Asked by:
Server-Side Synchronization setup on premise CRM 2013 and on premise Exchange

Question
-
I'm testing an on premise demo of CRM 2013 and on premise demo of Exchange 2010 and have also reviewed the Implementation Guide, all the other included docs, http://www.microsoft.com/en-US/dynamics/crm-customer-center/set-up-email-through-server-side-synchronization.aspx, and anything else I could find online about Server Side Sync.
I've had failure, no success, testing and establishing incoming, outgoing or appointments, contacts, tasks thru server side sync and any other method.
The Windows 2012R2 with CRM 2013 server has the self signed certificates installed from the Exchange 2010 server.
In the CRM 2012 webgui Settings> Email Configuration an active email server profile was created with the name of the domain, exchange server type, a domain admin as the owner, the correct server location set to https://exchangeserver-fqdn/EWS/Exchange.asmx, Use Impersonation set to No, Use same settings for Outgoing set to Yes, and authenticate using Windows Integrated Authentication. If I set authenticate using credentials specified by a user of queue I get an exclamation yellow warning:
You can't set the user name and password in this email server profile and its associated mailboxes because the Microsoft Dynamics CRM server requires using a secure mode (SSL) to specify credentials. Use another mode of authentication, or contact the Microsoft Dynamics CRM server admin to allow setting credentials on a nonsecure channel.
I've created a dword registry key value of 1 in HKLM\Software\Microsoft\MSCRM\DisableSecureDecryptionKey and after running IISRESET on the CRM server it is not possible to select yes to allow to use credentials for email processing.
When adding forward or existing mailboxes the credentials field is nulled out in grey with the 'No' radio button preselected to allow to use credentials for email processing.
After selecting a mailbox and clicking 'Test & Enable Mailboxes' several error alerts are received as follows:
A general mailbox access error occurred while sending the email message "Test Message". The mailbox John Doe has been disabled for sending email and the owner of the associated email server profile exchangeserver has been notified.
Email Server Error Code: ErrorInvalidOperation
The mailbox John Doe has been disabled for synchronizing appointments, contacts, and tasks due to an impersonation error in accessing the mailbox. The owner of the associated email server profile exchangeserver has been notified.
A general mailbox access error occurred while receiving email. The mailbox John Doe has been disabled for receiving email and the owner of the associated email server profile exchangeserver has been notified.
Email Server Error Code: ErrorIConnectionFailed
Can anyone help? Has anyone gotten server side synchronization successfully functioning with exchange all on premise?
Thursday, November 21, 2013 10:27 AM
All replies
-
It sounds like the account in CRM that is attempting to access the Exchange mailbox lacks the permission because it cannot impersonate the mailbox owner. There was a similar issue with CRM 4 and Exchange 2010. Check this older blog in the section "Granting Exchange Impersonation permissions". It shows you how to grant a single user the impersonation privileges to access the user mailboxes on the Exchange server using PowerShell.
Jason Peterson
Thursday, November 21, 2013 4:38 PM -
It looks like you are unable to enter credentials because your CRM server is not on HTTPS. Please be aware that entering credentials in CRM forms when the server is not using HTTPS is not secure and a malicious eavesdropper can get hold of the data on the wire. Hence we do not allow entering credentials over HTTP channel by default.
If however, you do want to enter credentials on a non HTTPS CRM server, you will need to update a server setting through deployment power shell. Here are the steps needed:
PS C:\Users\Administrator>Add-PSSnapin Microsoft.Crm.PowerShell
PS C:\Users\Administrator> $setting = Get-CrmSetting ServerSideSyncEmailSettings
PS C:\Users\Administrator> $setting.AllowCredentialsEntryViaNonSecureChannels=$True
PS C:\Users\Administrator> Set-CrmSetting $setting
PS C:\Users\Administrator> Get-CrmSetting TraceSettings
NOTE: This is not recommended though as your credentials may get compromised.
Thanks
Abhishek Agarwal MSFT
- Proposed as answer by Abhishek Agarwal (MSFT) Monday, June 9, 2014 5:33 PM
Wednesday, February 26, 2014 12:08 PM