After a recent upgrade CRM had stopped working on our new Server 2012 based server. During the upgrade CRMs application had been whiped and simply adding the the old folder back to IIS 8.0 (And setting up the proper permissions) did help in recovering the web based service but this did not fix the issues for CRM in Outlook 2010.
Note: If you do not wish to read all my mad ramblings of how I trouble-shot this issue scroll down for the short guide.
Using Fiddler we discover that there is a 401 error stating to use we don’t have the correct permissions to access this folder. This error occurs when accessing /Contoso/XRMServices/2011/Organization.svc. At first my thoughts goto the URL Rewrite module CRM comes with (and Server 2012 did not install). So I downloaded the Web Platform Installer 4.0 and ran the install for URL Rewrite 2.0 but this strangely enough revealed that there where no ReWrites in place at all and looking at the web.config in the installation media using WinMerge I came to the conclusion that the web.config on my server was identical.
Next I decided to run through the Redist folder and attempt to see if I needed anything from here to make stuff work;
- dotNETFX
- .NET 4 is already a part of Server 2012. No changes needed
- DotNetServicesSDK (Azure App Fabric 1.0)
- Ran the repair from the wizard
- IDCRL (Windows Live ID Sign in Assistant)
- Did not seem to do much running the MSI. Even Viewer revealed the following information:Windows Installer installed the product. Product Name: Windows Live ID Sign-in Assistant. Product Version: 6.500.3165.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
- MSI45 (Windows Installer 4.5)
- This is already pre-packed into Server 2012 so not needed
- Report Viewer
- Ran the repair
- SQLCE & SQLExpr
- Skipped these, client-side requirements.
- SQLNativeClient (SQL 2008 Native Client)
- Ran the repair
- UrlRewriteModule
- Already installed version 2.0 via Web Platform Installer
- VCRedist
- Ran the repair
- WindowsIdentityFoundation
- This can (and was) already installed via Windows Features.
Another requirement is Microsoft Application Error Reporting (Version 12.0.6015.5000) which can be found at D:\Server\amd64\DW\DW20SharedAmd64.msi.
Next I forced a run of D:\Server\amd64\Microsoft.Crm.Setup.Server.exe and selected “Repair”, this resulted in it giving several errors which where completely without debugging information.
However this does produce a logfile on %AppData%\Microsoft\MSCRM\Logs\crm50svrsetup.log which yielded more usefull info.
10:15:38| Error| Check WindowsSearchServiceRunningValidator : Failure: The system cannot find the file specified 10:15:43| Error| Check IisAdminServiceValidator : Failure: The system cannot find the file specified 10:15:43| Error| Check NTAuthenticationProvidersValidator : Failure: The system cannot find the file specified
Windows Search Service and IIS Admin Service could be installed from the Add Roles and Features Wizard and required a reboot. After the reboot I was no longer capable of running any of the setup programs, including the uninstall feature. CRM would load the Setup installer but not show the actual GUI for it.
I decided to attack the problem via a different route. Installing a fresh 2008 R2 server and installing a fresh CRM 2011 on that. Using this I discovered that CRM used 3 applications; The root, /Help & XRMDeployment (The last one in it’s own Application Pool.
Both AppPools where running .NET 4, Classic Mode, using the Network Service Identity (this could be different in your deployment) had “Idle Time-out (minutes) set to 1500.
Then I subbornly checked the URL Rewrites again on the 2008 R2 installation and behold… It all of a sudden did have rewrite rules in place.
<rewrite>
<rules>
<rule name="ClientGlobalContextRule" stopProcessing="true">
<match url="/?([0-9a-zA-Z][^/]*)?/?((?:%7b|\{)[^/]*(?:%7d|\}))?/?(WebResources|Handlers)/ClientGlobalContext.js.aspx" />
<action type="Rewrite" url="/{R:1}/_Common/ClientGlobalContext.js.aspx" />
</rule>
<rule name="WebResourcesRule" stopProcessing="true">
<match url="/?([0-9a-zA-Z][^/]*)?/?((?:%7b|\{)[^/]*(?:%7d|\}))?/?webresources/([^\\?]+)" />
<action type="Rewrite" url="/{R:1}/Handlers/WebResource.ashx?name={R:3}" />
</rule>
<rule name="FederationMetadataRule" stopProcessing="true">
<match url="FederationMetadata/2007-06/FederationMetadata.xml" />
<action type="Rewrite" url="/Handlers/FederationMetadata.ashx" />
</rule>
</rules>
</rewrite>
This however still had no influance on the /CONTOSO/XRMServices/2011/Organization.svc url which now did return a custom error page stating that an error had occured. Reviewing the Event Log on the CRM server reveals:
Exception message: The authentication schemes configured on the host (‘IntegratedWindowsAuthentication’) do not allow those configured on the binding ‘CustomBinding’ (‘Anonymous’). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
This made me go back into the web.config and notice -alot- of problems (syntax adjustments to the web.config) caused by the “migration” between Server 2008 and 2012. What I ended up doing is basically transform the web.config into the format that is exactly the same as the one used on CRM on the 2008 server. Running an IISReset afterwards confirmed the fix.
The short version
- Make a backup of the current web.config from C:\Program Files\Microsoft Dynamics CRM\CRMWeb on an external client.
- Upgrade to Server 2012.
- Remake the CRM website from the base directory C:\Program Files\Microsoft Dynamics CRM\CRMWeb.
- Create 2 Application pools in Classic mode, running under the proper account (in my case Network Systems) and with an Idle Time-out of 1500
- CRM
- CRMXRMDeploy
- Install Web Platform Installer and download URL Rewrite 2.0
- Copy the web.config back into place. (In case you did not do a backup you can download the web.config I used here.
Note: I have not done the above steps myself but from constructed a guide from the issues I ran into. This guide could need additional steps.