Microsoft Dynamics CRM 2011 Operating and Maintaining Guide

Microsoft Dynamics CRM 2011 Operating and Maintaining Guide

5.0.0

Copyright

This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2010 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Excel, Hyper-V, Internet Explorer, Microsoft Dynamics, Microsoft Dynamics logo, MSDN, Outlook, Notepad, SharePoint, Silverlight, Visual C++, Windows, Windows Azure, Windows Live, Windows PowerShell, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies.

All other trademarks are property of their respective owners.

Table of Contents

Copyright......

Overview......

Operating Microsoft Dynamics CRM......

Change a Microsoft Dynamics CRM service account......

Enable Windows Error Reporting......

Tracing......

Enable tracing for Microsoft Dynamics CRM Reporting Extensions for SQL Server Reporting Services

Microsoft Dynamics CRM Server 2011 Known Issues......

An "A failure was encountered while launching the process serving application pool 'CRMAppPool'" message is logged in the Application log

A "Server Error in '/' Application" error message appears when you try to run a report in a multi-tenant deployment

"Failure: The SQL Server '{0}' is unavailable" error message when you try to create an organization

“External Error – No such object on server” error message when you try to enable a user......

Microsoft Dynamics CRM mobile issues when you use AD FS 2.0......

The computer that is running SQL Server 2008 R2 indicates 100% CPU utilization......

Using Windows PowerShell to perform Microsoft Dynamics CRM deployment and administration tasks

Backing Up the Microsoft Dynamics CRM System......

Backup requirements summary......

Selecting a backup type......

Backing up Windows Server......

Backing up Active Directory......

Backing up SQL Server, including Reporting Services......

Backing up Microsoft Dynamics CRM Server 2011......

Failure Recovery......

Scenario A: SQL Server failure......

Scenario-A recovery......

Scenario B: Microsoft Dynamics CRM Server 2011 failure......

Scenario-B recovery......

Scenario C: Exchange Server failure......

Scenario-C recovery......

Scenario D: Active Directory failure......

Scenario-D recovery......

Microsoft Dynamics CRM for Outlook failure recovery......

Microsoft Dynamics CRM 2011 Operating and Maintaining Guide1

Chapter 1:Copyright

Chapter 1

Overview

This guide is part of the Microsoft Dynamics CRM Implementation Guide, which consists of the following three documents:

• Planning Guide: Use this guide to determine what you have to plan for Microsoft Dynamics CRM. It includes coverage in the following areas:

Technical. These topics focus on supported topologies, system requirements, and technical considerations to address before installation.

Implementation Methodology. Learn about the business management, system requirements, and project management aspects that are needed when you deploy a CRM system. In addition, there are several documents that you can use as tools to plan the implementation of Microsoft Dynamics CRM. These tools are available for download at Planning Tools ().

• Installing Guide: Use this guide to learn about how you install Microsoft Dynamics CRM applications. This guide includes step-by-step instructions for running Setup, command-line installation instructions, and guidance about how to remove Microsoft Dynamics CRM.
• Operating and Maintaining Guide: You can read this guide to learn how to back up, restore, and perform system recovery for Microsoft Dynamics CRM data. Also, this guide has troubleshooting steps for known issues.

------Send Feedback About This Chapter ------

We appreciate hearing from you. To send your feedback, click the following link and type your comments in the message body.

Note

The subject-line information is used to route your feedback. If you remove or modify the subject line, we may be unable to process your feedback.

Send Feedback ()

Microsoft Dynamics CRM 2011 Operating and Maintaining Guide1

Chapter 2:Operating Microsoft Dynamics CRM

Chapter 2

Operating Microsoft Dynamics CRM

Operating Microsoft Dynamics CRM includes guaranteeing availability by monitoring server status and performance, making backups, planning for recovery from disasters, and ongoing troubleshooting.

In This Chapter
Change a Microsoft Dynamics CRM service account...... 5
Enable Windows Error Reporting...... 8
Tracing...... 9
Enable tracing for Microsoft Dynamics CRM Reporting Extensions for SQL Server Reporting Services9
Microsoft Dynamics CRM Server 2011 Known Issues...... 10
Using Windows PowerShell to perform Microsoft Dynamics CRM deployment and administration tasks12

Change a Microsoft Dynamics CRM service account

There are situations in which you may need to change the account that is used to run a Microsoft Dynamics CRM service.

Change a Microsoft Dynamics CRM service account by running a repair

The simplest way to change a service account is to run a repair operation and then specify the new service account during the repair. There may be a short downtime as the services are stopped and files are verified and possibly refreshed as part of the repair. For more information, see the Uninstall, change, or repair Microsoft Dynamics CRM Server 2011 topic in the Installing Guide.

To change the CRMAppPool service account, the appropriate permissions must be granted or the CRMAppPool application pool will not start. Additionally, if you are using claims-based authentication the CRMAppPool service account must have permission to access the claims-based authentication token-signing certificate.

Manually change the CRMAppPool service account

To manually change the CRMAppPool service account, include the domain account user in the following groups in Active Directory:

Domain Users Active Directory

PrivUserGroup

SQLAccessGroup

To do this, follow these steps:

1. Log on to a server as a user who has the domain administrator rights or the rights to update these groups.
2. Right-click the Domain Users group in Active Directory, and then click Properties.
3. In the Group name box, type the name of the user who is running the Microsoft Dynamics CRM application pool, and then click OK two times.
4. Repeat steps b and c for the PrivUserGroup group and for the SQLAccessGroup group.

If you have more than one Microsoft Dynamics CRM deployment installed, multiple groups exist in Active Directory. Use the following steps to determine the groups that you want to update.

Determine the groups to update

1. Run the following SQL statement against the MSCRM_CONFIG database: select id, friendlyname from organization

1. Note the GUID. For example, the GUID may be C8AB1D52-9383-4164-B571-4C80D46674E3 Org Name.

1. Find the PrivUserGroup group and the SQLAccessGroup group in Active Directory. The group name contains the GUID that you noted in step b.

1. Include the domain account user in the following groups on the Microsoft Dynamics CRM server:

The local IIS_WPG group

The local CRM_WPG group

The domain account user must have the following local user rights:

Impersonate a client after authentication

Log on as a service

To do this, follow these steps:

1. On the Microsoft Dynamics CRM server, click Start, point to Administrative Tools, and then click Local Security Policy.

1. Expand Local Policies, and then click User Rights Assignment.
2. Right-click Impersonate a client after authentication, and then click Properties.
3. Click Add User or Group.

Note

You may have to click Location to select the domain instead of the local computer.

1. In the Group name box, type the name of the user who is running the Microsoft Dynamics CRM application pool, and then click OK two times.
2. Repeat steps 2c through 2e for the Log on as a service right.

1. Configure the CRMAppPool application pool security account to use a service principal name (SPN). For steps about how to configure SPNs, see Configuring service principal names (SPNs) () on the Microsoft Dynamics CRM Resource Center.
2. If you have more than one Microsoft Dynamics CRM server and IIS kernel-mode authentication is disabled, you must configure the CRMAppPool application pool security account to be trusted for delegation. To do this, follow these steps:

1. Log on to the domain controller by using a user account that has domain administrator permissions.

1. Start Active Directory Users and Computers. To do this, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Expand the domain, right-click the Microsoft Dynamics CRM application pool security account, and then click Properties.
3. On the Delegation tab, click to select the Trust this user for delegation to any service (Kerberos only) option.
4. Click OK.

1. Restart Internet Information Services (IIS). To do this, click Start, click Run, type IISRESET, and then click OK.

Minimum required permissions for Microsoft Dynamics CRM service accounts

We strongly recommend that you select a low-privilege domain account that is dedicated to running these services and that is not used for any other purpose. Additionally, the user account used to run a Microsoft Dynamics CRM service cannot be a Microsoft Dynamics CRM user. The following are the required permissions for Microsoft Dynamics CRM service accounts.

Microsoft Dynamics CRM Sandbox Processing Service

• Domain User membership.
• That account must be granted the Logon as service permission in the Local Security Policy.
• Folder read and write permission on the \Trace, by default located under \Program Files\Microsoft Dynamics CRM\Trace, and user account %AppData% folders on the local computer.
• Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM subkey in the Windows Registry.
• The service account may need an SPN for the URL used to access the Web site that is associated with it. To set the SPN for the Sandbox Processing Service account, run the following command at a command prompt on the computer where the service is running.

SETSPN –a MSCRMSandboxService/<ComputerName> <service account>

Microsoft Dynamics CRM Asynchronous Processing Service and Microsoft Dynamics CRM Asynchronous Processing Service (maintenance) services

• Domain User membership.
• Performance Log Users membership.
• That account must be granted the Logon as service permission in the Local Security Policy.
• Folder read and write permission on the Trace folder, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.
• Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSCRMSandboxService subkeys in the Windows Registry.
• The service account may need an SPN for the URL used to access the Web site that is associated with it.

Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)

• Domain User membership
• That account must be granted the Logon as service permission in the Local Security Policy.
• Local administrator group membership on the computer where the Deployment Web Service is running.
• Local administrator group membership on the computer where SQL Server is running.
• Sysadmin permission on the instance of SQL Server to be used for the configuration and organization databases.
• Folder read and write permission on the Trace and CRMWeb folders, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.
• Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSCRMSandboxService subkeys in the Windows Registry.
• CRM_WPG group membership. This group is used for IIS worker processes. The group is created and the membership is added during Microsoft Dynamics CRM Server Setup.
• The service account may need an SPN for the URL used to access the Web site that is associated with it.

Application Service (CRMAppPool IIS Application Pool identity)

• Member of the Active Directory Domain Users group.
• Member of the Active Directory Performance Log Users group.
• Administrators local group membership on the computer where SQL Server is running.
• Administrators local group membership on the computer where the Microsoft Dynamics CRM Web site is installed.
• Folder read and write permission on the Trace and CRMWeb folders, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.
• Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSCRMSandboxService subkeys in the Windows Registry.
• CRM_WPG group membership. This group is used for IIS worker processes. The group is created and the membership is added during Microsoft Dynamics CRM Server Setup.
• The service account may need an SPN for the URL used to access the Web site that is associated with it.

Enable Windows Error Reporting

By default, automatic error reporting is not enabled in Microsoft Dynamics CRM. Additionally, Microsoft Dynamics CRM requires that Windows Error Reporting (WER) be enabled in order to send error reports to Microsoft. To send error reports generated from the Microsoft Dynamics CRM Web application, WER must be enabled on the computer where Microsoft Dynamics CRM Server 2011 is running. Similarly, to send reports generated from Microsoft Dynamics CRM for Outlook, WER must be enabled where Microsoft Office Outlook is running.

The option to send WER reports must be enabled for the Microsoft Dynamics CRM organization. This is done in the Settings area of the Microsoft Dynamics CRM client applications.

Enable Windows Error Reporting (WER) for the Microsoft Dynamics CRM Web application

1. On the computer where Microsoft Dynamics CRM Server 2011 is running, start Server Manager. In the Resources and Support area, click Configure Windows Error Reporting.

2. Select one of the following options:

• Yes, automatically send detailed reports
• Yes, automatically send summary reports

For more information about these options, see Windows Server Help.

Enable Windows Error Reporting (WER) for Microsoft Dynamics CRM for Outlook

1. In Control Panel, click Action Center, click Change Action Center settings, and then click Problem Reporting Settings.

2. Select one of the following options.

• Yes, automatically send summary reports
• Automatically check for solutions and send additional report data, if needed

For more information about these options, see the Windows Server Help.

Note

You can also configure this setting for users by using Group Policy. For more information about WER and Group Policy, see the Windows Server Help.

Turn on automatic Web application error reporting for the organization

1. In the Microsoft Dynamics CRM client application Settings area, under System, click Administration, and then click Privacy Preferences.

2. In the Privacy Preferences dialog box, on the Error Reporting tab, select Specify the Web application error notification preferences on behalf of users.

3. Select the option Automatically send an error report to Microsoft without asking the user for permission, and then click OK.

Tracing

In Microsoft Dynamics CRM 2011, you can create trace files that monitor the actions that are performed by the server and client applications. Trace files are helpful when you have to troubleshoot error messages or other issues in Microsoft Dynamics CRM.

Caution

Trace files may contain sensitive or personal information. Use discretion when you send trace files to other people, or when you give other people the ability to view the information that a trace file contains.

When you turn on tracing it can significantly affect performance of the application. We strongly recommend that you only turn on tracing for troubleshooting issues and turn off tracing after the issue is resolved.

For more information about tracing in Microsoft Dynamics CRM 2011, see How to enable tracing in Microsoft Dynamics CRM ().

To turn on deployment-wide trace settings, run the following commands, in the order provided, from the Windows PowerShell console on the computer where Microsoft Dynamics CRM Server 2011 is running:

PS > Add-PSSnapin Microsoft.Crm.PowerShell

PS > $trace = Get-CrmSetting TraceSettings

PS > $trace.Enabled = 1

PS > Set-CrmSetting $trace

To turn off tracing, run the following commands from the Windows PowerShell console:

PS > Add-PSSnapin Microsoft.Crm.PowerShell

PS > $trace = Get-CrmSetting TraceSettings

PS > $trace.Enabled = 0

PS > Set-CrmSetting $trace

Enable tracing for Microsoft Dynamics CRM Reporting Extensions for SQL Server Reporting Services

In Microsoft Dynamics CRM 2011, you can create trace files that monitor the actions that are performed by Microsoft Dynamics CRM Reporting Extensions for SQL Server Reporting Services. Trace files are helpful when you have to troubleshoot error messages or other issues in <crm_report_ext_shortest>.

Caution

Trace files may contain sensitive or personal information. Use discretion when you send trace files to other people, or when you give others the ability to view the information that a trace file contains.

When you turn on tracing it can significantly affect performance of the application. We strongly recommend that you only turn on tracing for troubleshooting issues and turn off tracing after the issue is resolved.

You can enable tracing for <crm_report_ext_shortest> in two ways:

• Using registry values:

1. On the computer where you have installed <crm_report_ext_shortest>, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSCRM

1. Set the following registry values:

• TraceEnabled = 1
• TraceDirectory = <directory path where traces will be stored

You can also set other row values like TraceCategories, but they already have defaults.