locked
Problems connecting Outlook to CRM 2011 using https RRS feed

  • Question

  • Hi All,
    I am badly stuck with connecting to CRM server from outlook using https. The outlook configuration wizard gives an error : Microsoft Dynamics CRM Server may be unavailable. This error arises only when I use Https link. If I use the http link (which is used only within the organization network) it gets connected. I have not created IFD deployment but I also want the CRM to be used over the internet since there are few users who will not be within my organization network. I have created an SSL certificate and configured the CRM Website in IIS to use the http and htttps both. So the same works using browser but Outlook configuration wizard gives error using same link.

    I had changed the Deployment manager settings to use the https bindings and changed the url accordingly.

    The following is the error that I found when I checked the logs:

    19:18:38| Info| === Microsoft Dynamics CRM for Outlook Configuration Wizard logging started: 7/21/2011 7:18:38 PM ===

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ClientConfig.Initialize

    19:18:38| Info| Client Configuration Wizard Version : 5.0.9688.583

    19:18:38| Info| Client Configuration Wizard LanguageID : 1033

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.Validator.IsOutlookInitialized19:18:38| Info| Query all rows in profile table

    19:18:38| Info| Outlook is initialized

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.Validator.IsOutlookInitialized

    19:18:38| Info| Client Configuration Wizard Running Mode : Normal

    19:18:38| Info| Configuration file Type : OnPremise.

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.MainForm.MainForm

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.ConfigInfo19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetAvailableServiceIds

    19:18:38| Info| Logon mapi store

    19:18:38| Info| Logon admin service

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetServiceIds

    19:18:38| Info| Query all rows in msg service table

    19:18:38| Info| Adding service id : {ccc88edf-6bfc-46da-a9e9-757bfbbcee04}

    19:18:38| Info| Adding service id : {62141835-6bc7-4bde-92ad-13ae3361e42f}

    19:18:38| Info| Adding service id : {6825386d-4a6d-46f8-82d7-99caad566038}

    19:18:38| Info| Adding service id : {09fe8b7d-4496-4bd5-82de-b6a2e8e86dd9}

    19:18:38| Info| Adding service id : {b360a35c-fa2a-46c5-8c65-07bcd21f676f}

    19:18:38| Info| Adding service id : {1d58f0fc-7d90-4c53-bcd5-97f48112ba63}

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetServiceIds

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.RemoveOrphanDatastoreIfNeeded

    19:18:38| Info| Logon mapi store

    19:18:38| Info| Logon admin service

    19:18:38| Info| Query crm msg services in msg service table.

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.RemoveOrphanDatastoreIfNeeded

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.ConfigInfo

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.MainForm.MainForm

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.MainForm.MainForm_Shown

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.MainForm.AddServer

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.ServerForm

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.ServerForm

    19:18:38|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.SetUIData

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadAvailableUrls

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadAvailableUrls

    19:18:38|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.SetUIData

    19:18:49|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm._testConnectionButton_Click

    19:18:49|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.TestConnection

    19:18:49|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.TestConnection

    19:18:49|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm._testConnectionButton_Click

    19:18:50| Error| Error connecting to URL:

    https://mycrm.org.com/XRMServices/2011/Discovery.svc?wsdl

    '. at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow) at Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadOrganizations(Boolean forceUI) at Microsoft.Crm.Application.Outlook.Config.ServerForm.<InitializeBackgroundWorkers>b__0(Object sender, DoWorkEventArgs e) at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e) at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)19:18:50| Error| Exception : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.DownloadMetadata(TimeoutHelper timeoutHelper) at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper)

    https://mycrm.org.com/XRMServices/2011/Discovery.svc  Exception: System.InvalidOperationException: Metadata contains a reference that cannot be resolved: 'https://mycrm.org.com/XRMServices/2011/Discovery.svc?wsdl

    '. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.TlsStream.CallProcessAuthentication(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.DownloadMetadata(TimeoutHelper timeoutHelper) at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper) --- End of inner exception stack trace --- at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper) at System.ServiceModel.Description.MetadataExchangeClient.ResolveNext(ResolveCallState resolveCallState) at System.ServiceModel.Description.MetadataExchangeClient.GetMetadata(MetadataRetriever retriever) at System.ServiceModel.Description.MetadataExchangeClient.GetMetadata(Uri address, MetadataExchangeClientMode mode) at Microsoft.Xrm.Sdk.Client.ServiceMetadataUtility.RetrieveServiceEndpoints(Type contractType, Uri serviceUri) at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1..ctor(Uri serviceUri) at Microsoft.Xrm.Sdk.Client.ServiceConfigurationFactory.CreateConfiguration[TService](Uri serviceUri) at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvidersFactory`1.GetAuthProvider(Uri endPoint, Credential credentials, AuthUIMode uiMode, Uri webEndPoint, IClientOrganizationContext context, Form parentWindow) at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow) at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)

    19:18:50| Error| Exception : Metadata contains a reference that cannot be resolved: '


    When I use the above url of discovery svc in browser it gives a xml response in return. Is it necessary to create an IFD deployment in order to use outlook CRM outside the organization network?

     

    Friday, July 22, 2011 3:47 AM

Answers

  • They how Microsoft current architected it to support the full CRM Outlook Client functionality.  As the why they choose it over other other appraoch - mayber others can chime in.

     

    There isn't any other alternative that I am aware of for a production support of the CRM 2011 Outlook Client working outside of the local enviornment via https without using IFD.

     

    Or you could try out Microsoft CRM Online (hosted by Microsoft), no IFD setup needed.


    Follow Workopia on Twitter

    Good CRM Links: http://www.workopia.com/Links.htm
    My CRM Blog: http://microsoft-crm.spaces.live.com


    Friday, July 22, 2011 6:44 AM
    Moderator

All replies

  • You will need to setup IFD for CRM 2011 for setting the CRM Outlook Client to work via https from outside your company network.

     

    Good links:

    http://social.microsoft.com/Forums/en/crm/thread/9b3ab9d9-2706-4a8b-b514-36f1f4e33520

    http://blogs.msdn.com/b/crm/archive/2011/01/13/configuring-ifd-with-microsoft-dynamics-crm-2011.aspx


    Follow Workopia on Twitter

    Good CRM Links: http://www.workopia.com/Links.htm
    My CRM Blog: http://microsoft-crm.spaces.live.com

    Friday, July 22, 2011 5:42 AM
    Moderator
  • Hi Frank,

    Thanks for the quick reply. I would like to understand as to why is it necessary to have IFD for CRM in Outlook and not for working with it on Browser. The https link works fine over the internet for my users. It should not allow me to use it in browser as well if it does not work for Outlook.

    The problem with IFD is you have to setup ADFS Server which will disturb my existing Org AD Architecture. Can you please suggest any other alternative?


    Friday, July 22, 2011 6:35 AM
  • They how Microsoft current architected it to support the full CRM Outlook Client functionality.  As the why they choose it over other other appraoch - mayber others can chime in.

     

    There isn't any other alternative that I am aware of for a production support of the CRM 2011 Outlook Client working outside of the local enviornment via https without using IFD.

     

    Or you could try out Microsoft CRM Online (hosted by Microsoft), no IFD setup needed.


    Follow Workopia on Twitter

    Good CRM Links: http://www.workopia.com/Links.htm
    My CRM Blog: http://microsoft-crm.spaces.live.com


    Friday, July 22, 2011 6:44 AM
    Moderator
  •  

    Hi CRM Rocks,

    Do not configure both http and https, just configure only https for website. (5th step from the below link)

    Please follow the steps from below link (more detailed info on where to import the certificate file) properly

    http://social.microsoft.com/Forums/en-US/crmdeployment/thread/8ecb2bb7-55f0-41c3-b99d-af6bda2ca656/#f093452c-ed0d-4fc4-9fad-3b72c454be10

    Note: I have n't used IFD setup in my case. It is only the matter of how you setup. Pls follow the 6th step and 8th step very carefully. 

    For the 8th step. Exit from outlook. Clear the history and cahe(IE). Before connecting from CRM outlook, you need to access the url from internet explorer and store the credentials(windows authentication). I think outlook depends on internet explorer  to access the web service and i think it is right (otherwise everybody will access the same webservice without entering any credentials)

    For the 6th step, since we are using self signed certificate, we may need to import the certificate manually in to the client's certificate store to trust them.

    My system configuration

     

    Server:

    1. Windows server 2008 r2 enterprise edition

    2. Active Directory On Premise

    Client:

    1. Windows Vista/Windows 7

    2. Windows outlook 2007/2010


    vinay kasireddy



    Tuesday, July 26, 2011 3:01 AM