Services, Windows Server 2003 File Services and the all important Indexing Service.

In Windows 2012 the indexing service has gone and CRM isn’t very happy about this at all, in fact you won’t be able to get very far into an install at all.  Daniel Cai has a work around for this on his blog which involves putting the windows indexing service command line tool and dll’s in the System32 folder.

The second problem I had was CRM 2011 was not compatible with IIS 8, I also had problems during the install with messages about.NET 4 etc.

This puts new customers of CRM in a quandry, do they not buy Windows Server 2012 because they won’t be able to install CRM 2011 on it??

I also wonder how long it will take Microsoft to fix this?

Windows 8 had a few problems when using CRM 2011, you have to manually enable Windows Identity Foundation

Also there is a problem using internet explorer 10 but Microsoft have a kb article for that below

Support with Microsoft Dynamics CRM 2011 and Internet Explorer 10 

The problems and rantings above are probably fairly standard stuff for a new  release of a windows operating system, in fact they seem quite minor.

Windows 8 will certainly make the future installations interesting and it’s refreshing in some ways to be involved with new software.

The account specified to run the Microsoft Dynamics CRM application does not have Performance Counter permissions.

If you have installed CRM 2011 you will have almost definitely seen this message.

I am doing it with a Windows 2012 server install and I know how to fix the error but finding Local Users and Groups setting is a puzzle in itself.

The cause of the problem is the CRM service users you specified in your install are not in the Performance Log Users windows group (WHY can’t the installer add them in !!)

To find the Local Users and Groups I went the right, got the right bar with Search, Start and Settings on.

I hit the search

changed the search to settings

type in edit local user


(there is probably a much quicker way of getting to Local Users and Groups but I am currently slowly stumbling my way around Windows server 2012 and Windows 8)

  1. Add the service accounts to the Performance Log Users group.
  2. Press the Back and Forward button on the CRM install

You should no longer receive that error which will leave you to work on any other errors which might pop up


CRM 2011 – Custom reports not working

I had an unusual error today where the default reports worked but any custom reports just whirred a bit and then produced a blank page.

looking at the event viewer logs on the CRM server I found I was getting MSCRMREporting error saying

Report render failure. Error: An error has occurred during report processing. (rsProcessingAborted)

luckily typing this into the internet produced a few hits and this seems to be a problem quite a few people have experienced.

The solution to the problem was to do with SPN (service principal name) not being set.  I believe the reason for this was because I changed the service account which runs the services for CRM and by changing this it somehow had an effect on the reports and current SPN’s were not validating the reports with this new user.

To fix the problem I had to log onto the Domain controller and run this command line setspn instruction

setspn -a http/CRMSERVERNAME DomainName\crm service account

an example would be, if my crm server was called crm, my domain hosk and the user was called crmservice.

setspn -a http/crm hosk\crmservice

It also took me a while to get this to work and it was only when I typed everything in lower case that the setspn instruction finally worked.

I found the solution above from the two links below, they are worth reading because they explain the solution more thoroughly and the first one has other things to try if the setspn instruction does not resolve the problem


Although the link below is a bit more information than you need I did find this quite interesting in explaining about CRM and SPN’s


CRM 2011 Installation and Deployment Certification thoughts

I was looking at the at the CRM 2011 installation certification page today, which you can see by clicking the link below

I usually use the excellent Microsoft E-Learning and use the online training if you work for a partner or you can buy it

  • 80296AE: Microsoft Dynamics CRM 2011 Installation and Deployment (8 Hours)

it’s funny if you went on the training course it would take 2 days but just reading the material takes 8 hours then again I suppose that is two days.  It certainly takes me longer than two days to go through it but that’s because I have to stop each day because I’m bored.

The skills being measured according to the certification site

Planning the Installation (17 percent)

  • Identify the supporting components of a Microsoft Dynamics CRM 2011 implementation.
    • This objective may include: Active Directory; ADFS 2.0; supported email systems for the Email Router; Outlook Client; Reporting Extensions; Language Packs; compatibility with SQL Server 2008 and later; compatibility with Microsoft Office SharePoint Server 2007 and later; compatibility with Windows Server 2008 and later
  • Plan the implementation.
    • This objective may include: planning multiple-server deployment; Microsoft Dynamics CRM 2011 licensing model and license types; planning Active Directory rights; planning multiple organizations; switching between editions
  • Indentify infrastructure requirements, hardware requirements, and software requirements.
    • This objective may include: requirements for each of the Microsoft Dynamics CRM components; requirements for supporting technologies; planning for the number and location of server roles and groups
  • Plan installation user privileges.
    • This objective may include: user rights; creating security groups

Installing Microsoft Dynamics CRM 2011 Server (19 percent)

  • Install services and components.
    • This objective may include: identifying specific accounts for Microsoft Dynamics CRM services
  • Install the Microsoft Dynamics CRM 2011 server.
    • This objective may include: installing sample data; developing a pre-installation checklist; command line installation; troubleshooting issues that prevent successful installation; registering the installation; registering for Windows Updates; deploying a single server; deploying multiple servers
  • Deploy a Microsoft Dynamics CRM website.
    • This objective may include: using Host Headers, when to use HTTPS

Installing and Deploying the Microsoft Dynamics CRM 2011 Email Router (15 percent)

  • Install the Microsoft Dynamics CRM 2011 Email Router.
    • This objective may include: supported email systems ; supported Windows operating systems
  • Configure the Microsoft Dynamics CRM 2011 Email Router.
    • This objective may include: creating incoming and outgoing email profiles; running the Rule Deployment Wizard against Exchange Server; tracking token and smart matching options; using forward mailbox and individual mailbox monitoring; configuring the deployment and specifying default profiles; configuring users with the appropriate messaging options

Installing and Deploying the Microsoft Dynamics CRM 2011 Client for Outlook (16 percent)

  • Identify supported Outlook versions and supported browsers.
    • This objective may include: 32-bit and 64-bit Outlook clients and Internet browsers
  • Install the Microsoft Dynamics CRM 2011 Client for Outlook.
    • This objective may include: command line installation; deployment options; installing from the Microsoft Dynamics CRM web application; identifying upgrade options; register for Windows Updates
  • Configure the Microsoft Dynamics CRM 2011 Client for Outlook.
    • This objective may include: working on-line and off-line; configuring local data groups; configuring for multiple organizations

Configuring Microsoft Dynamics CRM 2011 (16 percent)

  • Install reporting extensions.
    • This objective may include: identifying when reporting extensions are required; using different accounts for the application pools in IIS; when to use the Microsoft Dynamics CRM fetch extension plug-in
  • Configure Microsoft Dynamics CRM 2011 for Internet-facing deployment.
    • This objective may include: identifying IFD and website requirements; implementing claims-based authentication by using Secure Token Services; using AD FS 2.0 as the Secure Token Service
  • Plan and configure high availability options.
    • This objective may include: clustering SQL Server; multiple Microsoft Dynamics CRM servers; network load balancing

Upgrading to and Redeploying Microsoft Dynamics CRM 2011  (17 percent)

  • Plan an upgrade.
    • This objective may include: identifying supported and unsupported components; SQL Server considerations; planning for changes in server URL; upgrading versions earlier than Microsoft Dynamics CRM 4.0; selecting the most appropriate upgrade method (in-place or migration upgrade)
  • Move a Microsoft Dynamics CRM organization to new computers by using the Deployment Manager.
    • This objective may include: identifying the redeployment process; Active Directory considerations; creating and importing organizations; MUI packs; changing an organization’s details; deleting an organization
  • Upgrade multiple servers.
    • This objective may include: upgrading a Microsoft Dynamics CRM 4.0 deployment; upgrading other components, such as the Email Router

I have done a few installation recently and gone through most of the criteria which to me says this exam is testing the correct areas.

when reading through the MOC training I often find useful bits of information I either didn’t know or hadn’t considered.  Which can happen because when you are installing CRM 2011 you are often just focused on installing it and getting it working.

looking at the training/MOC modules gives you a good idea what to study for the exam,  you can see them here and with more detail about the subject

Chapter 1: Microsoft Dynamics CRM Components
Chapter 2: Planning the Installation
Chapter 3: Microsoft Dynamics CRM Server Installation
Chapter 4: Microsoft Dynamics CRM 2011 Reporting Extensions
Chapter 5: Installing and Deploying the E-mail Router
Chapter 6: Microsoft Dynamics CRM for Microsoft Office Outlook
Chapter 7: Configure an Internet-Facing Deployment
Chapter 8: Upgrading to Microsoft Dynamics CRM 2011
Chapter 9: Microsoft Dynamics CRM Deployment Manager
Chapter 10: High-availability Options

CRM 2011 – Server roles and splitting up a CRM installation

Most of the CRM installations I have done have been small installations and all on the same server.

So I found it quite interesting reading about the server roles and how you can split up the installation into Front and Back end server roles.  Installing CRM on one or more servers can give you some performance benefits and according to the manual is recommended for enterprise deployments.

This technet article explains the different roles and then goes through in more depth what is run and where (e.g. discovery web service, help server etc)

Server Role Group Description Scope Installation Method
Full Server Contains all roles from Front End Server, Back End Server, and . By default, Microsoft Dynamics CRM Server Setup deploys the system as Full Server. In a Full Server deployment, server roles are not listed separately in Control Panel. To view the installed roles or make changes, right-click Microsoft Dynamics CRM Server 2011, click Uninstall/Change, and then clickConfigure. Deployment Full
Front End Server Enables the server roles for running client applications and applications developed with the Microsoft Dynamics CRM SDK. Deployment Group or Full
Back End Server Includes the server roles that handle processing asynchronous events, such as workflows and custom plug-ins. These roles are usually not exposed to the Internet.

For a list of server roles that are included in this group, see the following table.

Deployment Group or Full
Enables the server roles for components that are used to manage the Microsoft Dynamics CRM deployment either by using the methods described in the Microsoft Dynamics CRM SDK or the deployment tools.

For a list of server roles that are included in this group, see the following table.

Deployment Group or Full


in basic terms the front end server runs

  • The web application
  • discovery web service
  • organisational web service
  • help server

The back end server will run the CRM Services, e.g

  • Asynchronous Processing Service
  • Sandbox Processing

The manual suggest the back end roles is not exposed to the internet, which makes sense because the back end roles is basically where all your .NET plugins and code are run.

You can also choose where to install the Deployment manager and deployment webservice, which is under Deployment Administration server role.

Another interesting point I noticed is the Microsoft CRM Unzip services is on the front end server and this service handles the uncompressing of zipped files for data import and I also imagine the solution imports.

CRM 2011 – The report server cannot decrypt the symmetric key that is used to access sensitive or encrypted data in a report server database.

I was installing CRM 2011 and I almost had all my ducks in a row and was close to finishing the installation and then I hit problems with Reporting Services.

Anyone who installs CRM 2011 on a regular basis will know that most of the problems you have is with reporting services.

The last time I install CRM 2011 I had a problem with the reporting services, firstly I had to activate it and then manually set it up.  Then I had run the latest SQL server service pack to upgrade the reporting services so it was a compatible version.

Back to today’s problem.  luckily this error message was a popular one.  The problem seemed to be when accessing the reporting server it couldn’t descrtyp the information.

The solution to this problem, the two blogs below have the solution

Basically you have to delete the current encryption key and create a new.

I wasn’t sure if there were any reports which already existed because if their were you have to then go through and change the credentials for all of them.

to see if they had any reports I ran this SQL on the reporting services database

FROM [ReportServer].[dbo].[Catalog]

If the SQL statement doesn’t return anything or just one row then they haven’t been using reporting services.

In this case I don’t think reporting services had been probably setup or the person hadn’t finished setting it up.

I went through the steps covered in the blog and finished the installation.

CRM 2011 – No reports working in CRM

I had a very odd and unusual problem, actually I say that most problems that involve reporting services are almost always odd and not unusual.

I was working on CRM which had already been setup (not by be) and the users were having problems with reports.

The problem was none of the built in reports were working, you also couldn’t upload any reports.

When you tried to run a report I got a

Microsoft CRM Error Report saying

Cannot run OOB report, unless SRS Data connector is installed

it is possible to use CRM with out SRS data connector working, you won’t have any reports.  The odd thing here was all the reports were in CRM, they just weren’t working.

I installed the SRS data connector but I was still getting the error message.

Initially I thought the problems were because the installation was done on a named instance.

The installation of the SRS connector seemed to work without any problems.  So I tried running the repairs and configs on the CRM server, still no joy.

I finally disabled the organisation, edited the organisation and then pressed next.  I got a message about the SQL server setup.

I ran the SQL Server configuration tool and found the FULL TEXT Search, SQL Server Replication and Client Tools connectivity had not been enabled.

I added the in and reinstalled the SRS Connector.  I now got a different error message in reports

Error occurred while getting the data source contents

which finally took me to this blog page

One thing I also noticed is that when I went to the reports manager


there were no reports for any organisations, which explained why I couldn’t run any of the default reports but the question was how do I load them.

The blog post above says you can use the tool


which is a command line tool to load the default reports, you need to just pass it the name of your organisation

publishreports organisationName

after running this the reports were loaded into CRM and I could finally run reports.

it took me ages but I finally resolved all the problems

CRM 2015 – Getting the CRM License from the database


A customer was moving their CRM installation to a brand new server and wanted to know the CRM license key.

I note down the CRM license key for each installation and keep them in CRM (where else would I put it!), you can also retrieve this information from partnersource or voice.

You can retrieve it from the MSCRM_CONFIG database with the SQL below.  The query is different for each version of CRM, Microsoft has a new column for each version of CRM.


SELECT LicenseKeyV5RTM FROM ConfigSettings

This is useful if you have inherited a CRM on premise .

I was updating this post and found this post had instructions to retrieve the license key from CRM 2013 and CRM 2015.
Dynamics CRM 2013

SELECT [NvarCharColumn] AS CRM2013LicenseKey FROM [MSCRM_CONFIG].[dbo].[ConfigSettingsProperties] S WHERE S.ColumnName = ‘LicenseKeyV6RTM’
Dynamics CRM 2015

SELECT [NvarCharColumn] AS CRM2015LicenseKey FROM [MSCRM_CONFIG].[dbo].[ConfigSettingsProperties] S WHERE S.ColumnName = ‘LicenseKeyV7RTM’