locked
Server-Side Synchronization setup on premise CRM 2013 and on premise Exchange RRS feed

  • Question

  • I'm testing an on premise demo of CRM 2013 and on premise demo of Exchange 2010 and have also reviewed the Implementation Guide, all the other included docs, http://www.microsoft.com/en-US/dynamics/crm-customer-center/set-up-email-through-server-side-synchronization.aspx, and anything else I could find online about Server Side Sync.

    I've had failure, no success, testing and establishing incoming, outgoing or appointments, contacts, tasks thru server side sync and any other method.

    The Windows 2012R2 with CRM 2013 server has the self signed certificates installed from the Exchange 2010 server.

    In the CRM 2012 webgui Settings> Email Configuration an active email server profile was created with the name of the domain, exchange server type, a domain admin as the owner, the correct server location set to https://exchangeserver-fqdn/EWS/Exchange.asmx, Use Impersonation set to No, Use same settings for Outgoing set to Yes, and authenticate using Windows Integrated Authentication. If I set authenticate using credentials specified by a user of queue I get an exclamation yellow warning:

    You can't set the user name and password in this email server profile and its associated mailboxes because the Microsoft Dynamics CRM server requires using a secure mode (SSL) to specify credentials. Use another mode of authentication, or contact the Microsoft Dynamics CRM server admin to allow setting credentials on a nonsecure channel.

    I've created a dword registry key value of 1 in HKLM\Software\Microsoft\MSCRM\DisableSecureDecryptionKey and after running IISRESET on the CRM server it is not possible to select yes to allow to use credentials for email processing.

    When adding forward or existing mailboxes the credentials field is nulled out in grey with the 'No' radio button preselected to allow to use credentials for email processing.

    After selecting a mailbox and clicking 'Test & Enable Mailboxes' several error alerts are received as follows:

    A general mailbox access error occurred while sending the email message "Test Message". The mailbox John Doe has been disabled for sending email and the owner of the associated email server profile exchangeserver has been notified.

    Email Server Error Code: ErrorInvalidOperation

    The mailbox John Doe has been disabled for synchronizing appointments, contacts, and tasks due to an impersonation error in accessing the mailbox. The owner of the associated email server profile exchangeserver has been notified.

    A general mailbox access error occurred while receiving email. The mailbox John Doe has been disabled for receiving email and the owner of the associated email server profile exchangeserver has been notified.

    Email Server Error Code: ErrorIConnectionFailed

    Can anyone help? Has anyone gotten server side synchronization successfully functioning with exchange all on premise?

    Thursday, November 21, 2013 10:27 AM

All replies

  • It sounds like the account in CRM that is attempting to access the Exchange mailbox lacks the permission because it cannot impersonate the mailbox owner.  There was a similar issue with CRM 4 and Exchange 2010.  Check this older blog in the section "Granting Exchange Impersonation permissions".  It shows you how to grant a single user the impersonation privileges to access the user mailboxes on the Exchange server using PowerShell.

    http://blogs.msdn.com/b/crm/archive/2009/12/21/how-to-configure-microsoft-dynamics-crm-4-0-e-mail-router-on-premise-with-microsoft-exchange-server-2010.aspx


    Jason Peterson

    Thursday, November 21, 2013 4:38 PM
  • It looks like you are unable to enter credentials because your CRM server is not on HTTPS. Please be aware that entering credentials in CRM forms when the server is not using HTTPS is not secure and a malicious eavesdropper can get hold of the data on the wire. Hence we do not allow entering credentials over HTTP channel by default.

    If however, you do want to enter credentials on a non HTTPS CRM server, you will need to update a server setting through deployment power shell. Here are the steps needed:

    PS C:\Users\Administrator>Add-PSSnapin Microsoft.Crm.PowerShell

    PS C:\Users\Administrator> $setting = Get-CrmSetting ServerSideSyncEmailSettings

    PS C:\Users\Administrator> $setting.AllowCredentialsEntryViaNonSecureChannels=$True

    PS C:\Users\Administrator> Set-CrmSetting $setting

    PS C:\Users\Administrator> Get-CrmSetting TraceSettings

    NOTE: This is not recommended though as your credentials may get compromised.

    Thanks


    Abhishek Agarwal MSFT

    Wednesday, February 26, 2014 12:08 PM