locked
Microsoft Dynamic CRM 3.0 : Installation problem error CS0647 RRS feed

  • Question

  • i tried to install microsoft dynamic crm, in the middle of installation process when it came to connect to exchange server, there was error pop out says "error CS0647: error emitting 'System.Security.Permissions.PermissionsSet Attribute'". Why did it happen? I don't know how to solve this. Somebody please help me

     

    Tuesday, January 29, 2008 9:46 AM

Answers

  •  

    1. You may not have domain administrator rights on domain. It is not required but it is recommanded that you should have domain administrator rights while you are installing CRM. It is recommanded that you create a new user in active directory in the domain admin group and install CRM using this newly created username and password.

     

    2. Don't forget to check allow trust for delegation for CRM computer in active directory

     

    3. If you want to install MS CRM even without having domain administrator role, follow steps at http://support.microsoft.com/kb/908984

     

    How to install Microsoft Dynamics CRM 3.0 as a user who is not a domain administrator by using the minimum required permissions
    INTRODUCTION
    This article discusses the minimum permissions that are required for a user who is not a domain administrator to install Microsoft Dynamics CRM 3.0. During the installation, the Environment Diagnostic Wizard checks whether the installing user has the minimum required permissions. If the minimum required permissions are not met, you receive an error message.


    SUMMARY
    You have two options when you install Microsoft CRM by using the minimum required permissions for the installing user. You can use pre-created groups, or you can let the Microsoft CRM server Setup program create the groups during the installation.

    Additional steps are required when you install Microsoft CRM to an existing Microsoft SQL Server Reporting Services (SSRS) installation.

    You can also choose to turn the Auto Group Management functionality on or off. When you turn Auto Group Management on, Microsoft CRM automatically adds the appropriate user and computer accounts to the required groups. When you turn Auto Group Management off, Microsoft CRM does not automatically add these accounts. In this case, a domain administrator must add the appropriate user and computer accounts to the required groups.

    You may receive the following Active Directory directory service warning in the Environment Diagnostic Wizard:
    Current user does not have permissions to set the Trust for Delegation property
    If you receive this message, visit the following Microsoft Web site to download the Microsoft white paper that discusses how to set the Trust for Delegation property:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=51bf9f20-bd00-4759-8378-b38eefda7b99&DisplayLang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=51bf9f20-bd00-4759-8378-b38eefda7b99&DisplayLang=en)


    MORE INFORMATION
    Install by using pre-created Active Directory security groups
    Install Microsoft CRM by using pre-created Active Directory security groups. To do this, follow these steps.
    Note If you are enabling Microsoft CRM Setup to install Reporting Services, go to step 2.
    1. Install Microsoft CRM to an existing Reporting Services installation by adding the Content Manager role at the root level and the System Administrator role at site-wide level for the installing user account. To do this, follow these steps on the Reporting Services server: a.  Click Start, click Programs, click Microsoft SQL Server, click Reporting Services, and then click Report Manager.
    b.  Click the Properties tab. Then click New Role Assignment.
    c.  Enter the name of the installing user in the Group or user name text box, click to select the check box that is next to Content Manager, and then click OK.

    Note Use the following format when you enter the name of the installing user:

    DomainName\UserName
    d.  In the upper-right corner, click Site Settings.
    e.  Under the Security heading, click Configure site-wide security, and then click New Role Assignment.
    f.  Enter the name of the installing user in the Group or user name text box, click to select the check box that is next to System Administrator, and then click OK.

    Note Use the following format when you enter the name of the installing user:

    DomainName\UserName
     
    2. Create the following four security groups in Active Directory: • PrivUserGroup
    • ReportingGroup
    • SQLAccessGroup
    • UserGroup
    Repeat steps 2a through 2f for each group that is in the list. a.  Log on to the domain controller server as a user who has domain administrator permissions.
    b.  Click Start, click Administrative Tools, and then expand Active Directory Users and Computers to the root of the domain or to the specific organizational unit (OU) that you want to use to install Microsoft CRM.
    c.  Right-click the domain root or the OU that you want to use, click New, and then click Group.
    d.  In the Group Name field, enter the name of the group. For example, type PrivUserGroup.
    e.  If your domain functional level is Microsoft Windows Server 2003 or Microsoft Windows 2000 native, click Domain local in the Group scope list. If your domain functional level is Windows 2000 mixed, click Global in the Group scope list.
    f.  Click OK.
     
    3. Add the installing user account as a member of the Local Administrator group. You must complete steps 3a through 3e on the Microsoft CRM server and on the computer that is running Microsoft SQL Server. a.  Log on to the server as a user who has local administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Computer Management.
    c.  Expand System Tools, expand Local Users and Groups, and then expand Groups.
    d.  Right-click Administrators. Then click Properties.
    e.  Click Add to add the installing user account.
     
    4. If you will turn on Auto Group Management for the installation in the "Set the Auto Group Management option" section, add the following Allow permissions to the security groups in Active Directory for the installing user account:

    Permissions • Read
    • Write
    • Add/Remove self as member
    Advanced permissions • List Contents
    • Read All Properties
    • Write All Properties
    • Read Permissions
    • Modify Permissions
    • All Validated Writes
    • Add/Remove self as member
    Note If you will turn off Auto Group Management for the installation, you will have to take the following actions when you log on initially and any time that a change must be made to the groups: • Log on by using a user account that has the necessary rights.
    • Manually add the users and computers to the appropriate security groups.


    To add the Allow permissions, follow steps 4a through 4i for each security group that you created in step 2: a.  Log on to the domain controller server as a user who has domain administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
    c.  On the View menu, click Advanced Features.
    d.  In the navigation pane, expand the tree to the security group, right-click the security group, click Properties, and then click the Security tab.
    e.  From the Group or user names list, select the installing user account if the account is listed. If the account is not listed, click Add to add the installing user account.
    f.  Click to select the check box in the Allow column for the Write permission. This action causes the system to automatically select the check box for the Add/Remove self as member permission.

    Note By default, the Read permission is set to Allow.
    g.  Click Advanced. From the Permission entries list, select the installing user account, and then click Edit.
    h.  Click to select the check box in the Allow column for the Modify Permissions permission.

    Note By default, the List Contents, Read All Properties, Write All Properties, Read Permissions, All Validated Writes, and Add/Remove self as member permissions are set to Allow.
    i.  Click OK three times.
     
    5. Create a configuration file to point to Microsoft CRM to use the pre-created Active Directory security groups. To do this, follow these steps: a.  Create an XML file that uses the syntax that is in the following example. Modify the variables as appropriate. The table that follows the sample code shows how to modify the variables that are in this example.

    In the following sample code, the XML file is named Config_precreate.xml and the domain name is microsoft.com. These names represent the actual names that you use. The Active Directory hierarchy is as follows: root domain, Company Name OU, Company Name OU.

    Note The Organization, SqlServer, Database create, InstallDir, and WebSiteUrl entries are optional.
    <CRMSetup>
     <Server>
             <LicenseKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</LicenseKey>
             <Groups AutoGroupManagementOff="true">
                <PrivUserGroup>CN=PrivUserGroup,OU=Company Name,OU=Company Name,DC=microsoft,DC=com</PrivUserGroup>
                <SQLAccessGroup>CN=SQLAccessGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</SQLAccessGroup>
                <UserGroup>CN=UserGroup,OU=Company Name,OU=Company Name,DC=microsoft,DC=com</UserGroup>
                <ReportingGroup>CN=ReportingGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</ReportingGroup>
             </Groups>
            <Organization>Company Name</Organization>
            <SqlServer>SQLServerName</SqlServer>
            <Database create="true"/>
            <InstallDir>C:\Program Files\Microsoft CRM</InstallDir>
            <WebSiteUrl>/LM/W3SVC/1</WebSiteUrl>
        </Server>
    </CRMSetup>

    In this example, modify the parameters by using the following replacement values. Parameter Replacement value
    XXXXX-XXXXX-XXXXX-XXXXX-XXXXX The license key.
    PrivUserGroup The name of the PrivUserGroup security group, including the GUID.
    Company Name The registered name of the company.
    microsoft The domain name.
    com The domain extension.
    SQLAccessGroup The name of the SQLAccessGroup security group, including the GUID.
    UserGroup The name of the UserGroup security group, including the GUID.
    ReportingGroup The name of the ReportingGroup security group, including the GUID.
    SQLServerName The name of the Microsoft SQL Server server.
    C:\Program Files\Microsoft CRM The directory in which you want to install Microsoft CRM. This example uses the default installation directory.
    /LM/W3SVC/1 The Web site on which you want to install Microsoft CRM. This example uses the default Web site.
     
    b.  Run the Microsoft CRM Server installation. To do this, click Start, click Run, type C:\ServerSetup.exe /config C:\config precreate.xml, and then click OK.
     

     

    Install by having Setup create Active Directory security groups
    Install Microsoft CRM by having Microsoft CRM Setup create the Active Directory security groups. To do this, follow these steps.
    Note If you are enabling the Microsoft CRM setup to install Reporting Services, go to step 2.
    1. If you are installing to an existing Reporting Services installation, add the Content Manager role at the root level and the System Administrator Role at site-wide level for the installing user account. To do this, follow these steps on the Reporting Services server: a.  Click Start, click Programs, click Microsoft SQL Server, click Reporting Services, and then click Report Manager.
    b.  Click the Properties tab, and then click New Role Assignment.
    c.  In the Group or user name text box, enter the name of the installing user, click to select the check box next to Content Manager, and then click OK.

    Note Use the following format when you type the name of the installing user:

    DomainName\UserName
    d.  In the upper-right corner, click Site Settings.
    e.  Under the Security heading, click Configure site-wide security. Then click New Role Assignment.
    f.  In the Group or user name text box, enter the name of the installing user, click to select the check box that is next to System Administrator, and then click OK.

    Note Use the following format when you type the name of the installing user:

    DomainName\UserName
     
    2. Add the installing user account as a member of the local administrator group. To do this, follow these steps on the Microsoft CRM server and the on computer that is running Microsoft SQL Server: a.  Log on to the server as a user who has local administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Computer Management.
    c.  Expand System Tools, expand Local Users and Groups, and then expand Groups.
    d.  Right-click Administrators. Then click Properties.
    e.  Click Add to add the installing user account.
     
    3. Add the following permissions to the organizational unit (OU) in Active Directory for the installing user account. You will have to do this for the OU that you will choose to install to during the installation.

    Permissions • Read
    • Create All Child Objects
    Advanced permissions • Read Permissions
    • Modify Permissions
    • Read Members
    • Write Members
    To add the Allow permissions, follow these steps: a.  Log on to the domain controller server as a user who has domain administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
    c.  On the View menu, click Advanced Features.
    d.  In the navigation pane, expand the tree to the node that contains the security group to find the OU that you want to use for the Microsoft CRM installation.
    e.  Right-click, click Properties, and then click the Security tab.
    f.  In the Group or user names list, click the installing user account if the account is listed. If the account is not listed, click Add to add the installing user account.
    g.  In the Allow column, click to select the check box for the Create All Child Objects permission.

    Note By default, the Read permission is set to Allow.
    h.  Click Advanced.
    i.  In the Permission entries list, click Add, select the installing user account, and then click OK.
    j.  In the Apply onto list, click Group objects.
    k.  In the Allow column, click to select the check boxes for Read Permissions and for Modify Permissions.
    l.  Click the Properties tab.
    m.  In the Apply onto list, click Group objects.
    n.  In the Allow column, click to select the check boxes for Read Members and for Write Members.
    o.  Click OK three times.
     

     

    Set the Auto Group Management option
    Use the appropriate method to set the AutoGroupManagementOff option. When you do not specify a value for the AutoGroupManagementOff option, the default value is "false." Therefore, the default status for the Auto Group Management functionality is that the functionality is turned on.

    Choose method 1 to have the option remain set to "false" and to have Auto Group Management turned on. Or choose method 2 to set the option to "true" and to have Auto Group Management turned off.
    Note The Auto Group Management option can be used only if you are installing Microsoft CRM by using pre-created Active Directory security groups.
    Method 1: Set the AutoGroupManagementOff option to "false"
    Create an XML file that uses the syntax in the following example. Modify the variables as appropriate. To modify the variables that are in this example, refer to the table that is in step 5 in the "Install by using pre-created Active Directory security groups" section as a guideline.

    In this example, the XML file is named Config_precreate.xml and the domain name is microsoft.com. These names represent the actual names that you use. The Active Directory hierarchy is as follows: root domain, Company Name OU, Company Name OU.
    Note The Organization, SqlServer, Database create, InstallDir, and WebSiteUrl entries are optional.
    <CRMSetup>
     <Server>
             <LicenseKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</LicenseKey>
             <Groups>
                <PrivUserGroup>CN=PrivUserGroup,OU=Company Name,OU=Company Name,DC=microsoft,DC=com</PrivUserGroup>
                <SQLAccessGroup>CN=SQLAccessGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</SQLAccessGroup>
                <UserGroup>CN=UserGroup,OU=Company Name,OU=Company Name,DC=microsoft,DC=com</UserGroup>
                <ReportingGroup>CN=ReportingGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</ReportingGroup>
             </Groups>
            <Organization>Company Name</Organization>
            <SqlServer>SQLServerName</SqlServer>
            <Database create="true"/>
            <InstallDir>C:\Program Files\Microsoft CRM</InstallDir>
            <WebSiteUrl>/LM/W3SVC/1</WebSiteUrl>
        </Server>
    </CRMSetup>

    Method 2: Set the AutoGroupManagementOff option to "true"
    1. Create an XML file that uses the syntax that is in the following example. Modify the variables as appropriate. To modify the variables that are in this example, refer to the table that is in step 5 in the "Install by using pre-created Active Directory security groups" section as a guideline.

    In this example, the XML file is named Config_manageoff.xml and the domain name is microsoft.com These names represent the actual names that you use. The Active Directory hierarchy is as follows: root domain, Company Name OU, Company Name OU.

    Note: The Organization, SqlServer, Database create, InstallDir, and WebSiteUrl entries are optional.
    <CRMSetup>
     <Server>
             <LicenseKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</LicenseKey>
             <Groups AutoGroupManagementOff="true">
                <PrivUserGroup>CN=PrivUserGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</PrivUserGroup>
                <SQLAccessGroup>CN=SQLAccessGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</SQLAccessGroup>
                <UserGroup>CN=UserGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</UserGroup>
                <ReportingGroup>CN=ReportingGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</ReportingGroup>
      </Groups>
           <Organization>Company Name</Organization>
           <SqlServer>SQLServerName</SqlServer>
           <Database create="true"/>
            <InstallDir>C:\Program Files\Microsoft CRM</InstallDir>
            <WebSiteUrl>/LM/W3SVC/1</WebSiteUrl>
        </Server>
    </CRMSetup>

     
    2. Add the appropriate user and computer accounts as members of the groups that are in the following list.

    Note You must follow this step only if the AutoGroupManagementOff option is set to "true."

    PrivUserGroup • The account that the CRMAppPool uses
    • The account that the ASP.NET process model uses
    • The user account that runs the Microsoft CRM installation
    • The computer account on which the Microsoft CRM-Exchange E-mail Router will be installed

    ReportingGroup • All Microsoft CRM user accounts, including the installing user

    SQLAccessGroup • The account that the CRMAppPool uses
    • The account that the ASP.NET process model uses
    • The user account that runs the Microsoft CRM installation

    UserGroup • All Microsoft CRM user accounts, including the installing user
    To add the accounts, follow these steps for each group that is in the list.

    Note If Microsoft Internet Information Services (IIS) 6.0 or 5.0 is running in Isolation mode, you must add the LocalSystem account to the PrivUserGroup group and to the SQLAccessGroup group. a.  Log on to the domain controller server as a user who has domain administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
    c.  In the navigation pane, expand the tree to the node that contains the security group, right-click the security group, click Properties, and then click the Members tab.
    d.  To add a user account, click Add, and then click OK. To add a computer account, click Object Types, click to select the check box that is next to Computers, and then click OK.
     
    3. Run the Microsoft CRM server installation. To do this, follow these steps: a.  Click Start, click Run, and then type C:\ServerSetup.exe /config C:\config manageoff.xml.
    b.  Click OK.
    Note In this step, config manageoff.xml represents the actual name of the XML file that you created.
    To verify which account the CRMAppPool uses, follow these steps on the Microsoft CRM server: 1. Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
    2. Expand the computer name. Then expand Application Pools.
    3. Right-click CRMAppPool, click Properties, and then click the Identity tab.
    The NetworkService and LocalSystem accounts are both represented by the DomainName\ComputerName$ account. Therefore, when you must add the NetworkService account or the LocalSystem account to a security group, you must also add the DomainName\ComputerName$ account.

    If the Configurable option is selected, you must add the specified user account to the security group. The specified user account appears in a text box.

    To verify which account the ASP.NET process model uses, follow these steps on the Microsoft CRM server: 1. In Windows Explorer, open the following folder:

    C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG
    2. Right-click machine.config, click Open With, and then click Notepad.
    3. Search for the word username in the text. The file will contain multiple instances of the word. Locate the fifth instance of "username" that is in the text. The value for the fifth instance of "username" is the account that the ASP.NET process uses.
    The SYSTEM and machine accounts are both represented by the DomainName\ComputerName$ account. Therefore, when you must add the SYSTEM account or the machine account to a security group, you must also add the DomainName\ComputerName$ account.

    If a user name is specified in the Machine.config file, you must add the specified user account to the security group.

    Tuesday, January 29, 2008 2:07 PM

All replies

  • Tuesday, January 29, 2008 10:57 AM
  • Please further explanation, i still don't get it.

     

    Tuesday, January 29, 2008 11:58 AM
  •  

    1. You may not have domain administrator rights on domain. It is not required but it is recommanded that you should have domain administrator rights while you are installing CRM. It is recommanded that you create a new user in active directory in the domain admin group and install CRM using this newly created username and password.

     

    2. Don't forget to check allow trust for delegation for CRM computer in active directory

     

    3. If you want to install MS CRM even without having domain administrator role, follow steps at http://support.microsoft.com/kb/908984

     

    How to install Microsoft Dynamics CRM 3.0 as a user who is not a domain administrator by using the minimum required permissions
    INTRODUCTION
    This article discusses the minimum permissions that are required for a user who is not a domain administrator to install Microsoft Dynamics CRM 3.0. During the installation, the Environment Diagnostic Wizard checks whether the installing user has the minimum required permissions. If the minimum required permissions are not met, you receive an error message.


    SUMMARY
    You have two options when you install Microsoft CRM by using the minimum required permissions for the installing user. You can use pre-created groups, or you can let the Microsoft CRM server Setup program create the groups during the installation.

    Additional steps are required when you install Microsoft CRM to an existing Microsoft SQL Server Reporting Services (SSRS) installation.

    You can also choose to turn the Auto Group Management functionality on or off. When you turn Auto Group Management on, Microsoft CRM automatically adds the appropriate user and computer accounts to the required groups. When you turn Auto Group Management off, Microsoft CRM does not automatically add these accounts. In this case, a domain administrator must add the appropriate user and computer accounts to the required groups.

    You may receive the following Active Directory directory service warning in the Environment Diagnostic Wizard:
    Current user does not have permissions to set the Trust for Delegation property
    If you receive this message, visit the following Microsoft Web site to download the Microsoft white paper that discusses how to set the Trust for Delegation property:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=51bf9f20-bd00-4759-8378-b38eefda7b99&DisplayLang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=51bf9f20-bd00-4759-8378-b38eefda7b99&DisplayLang=en)


    MORE INFORMATION
    Install by using pre-created Active Directory security groups
    Install Microsoft CRM by using pre-created Active Directory security groups. To do this, follow these steps.
    Note If you are enabling Microsoft CRM Setup to install Reporting Services, go to step 2.
    1. Install Microsoft CRM to an existing Reporting Services installation by adding the Content Manager role at the root level and the System Administrator role at site-wide level for the installing user account. To do this, follow these steps on the Reporting Services server: a.  Click Start, click Programs, click Microsoft SQL Server, click Reporting Services, and then click Report Manager.
    b.  Click the Properties tab. Then click New Role Assignment.
    c.  Enter the name of the installing user in the Group or user name text box, click to select the check box that is next to Content Manager, and then click OK.

    Note Use the following format when you enter the name of the installing user:

    DomainName\UserName
    d.  In the upper-right corner, click Site Settings.
    e.  Under the Security heading, click Configure site-wide security, and then click New Role Assignment.
    f.  Enter the name of the installing user in the Group or user name text box, click to select the check box that is next to System Administrator, and then click OK.

    Note Use the following format when you enter the name of the installing user:

    DomainName\UserName
     
    2. Create the following four security groups in Active Directory: • PrivUserGroup
    • ReportingGroup
    • SQLAccessGroup
    • UserGroup
    Repeat steps 2a through 2f for each group that is in the list. a.  Log on to the domain controller server as a user who has domain administrator permissions.
    b.  Click Start, click Administrative Tools, and then expand Active Directory Users and Computers to the root of the domain or to the specific organizational unit (OU) that you want to use to install Microsoft CRM.
    c.  Right-click the domain root or the OU that you want to use, click New, and then click Group.
    d.  In the Group Name field, enter the name of the group. For example, type PrivUserGroup.
    e.  If your domain functional level is Microsoft Windows Server 2003 or Microsoft Windows 2000 native, click Domain local in the Group scope list. If your domain functional level is Windows 2000 mixed, click Global in the Group scope list.
    f.  Click OK.
     
    3. Add the installing user account as a member of the Local Administrator group. You must complete steps 3a through 3e on the Microsoft CRM server and on the computer that is running Microsoft SQL Server. a.  Log on to the server as a user who has local administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Computer Management.
    c.  Expand System Tools, expand Local Users and Groups, and then expand Groups.
    d.  Right-click Administrators. Then click Properties.
    e.  Click Add to add the installing user account.
     
    4. If you will turn on Auto Group Management for the installation in the "Set the Auto Group Management option" section, add the following Allow permissions to the security groups in Active Directory for the installing user account:

    Permissions • Read
    • Write
    • Add/Remove self as member
    Advanced permissions • List Contents
    • Read All Properties
    • Write All Properties
    • Read Permissions
    • Modify Permissions
    • All Validated Writes
    • Add/Remove self as member
    Note If you will turn off Auto Group Management for the installation, you will have to take the following actions when you log on initially and any time that a change must be made to the groups: • Log on by using a user account that has the necessary rights.
    • Manually add the users and computers to the appropriate security groups.


    To add the Allow permissions, follow steps 4a through 4i for each security group that you created in step 2: a.  Log on to the domain controller server as a user who has domain administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
    c.  On the View menu, click Advanced Features.
    d.  In the navigation pane, expand the tree to the security group, right-click the security group, click Properties, and then click the Security tab.
    e.  From the Group or user names list, select the installing user account if the account is listed. If the account is not listed, click Add to add the installing user account.
    f.  Click to select the check box in the Allow column for the Write permission. This action causes the system to automatically select the check box for the Add/Remove self as member permission.

    Note By default, the Read permission is set to Allow.
    g.  Click Advanced. From the Permission entries list, select the installing user account, and then click Edit.
    h.  Click to select the check box in the Allow column for the Modify Permissions permission.

    Note By default, the List Contents, Read All Properties, Write All Properties, Read Permissions, All Validated Writes, and Add/Remove self as member permissions are set to Allow.
    i.  Click OK three times.
     
    5. Create a configuration file to point to Microsoft CRM to use the pre-created Active Directory security groups. To do this, follow these steps: a.  Create an XML file that uses the syntax that is in the following example. Modify the variables as appropriate. The table that follows the sample code shows how to modify the variables that are in this example.

    In the following sample code, the XML file is named Config_precreate.xml and the domain name is microsoft.com. These names represent the actual names that you use. The Active Directory hierarchy is as follows: root domain, Company Name OU, Company Name OU.

    Note The Organization, SqlServer, Database create, InstallDir, and WebSiteUrl entries are optional.
    <CRMSetup>
     <Server>
             <LicenseKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</LicenseKey>
             <Groups AutoGroupManagementOff="true">
                <PrivUserGroup>CN=PrivUserGroup,OU=Company Name,OU=Company Name,DC=microsoft,DC=com</PrivUserGroup>
                <SQLAccessGroup>CN=SQLAccessGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</SQLAccessGroup>
                <UserGroup>CN=UserGroup,OU=Company Name,OU=Company Name,DC=microsoft,DC=com</UserGroup>
                <ReportingGroup>CN=ReportingGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</ReportingGroup>
             </Groups>
            <Organization>Company Name</Organization>
            <SqlServer>SQLServerName</SqlServer>
            <Database create="true"/>
            <InstallDir>C:\Program Files\Microsoft CRM</InstallDir>
            <WebSiteUrl>/LM/W3SVC/1</WebSiteUrl>
        </Server>
    </CRMSetup>

    In this example, modify the parameters by using the following replacement values. Parameter Replacement value
    XXXXX-XXXXX-XXXXX-XXXXX-XXXXX The license key.
    PrivUserGroup The name of the PrivUserGroup security group, including the GUID.
    Company Name The registered name of the company.
    microsoft The domain name.
    com The domain extension.
    SQLAccessGroup The name of the SQLAccessGroup security group, including the GUID.
    UserGroup The name of the UserGroup security group, including the GUID.
    ReportingGroup The name of the ReportingGroup security group, including the GUID.
    SQLServerName The name of the Microsoft SQL Server server.
    C:\Program Files\Microsoft CRM The directory in which you want to install Microsoft CRM. This example uses the default installation directory.
    /LM/W3SVC/1 The Web site on which you want to install Microsoft CRM. This example uses the default Web site.
     
    b.  Run the Microsoft CRM Server installation. To do this, click Start, click Run, type C:\ServerSetup.exe /config C:\config precreate.xml, and then click OK.
     

     

    Install by having Setup create Active Directory security groups
    Install Microsoft CRM by having Microsoft CRM Setup create the Active Directory security groups. To do this, follow these steps.
    Note If you are enabling the Microsoft CRM setup to install Reporting Services, go to step 2.
    1. If you are installing to an existing Reporting Services installation, add the Content Manager role at the root level and the System Administrator Role at site-wide level for the installing user account. To do this, follow these steps on the Reporting Services server: a.  Click Start, click Programs, click Microsoft SQL Server, click Reporting Services, and then click Report Manager.
    b.  Click the Properties tab, and then click New Role Assignment.
    c.  In the Group or user name text box, enter the name of the installing user, click to select the check box next to Content Manager, and then click OK.

    Note Use the following format when you type the name of the installing user:

    DomainName\UserName
    d.  In the upper-right corner, click Site Settings.
    e.  Under the Security heading, click Configure site-wide security. Then click New Role Assignment.
    f.  In the Group or user name text box, enter the name of the installing user, click to select the check box that is next to System Administrator, and then click OK.

    Note Use the following format when you type the name of the installing user:

    DomainName\UserName
     
    2. Add the installing user account as a member of the local administrator group. To do this, follow these steps on the Microsoft CRM server and the on computer that is running Microsoft SQL Server: a.  Log on to the server as a user who has local administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Computer Management.
    c.  Expand System Tools, expand Local Users and Groups, and then expand Groups.
    d.  Right-click Administrators. Then click Properties.
    e.  Click Add to add the installing user account.
     
    3. Add the following permissions to the organizational unit (OU) in Active Directory for the installing user account. You will have to do this for the OU that you will choose to install to during the installation.

    Permissions • Read
    • Create All Child Objects
    Advanced permissions • Read Permissions
    • Modify Permissions
    • Read Members
    • Write Members
    To add the Allow permissions, follow these steps: a.  Log on to the domain controller server as a user who has domain administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
    c.  On the View menu, click Advanced Features.
    d.  In the navigation pane, expand the tree to the node that contains the security group to find the OU that you want to use for the Microsoft CRM installation.
    e.  Right-click, click Properties, and then click the Security tab.
    f.  In the Group or user names list, click the installing user account if the account is listed. If the account is not listed, click Add to add the installing user account.
    g.  In the Allow column, click to select the check box for the Create All Child Objects permission.

    Note By default, the Read permission is set to Allow.
    h.  Click Advanced.
    i.  In the Permission entries list, click Add, select the installing user account, and then click OK.
    j.  In the Apply onto list, click Group objects.
    k.  In the Allow column, click to select the check boxes for Read Permissions and for Modify Permissions.
    l.  Click the Properties tab.
    m.  In the Apply onto list, click Group objects.
    n.  In the Allow column, click to select the check boxes for Read Members and for Write Members.
    o.  Click OK three times.
     

     

    Set the Auto Group Management option
    Use the appropriate method to set the AutoGroupManagementOff option. When you do not specify a value for the AutoGroupManagementOff option, the default value is "false." Therefore, the default status for the Auto Group Management functionality is that the functionality is turned on.

    Choose method 1 to have the option remain set to "false" and to have Auto Group Management turned on. Or choose method 2 to set the option to "true" and to have Auto Group Management turned off.
    Note The Auto Group Management option can be used only if you are installing Microsoft CRM by using pre-created Active Directory security groups.
    Method 1: Set the AutoGroupManagementOff option to "false"
    Create an XML file that uses the syntax in the following example. Modify the variables as appropriate. To modify the variables that are in this example, refer to the table that is in step 5 in the "Install by using pre-created Active Directory security groups" section as a guideline.

    In this example, the XML file is named Config_precreate.xml and the domain name is microsoft.com. These names represent the actual names that you use. The Active Directory hierarchy is as follows: root domain, Company Name OU, Company Name OU.
    Note The Organization, SqlServer, Database create, InstallDir, and WebSiteUrl entries are optional.
    <CRMSetup>
     <Server>
             <LicenseKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</LicenseKey>
             <Groups>
                <PrivUserGroup>CN=PrivUserGroup,OU=Company Name,OU=Company Name,DC=microsoft,DC=com</PrivUserGroup>
                <SQLAccessGroup>CN=SQLAccessGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</SQLAccessGroup>
                <UserGroup>CN=UserGroup,OU=Company Name,OU=Company Name,DC=microsoft,DC=com</UserGroup>
                <ReportingGroup>CN=ReportingGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</ReportingGroup>
             </Groups>
            <Organization>Company Name</Organization>
            <SqlServer>SQLServerName</SqlServer>
            <Database create="true"/>
            <InstallDir>C:\Program Files\Microsoft CRM</InstallDir>
            <WebSiteUrl>/LM/W3SVC/1</WebSiteUrl>
        </Server>
    </CRMSetup>

    Method 2: Set the AutoGroupManagementOff option to "true"
    1. Create an XML file that uses the syntax that is in the following example. Modify the variables as appropriate. To modify the variables that are in this example, refer to the table that is in step 5 in the "Install by using pre-created Active Directory security groups" section as a guideline.

    In this example, the XML file is named Config_manageoff.xml and the domain name is microsoft.com These names represent the actual names that you use. The Active Directory hierarchy is as follows: root domain, Company Name OU, Company Name OU.

    Note: The Organization, SqlServer, Database create, InstallDir, and WebSiteUrl entries are optional.
    <CRMSetup>
     <Server>
             <LicenseKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</LicenseKey>
             <Groups AutoGroupManagementOff="true">
                <PrivUserGroup>CN=PrivUserGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</PrivUserGroup>
                <SQLAccessGroup>CN=SQLAccessGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</SQLAccessGroup>
                <UserGroup>CN=UserGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</UserGroup>
                <ReportingGroup>CN=ReportingGroup,OU=Company Name,OU=Company Name, DC=microsoft,DC=com</ReportingGroup>
      </Groups>
           <Organization>Company Name</Organization>
           <SqlServer>SQLServerName</SqlServer>
           <Database create="true"/>
            <InstallDir>C:\Program Files\Microsoft CRM</InstallDir>
            <WebSiteUrl>/LM/W3SVC/1</WebSiteUrl>
        </Server>
    </CRMSetup>

     
    2. Add the appropriate user and computer accounts as members of the groups that are in the following list.

    Note You must follow this step only if the AutoGroupManagementOff option is set to "true."

    PrivUserGroup • The account that the CRMAppPool uses
    • The account that the ASP.NET process model uses
    • The user account that runs the Microsoft CRM installation
    • The computer account on which the Microsoft CRM-Exchange E-mail Router will be installed

    ReportingGroup • All Microsoft CRM user accounts, including the installing user

    SQLAccessGroup • The account that the CRMAppPool uses
    • The account that the ASP.NET process model uses
    • The user account that runs the Microsoft CRM installation

    UserGroup • All Microsoft CRM user accounts, including the installing user
    To add the accounts, follow these steps for each group that is in the list.

    Note If Microsoft Internet Information Services (IIS) 6.0 or 5.0 is running in Isolation mode, you must add the LocalSystem account to the PrivUserGroup group and to the SQLAccessGroup group. a.  Log on to the domain controller server as a user who has domain administrator permissions.
    b.  Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
    c.  In the navigation pane, expand the tree to the node that contains the security group, right-click the security group, click Properties, and then click the Members tab.
    d.  To add a user account, click Add, and then click OK. To add a computer account, click Object Types, click to select the check box that is next to Computers, and then click OK.
     
    3. Run the Microsoft CRM server installation. To do this, follow these steps: a.  Click Start, click Run, and then type C:\ServerSetup.exe /config C:\config manageoff.xml.
    b.  Click OK.
    Note In this step, config manageoff.xml represents the actual name of the XML file that you created.
    To verify which account the CRMAppPool uses, follow these steps on the Microsoft CRM server: 1. Click Start, click Administrative Tools, and then click Internet Information Services (IIS) Manager.
    2. Expand the computer name. Then expand Application Pools.
    3. Right-click CRMAppPool, click Properties, and then click the Identity tab.
    The NetworkService and LocalSystem accounts are both represented by the DomainName\ComputerName$ account. Therefore, when you must add the NetworkService account or the LocalSystem account to a security group, you must also add the DomainName\ComputerName$ account.

    If the Configurable option is selected, you must add the specified user account to the security group. The specified user account appears in a text box.

    To verify which account the ASP.NET process model uses, follow these steps on the Microsoft CRM server: 1. In Windows Explorer, open the following folder:

    C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG
    2. Right-click machine.config, click Open With, and then click Notepad.
    3. Search for the word username in the text. The file will contain multiple instances of the word. Locate the fifth instance of "username" that is in the text. The value for the fifth instance of "username" is the account that the ASP.NET process uses.
    The SYSTEM and machine accounts are both represented by the DomainName\ComputerName$ account. Therefore, when you must add the SYSTEM account or the machine account to a security group, you must also add the DomainName\ComputerName$ account.

    If a user name is specified in the Machine.config file, you must add the specified user account to the security group.

    Tuesday, January 29, 2008 2:07 PM
  • I installed ms crm using domain administrators right. the installation failed (error CS0647) occured when it came to connect to ms exchange server.

     

    Wednesday, January 30, 2008 12:34 AM
  • Did you write your FQDN in exchange address or Just Computer name of exchange? you are supposed to write just the computer name.

     

    2ndly, during the installation wizard, when it asks for Exchange server, it also asks for the username and default settings for email. For testing don't change anything in it and let it go on "LOCAL SYSTEM" value...

     

    this may fix your problem...

    Wednesday, January 30, 2008 12:05 PM