Tag Archives: install

Installing a 2-server CRM 2011 with Service Accounts and Minimum Permissions

Recently for a proof of concept I needed to supply a CRM installation installed to Microsoft’s best practices – i.e. a 2 server environment, SSL (HTTPS) and each service running under a separate service account. Here are some notes on what was required to make this work.

If you miss some of these steps the common symptoms are:

Can only access CRM directly on the CRM server
CRM Reports don’t work
Outlook Client does not Configure
Authentication prompts appear as you try and access CRM

Environment: VirtualBox

Machine 1 = Domain Controller and SQL Server,
Machine 2 = CRM Server

Steps:

Install Windows Server 2008 R2 64-bit on both Machines, create C and D drive partitions (install all application software on the D drive)
Promote Machine 1 to be a Domain Controller
Create service accounts for SQL Server and SSRS
Install SQL and SSRS on Machine 1
Add Machine 2 to the domain
Create an installer account: crmadmin
Create service accounts: crmservice, crmdeploy, crmemail, crmasync, crmsandbox
Grant minimum permissions per the CRM Implementation Guide’s instructions
Logon as the installer account and install CRM Server on Machine 2
Test CRM access over HTTP via Internet Explorer on Machine 2
Install CRM SSRS Data Connector on Machine 1
Install latest rollup packs for CRM Server and SSRS Data Connector
Create a self signed certificate on Machine 2 (in IIS)
Go into CRM Deployment Manager, go to Servers, disable the CRM Server
Go to IIS and edit the Bindings for the CRM Web Site, enable HTTPS, disable HTTP
Back in CRM Deployment Manager, right-click on “Microsoft Dynamics CRM” and select Properties, then on the Web Address tab select HTTPS and enter the URLs
Re-enable the CRM server in Deployment Manager
Test CRM access over HTTPS via Internet Explorer on Machine 2
Create an SPN for the CRM service account (the identity running the CRM app pool) (e.g. setspn –A HTTP/VBOXCRM gtdomain\crmservice) (command should always be HTTP even when HTTPS is enabled)
In Active Directory Users & Computer grant the Trust for Delegation permission to the CRM service account and the CRM server Computer Name (you need to do a Run As Administrator in order for the Delegation tab to appear when editing the properties of the Computer account)
Shutdown Machine 2, reboot Machine 1, restart Machine 2
Test CRM access over HTTPS via Internet Explorer on Machines 1 and 2
Test CRM Reports on Machines 1 and 2
Test the CRM Async Service by creating and triggering a simple workflow
Test the Deployment Service by creating a second CRM Organisation
Install the CRM Email Router and its Rollup Pack, configure and test
Machine 1, install Outlook, configure an email profile (perhaps connect to a Hotmail account) and then install the CRM Outlook Client and its Rollup Pack, configure and test

Done Smile

UPDATE 1: The configuration of the Outlook Client in the above HTTPS environment failed for us (“Could not establish trust relationship for the SSL/TLS secure channel“) we think due to the use of the Self Signed Certificate. Installing an Enterprise Certificate Authority and creating both a Root Certificate and a Certificate for the CRM Web site along with an additional SPN solved that problem for us (setspn –A HOST/VBOXCRM gtdomain\crmservice)

UPDATE 2: If you are not able to run Fetch XML reports or Report Wizard reports (which are Fetch XML reports) then you are likely suffering a firewall issue as described here. Thanks to my colleague Farooq for finding this post and thanks Jim for writing it!

Building a Microsoft CRM 2011 VM – A Quick Checklist

3 Replies

Here’s a simple checklist for those (like me) that only do this infrequently. The instructions are minimal, as they assume you know how to complete each step:

p.s. I recently purchased a drive caddy that I can swap my DVD-ROM drive out for and an SSD drive and now run my VMs on the SSD and it is brilliant!

Provision the Windows/SQL Platform:

Get your hands on the install media for Windows Server 2008 R2 64-bit SP1 (or whatever the lastest SP is at the time)
Define a new Win2008 64-bit Virtual Machine (VirtualBox is good for this)
Enable a shared folder in the VM configuration so you can easily move files between host and guest
I have a quad-core laptop with 8GB ram and I like to give my VM 4GB ram and 2 cpu’s.
Complete the Windows 2008 installation and initial configuration
Install VM Additions
Change the Computer Name to something more user friendly like “CRMServer”
Turn off “Internet Explorer Enhanced Security” (via Server Manager)
Assign a static IP address to the VM (10.0.0.1 will do)
Run dcpromo.exe (type dcpromo at a command prompt) and promote the VM to a Domain Controller
Add the Web Server role to the VM
Upgrade to the latest version of IE and set Google as your default search provider
Install Adobe Reader, Silverlight and Flash
Install Microsoft Office (Outlook, Word and Excel)
Optionally create AD accounts for the various CRM and SQL Services, or, just use the default domain administrator account or the network service account for everything.
Install SQL Server 2008 R2 (or SQL 2012) (including Full Text Search and SSRS, and set SQL Agent to auto start)
Test SSRS (http://servername/reportmanager)
Create an Organizational Unit in the AD to house the CRM AD Groups (I tend to create one called “CRM”)
Go into Group Policy and set passwords never to expire (screenshot below)
Run Windows Update and install all patches

Install CRM:

Install CRM Server
Test CRM (http://servername:portnumber)
Add sample data
Create 5-10 demo users in the AD, add them to the Domain Admin group
Add the above users into CRM and assign them the CRM Sys Admin role
Install CRM Reporting Extensions (SSRS Data Connector)
Test CRM Reports
Install the latest CRM Rollup Packs
Configure Outlook to send/receive via a Hotmail account
Install the CRM Outlook Client and associated Rollup Pack
Test the CRM Outlook Client
Optionally install Visual Studio, CRM SDK, CRM Dev Toolkit and 3rd party tools like the View Replicator, Ribbon Editor, oData Query Designer, Metadata Browser, etc.
Optionally install and configure SharePoint 2010 and the CRM-SharePoint integration
Consider creating a SQL Maintenance Plan to schedule nightly SQLbackups
Shutdown the VM and then take a backup copy of it

Some screenshots:

Editing Group Policy (from Start\Admin Tools\Group Policy Management):

Microsoft CRM 2011 Outlook Client Command Line Installs

7 Replies

Ok, here is post #3 on command line installs, this time I will be covering the Outlook Client.

The Outlook Client installer can be downloaded from here. Download it and run it to extract out the installation files. The files will be extracted and then the installer will launch, cancel the installer at the first opportunity. Place the extracted installation files in a shared folder on a server somewhere.

There are 2 different approaches you can take with the Outlook Client installer.

1) You can execute a command line statement to install the Outlook Client on a local PC, or

2) You can execute a command that will generate an MSI installer for you to later deploy out to client PC’s.

Let’s start with the first approach...

The command line to install the Outlook Client looks like the below:

\\VBOX\CRMInstall\Setupclient.exe /Q /L C:\crm_client_install.log

Full details on what this all means can be found here. Now we don’t actually need a config file this time around, everything can be specified in the command line.

It is important to understand that the installation of the Outlook Client and the configuration of the Outlook Client to point to your CRM Server are 2 separate steps. All we are doing at this stage is installing the Client.

The above command line does not install the offline capability, However, the Go Offline button will be visible to the user and when clicked a wizard will launch that the user can use to add this capability. To hide the Go Offline button use the following command line install instead:

\\VBOX1\CRMInstall\Setupclient.exe /Q /L C:\crm_client_install.log /disableofflinecapability

Or if you want the install to include offline capability use the following command line install instead:

\\VBOX1\CRMInstall\Setupclient.exe /Q /L C:\crm_client_install.log /installofflinecapability

To run the install open a command prompt, navigate to the extracted installation files and then run your command. Little will happen initially, your command will simply clear as per the below:

If your install fails have a look at the log file created. If the issue is not clear you can try re-running the install with /LV rather than /L which will give you verbose logging.

And now the second approach…

This approach is not that different from the first, we are still executing Setupclient.exe at the command line but this time nothing is actually installed, instead an installer is created. I guess you just go this way if you want an MSI file.

The first step is to run the following command:

Setupclient.exe /A /Q /L C:\crm_client_install.log /targetdir "c:\Program Files\Microsoft Dynamics CRM Client"

Here we have added /A to indicate we want to create an admin installer and we are specifying a target directory for where the installer should be created.

So run the command, check the log file until you can see the process has completed and then browse to the target directory. There you will see an MSI has been created and the install files have been copied to an accompanying folder.

Now, to actually deploy the MSI file out to clients you can should be able to use a command like the below:

MSIEXEC.EXE /I "R:\GT_Shared\MSI\CrmClient_32.msi" /QN /LWAMOE C:\crm_client_install.log ALLUSERS=1

The /QN is meant to force a silent install. It doesn’t. I tried a few alternative switches and nothing seemed to give me a silent install. Not my area of expertise here. Perhaps software packaging folk know how to achieve this. Curiously, I did notice when I tried the first approach in this blog that the log file suggests that behind the scenes an MSI is being used and I saw this command…

msiexec /i "R:\GT_Shared\CRMShare\Client.msi" /q INSTALLLEVEL="3" INSTALLTYPE="INSTALL" SOURCEFOLDER="R:\GT_Shared\CRMShare" TARGETDIR="C:\Program Files\Microsoft Dynamics CRM" INSTALLDIR="C:\Program Files\Microsoft Dynamics CRM" /l+ "C:\crm50clientmsi.log" LOGFILE="C:\crm50clientmsi.log" ALLOWRUN="1" REBOOT=ReallySuppress NOSELECTION=1

… which must produce a silent install so there will be some clues there:

And finally, to do the actual configuration…

The command line for configuring the Outlook Client looks like this:

Microsoft.Crm.Application.Outlook.ConfigWizard.exe /Q /i \\VBOX1\CRMInstall\CONFIG\client_config.xml /l c:\crm_client_config.log

And the config file looks like this:

<Deployments> 
  <Deployment> 
    <DiscoveryUrl>http://vbox1:5555</DiscoveryUrl> 
    <Organizations> 
      <Organization IsPrimary='true'>TestCompany</Organization> 
    </Organizations> 
  </Deployment> 
</Deployments>

From a command prompt I browse to the folder where the CRM Outlook Client was installed (under Program Files) and then execute the command:

The command line provides no indication of processing, but check Task Manager and the log to see whether the configuration is running or not.

If no log file gets created or the log indicates error trying running the command without the /Q to see what’s going on.

A successful run creates a log file that ends like this (no visible indicator appears on screen):

Finally, launch Outlook to confirm and you should see your CRM Organisation available in Outlook:

Hope this helps someone Smile

CRM 2011 Command Line Install for SSRS and Email Router

1 Reply

In my previous post I went through the command line install of the CRM Server component.

In this post I demonstrate command line installation of:

The Microsoft Dynamics CRM Reporting Extensions, and
The Microsoft Dynamics CRM Email Router.

Microsoft Dynamics CRM Reporting Extensions

Firstly, don’t confuse the Microsoft Dynamics CRM Reporting Extensions with the Microsoft Dynamics CRM Report Authoring Extension. The Reporting Extensions is the integration component between the CRM Server and SSRS, it was known as the SSRS Data Connector under CRM 4.0. It used to be optional, now it’s required. The Authoring Extension is an add-on to the SSRS Report Designer that allows you to write custom reports against CRM Online (it enables FetchXML data sources / queries). It is optional.

2 things you need to know before you install the Reporting Extensions:

You must install the CRM Server first
The Reporting Extensions must be installed on the SSRS server

Ok, so here’s the command line:

SetupSrsDataConnector.exe /QR /L C:\CRMTEMP\reports_install_log.log /config C:\CRMTEMP\reports_install_config.xml

You’ll need to open a command prompt and navigate to the SrsDataConnector subfolder inside the folder containing the CRM Server install files.

And here’s the config file:

<crmsetup>

  <srsdataconnector>

    <configdbserver>VBOX1</configdbserver>

    <autoupdateconfigdb>1</autoupdateconfigdb>

    <autogroupmanagementoff>0</autogroupmanagementoff>

    <instancename>VBOX1</instancename>

    <InstallDir>c:\program files\Microsoft CRM</InstallDir>

    <patch update="true" />

  </srsdataconnector>

</crmsetup>

The rules are all nice and consistent with the CRM Server install command line and config file as discussed in previous post.

And just like server install very little appears to happen when you first run the command:

… but you can confirm it’s running by checking Task Manager:

Once complete, you can test the installation by trying to run a CRM report.

Go to Workplace –> Reports

Scroll down and double-click the User Summary report and then wait 5 minutes (SSRS takes a while to warm up the first time its used):

Online documentation is available here:

http://technet.microsoft.com/en-us/library/gg554828.aspx

There are errors in the samples provided, use my samples instead.

Microsoft Dynamics CRM Email Router

On to the Email Router. The Email Router is the optional server side component for email integration. It is typically used to configure outbound email sends via an SMTP server and inbound email processing via polling of Exchange Server mailboxes.

The Email Router can be installed on the Exchange Server, CRM Server, SQL Server, anywhere. Typically, it is installed on the CRM Server.

Here’s the command line:

SetupEmailRouter.exe /QR /L C:\CRMTEMP\email_install_log.log /config C:\CRMTEMP\email_install_config.xml

And here’s the config file:

<CRMSetup>

  <EmailRouter>

    <Features>

      <SinkService />

    </Features>

    <Patch update="true"></Patch>

    <InstallDir>c:\Program Files\Microsoft Dynamics CRM Email Router</InstallDir>

  </EmailRouter>

</CRMSetup>

Inside the Features node under SinkService you can add RulesWizard if you want the Rule Deployment Wizard installed (I never use this hence my sample excludes this). [UPDATE: Looks like the Rule Deployment Wizard gets installed regardless].

If you are downloading your CRM installers from the web rather than installing from a disc or an ISO you will need to separately download the Email Router installer from here. I downloaded from there, started the installed by double-clicking the exe in Windows Explorer, set the location for the extracted installer files, and then cancelled the install at the next prompt. I then opened a command prompt and navigated to the extracted installer files and ran my command.

The install experience is consistent…

Unexciting command line:

Installer visible under Task Manager:

My install failed with this message:

The online documentation does not mention any specific software requirements here unless you are installing the Rule Deployment Wizard. Looks like the installer is attempting to install the Rule Deployment Wizard despite my omitting it from the config file, so it looks like we need a MAPI client installed, per this documentation. We can either install Outlook on the machine or install Microsoft Exchange Server MAPI Client and Collaboration Data Objects. I installed the MAPI client, re-ran the Email Router install and the installer completed happily:

The 2 config files discussed in this post plus the config file for the CRM Server install discussed in my previous post are available as a single download here.

To test the install, launch the Email Router Configuration Manager from your Start menu:

And confirm it loads:

Note: you cannot script the configuration of the Router, that must now be done manually,

Smile

Installing CRM 2011 via Command Line and XML Config File

1 Reply

Here’s the first place you need to look: http://technet.microsoft.com/en-us/library/gg554834.aspx

Have a read of the content there to get a feel for this process. BUT do not use the sample file provided, it has a few typos that will annoy the hell out of you, read on instead…

My scenario:

Single server install (server name = VBOX1, domain name = GTDOMAIN)
I have already created an OU in the AD called “CRM” and will have the installer create the CRM AD groups in that folder
I have SQL installed and SSRS configured all good to go
I am just going to install the CRM 2011 Server

here

To execute the actual install open a command prompt and navigate to the CRM installation folder that contains SetupServer.exe:

Type a command line similar to the below:

SetupServer.exe /QR /L C:\CRMTEMP\server_install_log.log /config C:\CRMTEMP\server_install_config.xml

Place your config file in the folder specified, and make sure the name matches up.

You can use either /QR or /Q. The “R” gives you visibility of progress and errors.

When you run the above statement the command prompt will simply accept it and clear the prompt, leaving you wondering what went wrong:

If you check Task Manager you should see Microsoft.Crm.Setup.Server.exe doing its thing:

If you want more visibility of what’s going on drop the /QR from the command line. You will see each installation step, with the screens pre-populated based on the config file, but will need to click through each screen to nudge the process along. Handy for troubleshooting.

If the installer fails check the log file, I found it clearly pointed out the environmental issues that I needed to address (like forgetting to create the OU and not having SQL full text search installed).

Here’s my config file:

<CRMSetup> 
    <Server> 
        <Patch update="true"></Patch> 
        <LicenseKey>MQM2H-JYYRB-RRD6J-8WBBC-CVBD3</LicenseKey> 
        <SqlServer>VBOX1</SqlServer> 
        <Database create="true"/> 
        <Reporting URL="http://VBOX1/ReportServer"/> 
        <OrganizationCollation>Latin1_General_CI_AI</OrganizationCollation> 
        <basecurrency isocurrencycode="SGD" currencyname="Singapore Dollar" currencysymbol="$" currencyprecision="2"/> 
        <Organization>Test Company</Organization> 
        <OrganizationUniqueName>TestCompany</OrganizationUniqueName> 
        <OU>OU=CRM,DC=GTDOMAIN,DC=COM</OU> 
        <WebsiteUrl create="true" port="5555"> </WebsiteUrl> 
        <InstallDir>c:\Program Files\Microsoft Dynamics CRM</InstallDir> 
        <CrmServiceAccount type="DomainUser"> 
            <ServiceAccountLogin>GTDOMAIN\administrator</ServiceAccountLogin> 
            <ServiceAccountPassword>pass@word1</ServiceAccountPassword> 
        </CrmServiceAccount> 
        <SandboxServiceAccount type="DomainUser"> 
            <ServiceAccountLogin>GTDOMAIN\administrator</ServiceAccountLogin> 
            <ServiceAccountPassword>pass@word1</ServiceAccountPassword> 
        </SandboxServiceAccount> 
        <DeploymentServiceAccount type="DomainUser"> 
            <ServiceAccountLogin>GTDOMAIN\administrator</ServiceAccountLogin> 
            <ServiceAccountPassword>pass@word1</ServiceAccountPassword> 
        </DeploymentServiceAccount> 
        <AsyncServiceAccount type="DomainUser"> 
            <ServiceAccountLogin>GTDOMAIN\administrator</ServiceAccountLogin> 
            <ServiceAccountPassword>pass@word1</ServiceAccountPassword> 
        </AsyncServiceAccount> 
        <SQM optin="true"/> 
        <mu option="true"/> 
        <Email> 
            <IncomingExchangeServer name="VBOX1"/> 
        </Email> 
        </Server> 
</CRMSetup>

Some notes on the config file…

PATCH – I have Patch update set to true, this will force the installer to check for an updated install files online. If you don’t have an internet connection either set this to false, or leave it on true but add a path to a local folder that contains the install updates. Check out these posts for more details on this:

About the “Patch” option: http://technet.microsoft.com/en-us/library/gg554688.aspx

How to get an MSP file: http://support.microsoft.com/kb/2434455

AsyncServiceAccount – The Microsoft supplied sample found on technet has a typo here.

mu option="true" – Again, Microsoft has another typo.

IncomingExchangeServer – whether using Exchange or not make sure an actual server name is entered here (I entered the name of the server I was installing CRM on). If the installer can’t find the server the install won’t proceed.

OU – I have manually created an Organizational Unit in the AD called “CRM” prior. Make sure your AD OU is created before you attempt the install:

Everything else should be pretty obvious.

In my scenario I am using a domain admin account on a single server environment (DC, CRM, SQL) so security was easy peasy. If your environment is a little more complex then you’ll need to have a read of this blog:

http://blogs.msdn.com/b/darrenliu/archive/2011/04/27/minimum-permissions-required-for-dynamics-crm-2011-setup-services-and-components.aspx

That will get you started. There’s the email router, SRS data connector, rollup packs etc to do as well. Good luck!

The config file is available for download here.

Depending upon your environment some of the prerequisites auto-installed by the CRM installer may need to be manually installed prior to executing the command line install to enable success. This is due to restarts being required in between installation of certain prerequisites. The log file provides clarity around this when it happens.

How to Duplicate a Virtual Box Image

GT // CRM

Gareth Tucker on Microsoft Dynamics CRM