Monday, 19 December 2011

Crm Hidden Security Privileges

The Background
I recently had a client who couldn’t create BU even when she was give all rights on the “Business Unit” entity.


The Symptoms
When the user created a BU under the root BU, she will get a big error in face says “You do not have enough privileges to access the Microsoft Dynamics CRM object or perform the requested operation.”. In the Crm server trace log, I found the following error message:

Error: Exception has been thrown by the target of an invocation.
Error Number: 0x80048306
Error Message: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: e4b0437d-0c33-e011-aed8-00155d00cb35, OwningUser: 00000000-0000-0000-0000-000000000000 and CallingUser: 62eeaabf-2e49-e011-8b16-00155d00cb35
Error Details: SecLib::AccessCheckEx failed. Returned hr = -2147187962, ObjectID: e4b0437d-0c33-e011-aed8-00155d00cb35, OwningUser: 00000000-0000-0000-0000-000000000000 and CallingUser: 62eeaabf-2e49-e011-8b16-00155d00cb35

Investigation:
As the tracing log has no mention about the privilegeid, I decided to have a play with the security role just in case creating BU requires privilege of other entities. However after I added full privileges to every entity for that user, she still could not create a BU. While I was scratching my head, my colleague has mentioned hidden privileges to me.

The Solution:
The cause of the issue was the lack of crm hidden privileges. To enable a security role to allow its user to create BU, you need to give it some special security roles which is not available on the UI. The easiest way you can assign those privileges to a role is to copy from another role which already has those special privileges. So what I done was that I copied the system admin role to a new role called “BU Creator”, Then I removed every privilege I could from that role. So that the “BU creator” role essentially became a role which only contained special privileges. Then I added the role to the crm user I was using and it worked!

If you want to dig deeper into the crm hidden securities, here is a great blog post to read http://blogs.msdn.com/b/crm/archive/2009/08/04/viewing-all-crm-privileges-including-hidden-privileges.aspx.

Additional Reference:
http://support.microsoft.com/kb/957976/en-us

Sunday, 18 December 2011

Crm Security issue ultimate solution.

Crm Security issue ultimate solution unless it has anything to do with the hidden security privilege.

Step 1: Look into the event log and trace file to find something like

>MSCRM Error Report:
--------------------------------------------------------------------------------------------------------
Error: Server was unable to process request.
Error Number: 0x80040220
Error Message: SecLib::CrmCheckPrivilege failed. Returned hr = -2147220960 on UserId: e65023ae-54d1-da11-8e39-00145e3d5192 and PrivilegeId: a8ecac53-09e8-4a13-b598-8d8c87bc3d33

Step 2:
Locate the PrivilegeId value

Step 3: Run the following sql query to find missing privilege
select Name, * from PrivilegeBase where PrivilegeId = 'a8ecac53-09e8-4a13-b598-8d8c87bc3d33'

Step 4:
Add in the missing privilege.

Reference:
http://support.microsoft.com/kb/953962
http://mayankp.wordpress.com/tag/crm-security/

A user can not create Business Units (BU)

To enable a security role to allow its user to create BU, you need to give it some special security roles which is not available on the UI. Only way you can assign those privileges to a role is to copy from another role which already has those special privileges. So what I done is that I copied the system admin role to a new role called “BU Creator”, Then I removed every privilege I can from that role. So that the “BU creator” role essentially becomes a role which only contained special privileges. Then I added the role to the crm user I was using and it worked. It worked on both dev and uat.

Viewing all crm privileges including hidden privileges
http://blogs.msdn.com/b/crm/archive/2009/08/04/viewing-all-crm-privileges-including-hidden-privileges.aspx

Why put the production org and the uat org on same server is a bad practice?

* You cannot test rollup on UAT because the test will affect both.
* If you have heavy load (e.g. load testing or uat is looping on something) on UAT, it will affect Production org's performance.

Wednesday, 14 December 2011

Using the CrmDiscoveryService Web Service: IFD

Access Discovery Service from a Crm 4.0 IFD deployment. However this url is not going to work for the plugin registry tool. Because this url will be redirected to the sign in page.
https://localhost/MSCRMServices/2007/SPLA/CrmDiscoveryService.asmx

Monday, 12 December 2011

Where is the code snippets folder for Visual Studio

C:\Users\Kelvin\Documents\Visual Studio 2010\Code Snippets

Sunday, 11 December 2011

Tutorial: Learn 4 ways to put campaign responses to work for you

http://rc.crm.dynamics.com/RC/2011/en-us/online/5.1_CTP/campaignresponses.aspx
http://rc.crm.dynamics.com/rc/2011/en-us/online/5.0/campresproutingdiagram.aspx
http://blogs.msdn.com/b/crm/archive/2008/01/31/crm-4-0-campaign-vs-quick-campaign-flow-chart.aspx

Lesson 1: Create a new campaign response manually

Sales and marketing teams can use Microsoft Dynamics CRM Online to manually enter customer responses as campaign response records, based on a direct marketing campaign activity. You can create responses manually by creating a campaign activity and then converting it, or by creating a new campaign response in a Campaign form.
For example, when your company launches a new product, you may set up a campaign from start to finish in Microsoft Dynamics CRM Online. As part of your campaign, you may also decide to set up a booth at the county fair to promote this product. You create only one campaign activity for the event itself. You use a printed sign-up sheet on a clipboard to collect contact information from people who are interested in learning more about your product. Back in your office, you can add each of these potential customers into Microsoft Dynamics CRM Online as a campaign response activity associated with the campaign activity for the event.
Only the following activities can be converted to campaign responses:
Appointment
E-mail
Fax
Letter
Phone Call
By opening the campaign record for your product launch and clicking Campaign Responses under Common, you can see the list of all campaign responses collected to this point. You can then click New to create the campaign response in Microsoft Dynamics CRM Online and automatically associate it with the parent campaign.
Tip
Although you can create campaign responses manually in Microsoft Dynamics CRM Online, for situations where you receive contact information outside the system, you may want to consider entering the potential customers as leads instead. You can then convert these leads to opportunities. When you convert a lead to an opportunity, you can also record the fact that the opportunity was generated from a campaign response, as described in the next section.
Top
Lesson 2: Convert an activity to a campaign response

When someone responds to the marketing material you've sent, you can convert the corresponding campaign activity, such as a phone call, e-mail, or appointment, to a campaign response.
Tip
In Microsoft Dynamics CRM Online, you directly promote an activity to a campaign response, or you can create campaign responses from activities when you convert an individual activity to an opportunity.
For example, to help promote your new product to retailers, you create phone call activities that you distribute to your telesales representatives. One of the retailers on your call list responds favorably to your organization's offer. With the Phone Call activity form open, your telesales representative clicks Promote to Response in the Convert Activity group. Alternatively, the representative can also click To Opportunity in the Convert Activity group, and then locate and select data for the Customer field and Source Campaign field. By default, the Record a closed campaign response option is selected, which will automatically generate a campaign response and associate it to the campaign in Microsoft Dynamics CRM Online.
Top
Lesson 3: Automate creating campaign responses

For e-mail activities that are included in your campaign, you can use Microsoft Dynamics CRM Online to generate the campaign responses automatically. When customers respond to e-mail activities, you can choose to have Microsoft Dynamics CRM Online create the corresponding campaign response records automatically.
For example, from a campaign record, you create a campaign activity and choose e-mail as the channel. Because you created the activity from within the campaign record, the e-mail activity is automatically associated with the marketing campaign. After selecting a marketing list, distribute the activity. Microsoft Dynamics CRM Online then creates individual e-mail activities with the Regarding field displaying the information that was entered in the Subject field of the Campaign Activity form. If the recipient sends an e-mail back to your organization, Microsoft Dynamics CRM Online will automatically match the incoming message with the needed e-mail activity, based on information in the e-mail subject line. If Microsoft Dynamics CRM Online finds a match, it creates a corresponding campaign response activity.
Important
This option is available only if e-mail tracking is enabled. This is a setting your system administrator can set. If you are a system administrator, follow these instructions:
In the Navigation Pane, click Settings, and then click Administration.
Click System Settings.
In the System Setting dialog box, click the E-mail tab.
Select the Track e-mails sent between CRM users as two activities option.
Click the Marketing tab, and then verify that Create campaign responses for incoming e-mail is set to Yes.
Click OK to save your changes and close the System Setting dialog box.
Top
Lesson 4: Import campaign responses

In addition to creating campaign responses in Microsoft Dynamics CRM Online, you can also create them outside the system and then import them. By importing campaign responses, you can capture a record of the responses received as part of campaign efforts performed outside Microsoft Dynamics CRM Online.
For example, instead of hiring additional telesales representatives to handle the temporary increase in call volume during the product launch, you may outsource some of this work to a vendor. You may not want to provide access to Microsoft Dynamics CRM Online to these temporary telesales representatives. You can have the telesales representatives add the responses received during the week to a file, and send the file to you. You can then import this file into Microsoft Dynamics CRM Online. When you import the file, Microsoft Dynamics CRM Online creates individual campaign responses and associates them with the campaign you specify.

Saturday, 10 December 2011

Stroke awareness campaign - FAST (Face, Arm, Speech, Time) message

F.A.S.T. stands for Facial weakness; Arm weakness; Speech difficulty and Time .… time to act fast and dial 111. You will only have 4 and half hours and there will be a permanent damage.

http://www.strokefoundation.com.au/blog/?p=1024

Thursday, 8 December 2011

My tool belt - Tools

BgInfo: System info on your desktop background. http://technet.microsoft.com/en-us/sysinternals/bb897557.aspx

Many of the following are very useful debug tools.

DB Tools:
* VS 2008 and VS 2010, Schema Compare and Data Compare tool.

DB Performance Tools:
SQLDiag - Data collector
PSSDiag - Configure SQLDiag
SQLNexus - Data Reporting tool
PAL (Performance Analysis of Logs)  
Troubleshooting Performance in CRM: Data Tier Part 1 – Capturing the Data

Crm server tools:
* Crm Event Listner
* Crm diagnostic tool for server - CrmDiagTool4. The tool will need to be downloaded separately.
* Crm Log Viewer
* MS CRM Plug-in Debugger. http://archive.msdn.microsoft.com/MSCRMPluginDebugger
http://blogs.msdn.com/b/crm/archive/2008/05/12/testing-crm-plug-ins.aspx
* View Crm 4.0 hidden privileges
http://blogs.msdn.com/b/crm/archive/2009/08/04/viewing-all-crm-privileges-including-hidden-privileges.aspx
http://archive.msdn.microsoft.com/CrmSecurityReports

Crm 2011 tools:
OData Query Designer

Crm Client Libraries:
XrmServiceToolkit

Crm Client tools:
* Microsoft Dynamics Crm Office Client Diagnostics - For debugging on a client. This tool come with Crm Outlook client and does NOT require a separate installation.
* Crm configuration wizard
* Client tracing

Windows Debugging Tools:
* User Mode Process Dumper
http://www.microsoft.com/download/en/confirmation.aspx?id=4060

* Windows Driver Kit WDK
http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

* How to use ADPlus.vbs to troubleshoot "hangs" and "crashes"
http://support.microsoft.com/kb/286350

* IIS Exception monitor

Dev tools:
Productivity Power Tools

Checksums tool:
HashCheck

Screen share tool:
* teamviewer
* netviewer

Presentation tool:
* ZoomIt - http://technet.microsoft.com/en-us/sysinternals/bb897434

Online tools:
* https://github.com/

Disk De-fragmentation tool:
Auslogics Disk Defrag Free
Ref:
http://www.hanselman.com/blog/TheBestVisualStudio2010ProductivityPowerToolsPowerCommandsAndExtensions.aspx

WinDirStat - Shows you how big are each folder
http://windirstat.info/

Assembly reference analysis tool:
Assembly Binding Log Viewer (Fuslogvw.exe)
Orca - Modify MSI file

File compare tools:
KDiff
DiffMerge
WinMerge
BeyondCompare (NOT FREE)

Office:
http://www.libreoffice.org

Monday, 5 December 2011

Crm Performance

http://crmperftoolkit.codeplex.com/

http://blogs.msdn.com/b/benlec/archive/2009/01/20/deadlocks-performance-issues-mscrm-database-growth-asyncoperationbase-table-increase.aspx

http://blogs.msdn.com/b/crm/archive/2009/01/16/tips-for-faster-and-better-performance-on-microsoft-dynamics-crm-4-0.aspx

http://blog.dynatrace.com/2010/09/02/top-3-performance-problems-in-custom-microsoft-crm-applications/

Saturday, 3 December 2011

Thoughts of the day

To study efficiently.

* Very clear goal. e.g. For a project, for an exam or for reading through a book.
* Have to be structured. You have to have a list of things to do. E.g. Practice exam or a book.
* Time and measurement
* To enable myself to study - news in picture can bring me to the mood.

Friday, 2 December 2011

CRM 2011 Diagnostic Tool

http://db.tt/rYNBMR5L

IPhone

To replace iPhone back panel, you can buy one from
http://www.iphonewzealand.co.nz/2010/all/replacement-metal-iphone-4-back-looks-awesome-easy-to-install-and-wont-void-your-warranty/
or
http://www.ifix.co.nz/

Wellington 101 - Bars

Motel - http://motelbar.co.nz/
Boogie wonderland - http://www.boogiewonderland.co.nz/gallery.aspx
Rain - Asian bar

Cheese

Brie cheese - Soft cheese with white cover

Manuka smoked tasty Grouda cheese - delicious soft cheese covered with manuka powder. Grouda
Wholesmoked nz ltd
http://www.wholesmoked.co.nz/

Blue vein cream cheese is better than pure blue cheese.

Cheddar cheese - Hard cheese

Smoked cheese.

hard cheese (Maybe with red wax).

Queens jam is great when eat with cheese. Queens jam is a fruit jam.

Cheese waxing