Archive for July, 2014

Getting Microsoft Dynamics Customer Relationship Management (CRM) to behave well with Kerberos Authentication

July 9, 2014 Leave a comment

Unlike SharePoint 2010 when you configure a new web application to use Kerberos Mode Authentication SharePoint 2010 knows how to handle these request and updates the applicationHost.config file accordingly to work well with Kerberos authentication, unfortunately CRM does not behave the same way and needs a little work.

Like for SharePoint 2010 web applications,  CRM Web Applications will still need some manual configurations done to get Kerberos to work.  I will not get into details on how this is done, but you can follow the Microsoft Technet Article on how this is properly configured.

Since SharePoint 2010 and IIS7 do not play well when Kernel-Mode Authentication is enabled its recommended to not enable this within IIS7 since it will break SharePoint.  However, to get Kerberos to work with CRM this needs to be enabled along with updating the applicationHost.config file.

Below are the steps you need to take to get Kerberos Authentication to work within CRM.  These steps are assuming all SPNs have been created and delegation has been done.

1.  Log into each CRM Web Front End (if load-balanced)
2.  Open up Internet Information Services (IIS) 7
3.  Click on the Microsoft Dynamics CRM Site
4.  Under the IIS section double click the Authentication Icon.
5.  Highlight Windows Authentication and under Actions on the right select Providers…
6.  Make sure Negotiate is one of the Enabled Providers and is listed first.  If not click the drop down for Available Providers select it and add it to the list.
7.  Next select Advanced Settings and check the Enable Kernel-Mode authentication checkbox to enable.
8.  Now time to update the applicationHost.config so that the CRM Web Application knows how to handle the Kerberos tickets.
9.  Browse to C:\Windows\System32\inetserv\config and open up the applicationHost.config file with notepad.
10.  Find the <authentication> section of the applicationHost.config file and look for the <windowsAuthentication> tag.
11.  Next update the tag to include the useAppPoolCredentials=”true”  like this:

<windowsAuthentication enable=”true”  useKernelMode=”true” useAppPoolCredentials=”true”>

12.  Save the applicationHost.config file and do an IISReset

After doing the above steps on all CRM Web Front End servers, Kerberos should be configured properly now for CRM.  Try to browse to your CRM Web instance to make sure you are able to authenticate and there is a Kerberos ticket issued.

Check to see if there are Kerberos Tickets:

Cmd Prompt | type: klist





SharePoint 2010: Unable to create or access workbook cache at C:\WINDOWS\TEMP\Excel Server\FileCache\Workbooks

July 9, 2014 2 comments

I ran into an issue recently with Excel Services when trying to open up Excel files on the portal where the Opening Documents in the Browser option was set to open in the browser.   When trying to opening up the excel file in the browser I would get the error message:  “An error has occurred.  Please try again” and the browser window will close out not allowing me to view the file.  Looking on the SharePoint web front end servers I was noticing this error in the event viewer:

Unable to create or access workbook cache at C:\WINDOWS\TEMP\Excel Server\FileCache\<GUID>\Workbooks

When I browsed to that location on the server I did not see a directory structure for Excel Server\FileCache\<GUID>\Workbooks.  Somehow this directory was deleted or was never created when the Excel Services was configured.

By default the Excel Services Application saves the workbooks it loads to a temporary cache on disk. In this case, a workbook disk cache cannot be created on the Excel Services Application server computer due to permissions, disk I/O Errors, or space.

If you run into this issue, these are the steps I took to fix the problem.

1.  Log into all Web Front End Servers that report the above errors in the event viewer.
2.  Browse to C:\WINDOWS\TEMP and create the directory structure for the Excel Server found in the event viewer error manually.
3.  Go back to Central Administration, and stop/restart the Excel Calculation Services on all the web front end servers.

Central Administration|System Settings|Manage Services on server|Excel Calculation Services

4.  Repeat these steps for any others errors like this you might find.

Browse back to the location on the portal, this should fix the issue with opening up the Excel Files in the browser.