locked
unable to run powershell cmdlets after CRM claim based configuration RRS feed

  • Question

  • Hey guyz, we have configured IFD for CRM adn everything is perfect now. 

    Now we are browsing the organisations using https with claims based authentication.

    The deployment service and the organisation service are also browsing without any error on https.

    Now when i open Powershell and after adding crm snappin, if i run any crm cmdlet, im getting 

    "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

    I know the CRM powershell cmdlets use CRM Services for their operation, but im not getting that error with the Deployment service or with organisation Service.

    can any one help me here...

    Wednesday, January 16, 2013 2:16 PM

Answers

  • Can you check this registry value

    Registry entry DeploymentWSUrl='http://FQN_DWS_MACHINE_NAME/XrmDeployment/2011/deployment.svc' on Local_Machine\Software\Microsoft\MSCRM on LocalMachine

    Powershell first trys to look at the MSCRM_Config database DeploymentProperties table by getting the configdb setting from the registry at Local_Machine\Software\Microsoft\MSCRM

     The SQL database path is [MSCRM_CONFIG].[dbo].[DeploymentProperties]

    and builds the rule using the properties ADRootDomainScheme and ADDeploymentSdkRootDomain, for example

    ADRootDomainScheme + "://" + ADDeploymentSdkRootDomain + "/XrmDeployment/2011/deployment.svc

    if creating the url from this fails then it grabs the registry value in DeploymentWSUrl


    MS CRM Bing'd - http://bingsoft.wordpress.com
    Dynamics XRM Tools CRM 4 to CRM 2011 JavaScript Converter Tool
    CRM 2011 OData Query Designer
    CRM 2011 Metadata Browser
    CRM Forum Guidance


    Thursday, January 17, 2013 11:04 AM
    Moderator

All replies

  • Does this help

    http://social.microsoft.com/Forums/en/crmdevelopment/thread/9abbfbf9-80ff-4d8d-b518-725729aa233b


    MS CRM Bing'd - http://bingsoft.wordpress.com
    Dynamics XRM Tools CRM 4 to CRM 2011 JavaScript Converter Tool
    CRM 2011 OData Query Designer
    CRM 2011 Metadata Browser
    CRM Forum Guidance

    Wednesday, January 16, 2013 4:56 PM
    Moderator
  • the issue in above post was with the SDK code connecting to CRM. in My case, im succefully able to connect to CRM using CRM Deployment Web service and Organisation service and perform various operations.

    But whenever i run any powershell cmdlets in the CRM On premise server manually, i get "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." I also came to know that crm powershell cmdlets rely on CRM web services for their operations.

    one more thing, i got the above error when i was trying to access the deployment service  through HTTP, LIKE HTTP://SERVERNAME:5555/XRMDeployment/2011 ....  , then i realized that i have configured CLAIMS & IFD for the CRM server so, i changed the url to https://servername.domain.com:444/xrmdeploymen.... then it worked properly.

    Now im assuming that powershell cmdlets still rely on the http deployment service so it is getting the above error or they might be connecting to https://servername:444/xrmdeployment ,,,, since the wildcard certificate is for *.domain.com .. and if the domain is not specified, there will be certificate error.

    Can you help me in this regard???


    • Edited by SyedHaroon Thursday, January 17, 2013 6:01 AM
    Thursday, January 17, 2013 5:59 AM
  • Can you check this registry value

    Registry entry DeploymentWSUrl='http://FQN_DWS_MACHINE_NAME/XrmDeployment/2011/deployment.svc' on Local_Machine\Software\Microsoft\MSCRM on LocalMachine

    Powershell first trys to look at the MSCRM_Config database DeploymentProperties table by getting the configdb setting from the registry at Local_Machine\Software\Microsoft\MSCRM

     The SQL database path is [MSCRM_CONFIG].[dbo].[DeploymentProperties]

    and builds the rule using the properties ADRootDomainScheme and ADDeploymentSdkRootDomain, for example

    ADRootDomainScheme + "://" + ADDeploymentSdkRootDomain + "/XrmDeployment/2011/deployment.svc

    if creating the url from this fails then it grabs the registry value in DeploymentWSUrl


    MS CRM Bing'd - http://bingsoft.wordpress.com
    Dynamics XRM Tools CRM 4 to CRM 2011 JavaScript Converter Tool
    CRM 2011 OData Query Designer
    CRM 2011 Metadata Browser
    CRM Forum Guidance


    Thursday, January 17, 2013 11:04 AM
    Moderator
  • Yeha .. i found the problem.. thanks for the info.

    we actually have two domains, and the CRM server is in xxxx domain.

    but while configuring teh IFD and claims, we gave yyyy domain in ifd settings since we have the wildcard certificate issued  for that domain. 

    now when i checked the deployment properties table in MSCRM database, it shows servername.xxx.com instead of servername.yyy.com which we have configured in IFD.

    So , i figured the problem, now. and the error was that the certificate was issued to yyy.com but powershell was using the url of xxx.com. 

    so is there anythign that i can do now.. What if i manually change the values of the deployment properties table???

    Edit: I Found it.. before configuring claims, we were setting the webBindings from http to https and there we were providing xxx domain details.. Thanks for the help brother.
    • Edited by SyedHaroon Friday, January 18, 2013 6:36 AM
    Friday, January 18, 2013 6:21 AM
  • Awesome, well done

    MS CRM Bing'd - http://bingsoft.wordpress.com
    Dynamics XRM Tools CRM 4 to CRM 2011 JavaScript Converter Tool
    CRM 2011 OData Query Designer
    CRM 2011 Metadata Browser
    CRM Forum Guidance

    Friday, January 18, 2013 11:20 AM
    Moderator