Custom Reports not working and ‘rsProcessingAborted’ error on MS Dynamics CRM with NLB

I try not to write about stuff that is available all over the web but i am still writing this blog because i could not find a solution for this online. I ran into alot of issues with our Reporting Server setup for CRM 2011 on-premises and had to spend a lot of hours before i could figure it out. First of all i really miss my old IT team as they were awesome and because of those guys i never had to deal with IT issues. Anyways so here are the details of the error along with the solution.

Dreaded rsProcessingAborted was what i got to start with. I checked the error log on the reporting server. I had following error in the log.

Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Query execution failed for dataset ‘DSMain’.Microsoft.Crm.Reporting.DataExtensionShim.Common.ReportExecutionException:
Microsoft.Crm.CrmException: An unexpected error occurred.
System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner exception.

All these errors are explained in Conor’s blog so just refer to that if you have these issues.

http://blog.simpletrees.com/2013/04/mscrm-and-dreaded-rsprocessingaborted.html

However once this was fixed i ran into an issue where custom reports were not working. I didn’t have any error in the error log. I opened up the execution log in the reporting DB and i could not see the request.

 

ISSUE:

–          Hardware architecture:

  • NLB with 2 CRM 2011 web application servers on SSL. 1 SSRS server and a separate SQL back-end server SQL 2008 R2.

–          Reports – Canned reports shipped with MS Dynamics CRM worked. Custom reports created using “Report Wizard” in CRM 2011 worked intermittently. Those that did not work didn’t show any errors in event viewer on CRM 2011 application server, application server trace logs, Report server logs and reports server execution log in SQL show that a request never got to the report server.

Probable CAUSE: ( I am not sure about this so feel free to correct me if i am wrong)

–          SSRS server creates a session for the report request. Let’s assume the request was instantiated by Application server A and gets to reporting server. In order to establish the session there will be back and forth message flow between SSRS and application server. However as it is a web farm it could be that response from SSRS gets to the Application server B. Application server B fails to decrypt the message and does not know if the request was sent from Application Server A probably because the machine key is not the same on both the application servers. Application Server B never responds back to the request and application server A is left hanging waiting for the session from SSRS. That is why the report does not work.

 

RESOLUTION:

–   Applied and issue resolved:       Generated the machine key on one application server and used it on both application servers. After this change irrespective of which application server receives the request the request should be decrypted and session should be established with the right application server. This fixed the report issue.

MSFT recommended: (Makes more sense) I opened a ticket with MSFT to confirm if this is the right solution. Here is what they suggested.

Make sure the Affinity or the Sticky Session is set to 1 / True. This will enable the request initiated on one server to be completed on that server.

For more information refer the links

–          http://msdn.microsoft.com/en-us/library/dd979314(v=crm.6).aspx

–          http://technet.microsoft.com/en-us/library/bb687542.aspx

I hope this will save someone’s time.

 

 

Advertisements

Microsoft Dynamics CRM 2011 Migration

just wanted to introduce our migration utility. What better way than a simple webcast.

MS CRM Dynamics Online and claim based authentication

MS CRM 4.0 implementation often involves customization. This customization might be custom web application that open up inside CRM or some content from CRM that opens up in the web applications. If the customizations reside on the same machine as CRM then authentication is not an issue. However at times its is imperative that these custom applications reside on separate servers. This requirement would increase with custom applications pulling data from CRM moving to the cloud. There would be an increased requirement for  single sign on or claim based authentication using windows identity foundation. Moreover incase of custom application the security considerations of end users can only be satisfied with a robust security provider in place.

The purpose of this article and ones to follow in this series is to configure STS between the IP and RP. In this post I will configure a web application on windows azure and then will use Microsoft Federation Gateway as the IP by establishing STS between the application and STS service. This would enable the authentication of our azure application to be handled by third party identity provider and would also enable using windows live Id to log into our application. As the token received would be based on the live Id it can be used for claim based authentication. Unfortunately CRM Dynamics does not support claim based authentication so we will be using the SDK class ‘Wlidticket’ for the generation of ticket to be used for accessing CRM service. The only problem is that for the generation of this ticket we will have to use the LiveId and password. Ideally we should have used the claims for subsequent calls to CRM service and this is what we would do with CRM 2011 in the next article. This is huge because it would mean that external application would have a windows Live login and they will be able to pull up CRM data without having to store user credentials. Many of the applications I have seen today are rejected by consumers because they either require multiple logins or they store user credentials. However that is for the next article. In this blog we will have to live with what is available in CRM Dynamics online. Before we start with the actual scenario I just want to highlight that we are using the federation gateway so that we could use windows live authentication service and this requires WIF. If you are not hosting application on windows Azure then you can also use RPS (Relying Party Suite). Anyways so lets get to setting up our windows azure application and configuring STS. Usually service account is used for accessing the CRM service so setup the live id for the service account in CRM online. In-order to enable impersonation on CRM online assign the proxy role to the service account.

Here is the summary of steps we need to do:

1. Register the azure service DNS on Microsoft federation service, msm.live.com.

2. Configure azure application to accept the windows live security token. This is done using WIF.

3. Configure CRM online for the service account and enable proxy account.

4. Configure azure to use ‘Wlidticket’ class from CRM 4.0 SDK and generate ticket to be used for accessing CRM online service.

 

1. Register the azure service DNS on Microsoft federation service:

a. Use the service account linked with live id to access http://msm.live.com

b. Keep in mind that here you would start with test platform(INT) however in-order to work with CRM online you will have to use production platform.

c. Register a new site on msm.live.com.

 

image

d. DNS would be the unique identifier for your website. I am using tayyab.cloudapp.net as DNS in this example. DNS name has to be a unique URI. Use the address for your cloud application if it is already available. This can be modified later..

e. On submission you will se the confirmation page. Confirm and go to ‘Modify editable site properties’.

f. Modify the site properties. I have changed the DNS to a URN. Later we will use this in our cloud application to establish STS. Note the return Url is using https.This is because we will be using the MBI_FED_SSL authentication policy.

image

g. Domain name is ‘Cloudapp.net’ as we plan to deploy our application on Azure Cloud.

h. Set Override Authentication Policy field to MBI_FED_SSL.

image

i. Click Submit and confirm. You have successfully established STS between MSM live and your cloud application. Now we will setup the cloud application and configure it to receive token from STS service.

 

2. Configure azure application to accept the windows live security token:

a. Make sure you have WIF, VS 2010 and azure account.

b. Start with your cloud application. This blog is not going to cover the details of creating Azure applications. Once the cloud application is in place we need to first of all configure it to use HTTPS. Generate a certificate and add it to your cloud application on windows.azure.com. (you can use selfssl for this)

c. Configuring your cloud application to use this certificate requires modifying the role properties in cloud application using VS 2010.

d. Go to Web Role properties under the cloud service project and perform following:

         i ) Under certifications add the certificate that you just added to the windows.azure.com.

         ii) Under Endpoints check https and uncheck http. Choose the certificate we just added.

        iii) Under configuration setup trust level to Full Trust. Check HTTPS endpoint.

e. Add WIF classes to enable the cloud applicationto receive and process the claims.

Add following classes:

  • CustomIssuerTokenResolver.cs
  • WIFSampleRequestValidator.cs
  • Wlidticketforazure.cs

Use the link for the labs on WIF.

http://channel9.msdn.com/Learn/Courses/IdentityTrainingCourse/WebSitesAndIdentity/WebSitesAndIdentityLab

f. Add required assemblies for accessing CRM online webservice and using Identity Model. Keep in mind you will be deploying on cloud platform so you have to make sure Copy Local is “True” for all Dlls that you will need on Azure platform.

g. Add web reference for the crm web service.

h. Add STS reference to the windows Live STS. Right click on the Web Role and add STS. The federation utility will start.

image

In the application URI use the DNS name configured for the URN or azure application on msm.live.

i. In the ‘Security Token Service’ screen specify “Use an Existing STS’ and copy paste this link.

https://nexus.passport.com/FederationMetaData/2007-06/FederationMetaData.xml

j. Use no encryption and no chaining and click finish. A dialog would open up that federation utility finished successfully.

k. Update the default page to get the ticket that will be used for authentication.

 

string ticket = LiveIdTicketManager.RetrieveTicket("devicePassword(add anything here>", "crm.dynamics.com", "serviceAccount@live.com (this is received in the claim)", "<passWord>", "MBI_SSL", LiveIdTicketManager.LiveIdEnvironment.PROD (use INT for INT environment, true, "hostedServiceName" (url for azure application));

 

3. Configure CRM online for the service account and enable proxy account:

a. Make sure you have the account setup on CRM online and it has the proxy role.

4. Deploy application on Azure

a. Deploy the cloud app on Azure.

5. Test Application

a. Access the azure application. If all is configured properly you will be redirected to the windows live login page. Once you have given the login credentials you will receive the claim in your default application.

 

I have tried to skip the details and the post is long as is so please let me know if you have any questions. Make sure that you look into WIF in some detail so that you have clear understanding as to what is going on with the ticket and claim.

Ideally speaking once we have the claim we should use it for authentication in other applications. However CRM Dynamics online does not support claims so we used the ticket thanks to the Microsoft for providing with this work around. The actual purpose of this blog is to set ground for using claims with CRM 2011 online as it supports claim based authentication. I will be writing about that soon. Happy coding !!!

CRM 2011 Beta – Installation

I have been trying to setup my first CRM 2011 Beta On-Premises server and i have have resolved some glitches so thought about sharing that with the community.

Pre-Requisites:

1. Windows server 2008 R2

2. Make sure that you have active directory setup on your machine. If not then here is a very good series of articles that explains how to do that.

http://www.windowsreference.com/windows-server-2008/step-by-step-guide-for-windows-server-2008-domain-controller-and-dns-server-setup/

3. SQL Server 2008 along with reporting server is required for CRM 2011

4. IIS needs to be configured. Ensure that Url for reporting server is accessible

Installing CRM:

Based on the your machine please make sure that you get the right copy of CRM. Amd64 for 64-bit O.S.  Once you have these things covered its time to go ahead with your installation. CRM  2011 On-Premises setup would guide you through the following steps. There should not be any issue doing this and most probably you will have your CRM up and running fairly quickly.

Outlook Client for CRM 2011:

As you look to install the outlook client which most of you would because it ceratinly is amongst the selling pitch for CRM 2011. Make sure that you have Microsoft Outlook 64 bit running for this to work. If not uninstall MIcrosoft Office and install the 64 bit version. If you have problems uninstalling please refer to this link.

http://support.microsoft.com/kb/290301

 Outlook client installation should be the same as your outlook meaning it should be x64 for x64 outlook. Once that is ensured I think you would be fine with rest of the installation. However i faced lots of issues with it and most of them are solved here.

http://social.microsoft.com/Forums/en-US/crm2011beta/thread/c7affa77-41d7-462d-bbc6-cd8f540f7194

If you have outlook client for office 2010 configured and running then you are one lucky guy and befor you check it out you need to celebrate because its no small feat and YES i am not joking. If you are stuck here and you cant find any help even after looking at microsoft forums you have to try this.

1. Create a new profile as C. Bates mentioned in his post on the forum. It helps to solve problems in relationship to ids linked up with your profile.

2. Make sure you uninstall Windows Live 2011 if that is installed. I had it with my Windows 7 and it gave me all sort of problems. After that do install an earlier version and make sure that IDCRLVersion in registry is 6.x.x.

3. Unistall microsoft client for outlook and setpup outlook for your account profile.

4. Make sure you clean up regitry entries.

5. Install client again and then try to configure your CRM 2011 client. Now it should work fine.

6. If you have problems again maybe you just need to create a clean profile and install again but this should normally make it work.

7. Logs and Trace files are available so review them for errors in case you have any.

I hope this helps.

CRM 2011 integration with Sharepoint Foundation 2010

I just attended a session on the new features in CRM and on its integraiton with Share Point. I will post the link for that session here so that readers could get to know a little more detail that was covered in this session. Until i share that link here is the review of hyped up integration between sharepoint and CRM . Firstly to start with just want everyone to know that security propogation is still not there with the integration so if you are looking for that feature with new integration then i am sorry to disappoint you. Anyways it is still a smooth integration and allows for document collaboraiton in relation to any entity in the CRM. Integration with Sharepoint can be two way which means that one can add a document entity to CRM that would enable all sharepoint related features like checking in documents, checkout, versioning and search features with in CRM. On the other hand one could also enable the integration so that entities from CRM start showing up on the Sharepoint. I will cover the Sharepoint to CRM integration first.

Document Management in CRM: CRM can be integrated with sharepoint easily with this new tool called as CRM list component. This tool needs to be downloaded seperated and installed to the Sharepoint foundation site and enabled. Once that is done CRM can be configured using the Setting menu to enable the entities for the sharepoing collaboration. In addition one needs to specify the Url for the site that is configured for integraiton (where the component was installed). Once this is done the integration is complete and on addition of documents in CRM a new library is created in Sharepoint. Existing libraries can also be added to the entities. Each entity with documents would have a library associaiton with the address in format “siteaddress/Acocunts/Account Name/Entity Name/ account/”. This is pretty much it as far as this integration is concerned. Integration is pretty neat however there are a few minor glitches that are still there and i will cover them in the next article in which i would also gove step by step approach of CRM 2011 integraiton with Share Point 2010.

CRM Entities in Sharepoint: Business connectivity service allows showing up the CRM data in Sharepoint. This is a simple but powerful service that allows for all the modifications with the Sharepoint. However as you would imagine one would have to create custom web pages to show the data in Sharepoint. An important thing to note is the CRM is based on .NET 4.0 and Sharepoint 2010 on .NET 3.5 so one would be better of exposing end points and then using the data from there. The best thing about this integraiton is that one can use it as internet facing CRM without having to buy the licenses.

Some of the drawbacks for the the whole integration are that in CRM with document mgmt the documents associated with leads would not transfer to acocunt and opportunities. In case the opportunity is revised a new library would be created each time. The documents are added but the regarding field is empty because it is created by concatenating certain fields which are not necessarily mandatory. Anyways apart from these small issues:) it looks great. It was a very nice session by Kuba Skalbania that enabled me to share this information with you. I will be doing this later this week to give you some more insight into that. Till then please let me know if you have some questions so that i could explore those once i try this out.