Wednesday 29 October 2014

Export / Import Lab Virtual Machines

  1. De-provision the lab. Use the Stop-AzureVM and Export-AzureVM cmdlets in the PowerShell snippet below to shutdown and export lab VMs when they are not being used.  
     
    # Specify the Name of the VM to Export
     
    $myVM = "XXXlabad01" 
     
    # Stop the VM prior to exporting it
     
    Stop-AzureVM -ServiceName $myVM -Name $myVM 
     
    # Set the Export folder path for the VM configuration file.  Make sure this folder exists!

     
    $ExportPath = "C:\ExportVMs\ExportAzureVM-$myVM.xml" 
     
    # Export the VM to a file
     
    Export-AzureVM -ServiceName $myVM -name $myVM -Path $ExportPath  
     
    # After you've confirmed that the Export file exists, delete the VM
     
    Remove-AzureVM -ServiceName $myVM -name $myVM

     
  2. Re-provision the lab. Use the Import-AzureVM and Start-AzureVM cmdlets in the PowerShell snippet below to import and start lab VMs when needed again.
     
    # Specify the Name of the VM to Import

    $myVM = “XXXlabad01" 

    # Specify the Name of the Virtual Network on which to Import the VM

    $myVNet = "XXXlabnet01"

    # Specify the Import Path of the VM’s exported configuration file.
     
    $ImportPath = "C:\ExportVMs\ExportAzureVM-$myVM.xml"

    # Specify the Windows Azure Storage Account to be used.

    $myStorageAccount = "XXXlabstor01"

    Get-AzureSubscription | Set-AzureSubscription -CurrentStorageAccount $myStorageAccount 
     
    # Import the VM to Windows Azure
     
    Import-AzureVM -Path $ImportPath | New-AzureVM -ServiceName $myVM -VNetName $myVNet 
     
    # Start the VM  
    Start-AzureVM -ServiceName $myVM -name $myVM

Tuesday 21 October 2014

Build SharePoint 2013 in the Cloud with Windows Azure

 

Prerequisites


  1. Login to the Windows Azure Management Portal.
     
    Login to the web-based Windows Azure Management Portal with the same logon credentials you used to sign-up for the FREE 90-day Trial above.  Once you’ve logged in, you should see the main Windows Azure Management portal dashboard.
     
    Portal01
    Windows Azure Management Portal dashboard
     
    On the Windows Azure Management Portal, you’ll find the options ( highlighted in the image above ) for managing Virtual Machines, Virtual Networks and Storage in the cloud.  These are the items we’ll be primarily working with in this article series.
     
  2. Define a new Windows Azure Affinity Group.
     
    Affinity Groups in Windows Azure are used to group your cloud-based services together, such as Virtual Machines, Virtual Networks and Storage, in order to achieve optimal performance.  When you use an affinity group, Windows Azure will keep all services that belong to your affinity group running within the same data center as close as possible to each other to reduce latency and increase performance.

    - Create a new Affinity Group by selecting Settings from the side navigation bar in the Windows Azure Management Portal. 
     
    - On the Settings page, select the Affinity Groups tab on the top navigation bar. 
     
    - Click the +ADD button on the bottom navigation bar.
     
  3. On the Create Affinity Group form, enter the following details:
     
    - Name: Enter a unique name for your new Affinity Group, such as XXXlab01 (where XXX is replaced with your initials)
     
    - Region: Select the closest Windows Azure data center region to your locale.  This is the data center region in which your services will be provisioned.
     
  4. Create a new Windows Azure Storage Account.
     
    Virtual Machines that are provisioned in Windows Azure are stored in the world-wide cloud-based Windows Azure Storage service.  In terms of high availability, the Storage service provides built-in storage replication capability – where every VM is replicated to three separate locations within the Windows Azure data center region you select.  In addition, Windows Azure Storage provides a geo-replication feature for also replicating your VMs to a remote data center region.
     
    Create a new Storage account by clicking the +NEW button on the bottom toolbar in the Windows Azure Management Portal and then select Data Services | Storage | Quick Create.  
     
    Portal03
    Creating a new Storage account in Windows Azure
     
    Complete the following fields for creating your Storage account:

    - URL: Enter a unique name for your new storage account, such as XXXlabstor01 (where XXX is replaced with your initials)
     
    - Region/Affinity Group: Select the Affinity Group you created in Step 3 above.
     
    - Enable Geo-Replication: By default, this option is selected.  Leave the default option in place.
     
    Click the CREATE STORAGE ACCOUNT button to create your new Windows Azure Storage account.
     
  5. Download, Install and Configure the Windows Azure PowerShell Management Tools
     
    In addition to managing Windows Azure via the web-based Management Portal, we also provide a Windows Azure PowerShell module for scripted management of Windows Azure services.  We’ll be using both the Management Portal and PowerShell in this series, so you’ll want to download, install and configure the Windows Azure PowerShell cmdlets to get prepared.
     
    - Download and Install the Windows Azure PowerShell cmdlets. Note that a restart may be required after installing this module.

    - Right-click on Windows PowerShell in your Start Menu or Start Screen and choose Run As Administrator.

    - Set the PowerShell Execution Policy for scripts by running the following command at the PowerShell command prompt:

         PS C:\> Set-ExecutionPolicy RemoteSigned

    Import the Windows Azure PowerShell module and supporting cmdlets by running the following command at the PowerShell command prompt:

         PS C:\> Import-Module Azure

    - Download and save your Windows Azure Publish Settings file by running the following command at the PowerShell command prompt:

         PS C:\> Get-AzurePublishSettingsFile

    - Import the saved Windows Azure Publish Settings file by running the following command at the PowerShell command prompt:

         PS C:\> Import-AzurePublishSettingsFile
                "full_path_to_saved_file.publishsettings"

Exercise 1: Register a DNS Server in Windows Azure

 Register the internal IP address that our domain controller VM will be using for Active Directory-integrated Dynamic DNS services by performing the following steps:
  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
     
  2. Select Networks located on the side navigation panel on the Windows Azure Management Portal page.
     
  3. Click the +NEW button located on the bottom navigation bar and select Networks | Virtual Network | Register DNS Server.
     
  4. Complete the DNS Server fields as follows:
     
    - NAME: XXXlabdns01
    - DNS Server IP Address: 10.0.0.4
     
  5. Click the REGISTER DNS SERVER button.

Exercise 2: Define a Virtual Network in Windows Azure

Define a common virtual network in Windows Azure for running Active Directory, Database and SharePoint virtual machines by performing the following steps:
  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
     
  2. Select Networks located on the side navigation panel on the Windows Azure Management Portal page.
     
  3. Click the +NEW button located on the bottom navigation bar and select Networks | Virtual Network | Quick Create.
     
  4. Complete the Virtual Network fields as follows:
     
    - NAME: XXXlabnet01
    - Address Space: 10.---.---.---
    - Maximum VM Count: 4096 [CIDR: /20]
    - Affinity Group: Select the Affinity Group defined in the Getting Started steps from the Prerequisites section above.
    - Connect to Existing DNS: Select XXXlabdns01 – the DNS Server registered in Exercise 1 above.
     
  5. Click the CREATE A VIRTUAL NETWORK button.

Exercise 3: Configure Windows Server Active Directory in a Windows Azure VM


Provision a new Windows Azure VM to run a Windows Server Active Directory domain controller in a new Active Directory forest by performing the following steps:
  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
     
  2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
     
  3. Click the +NEW button located on the bottom navigation bar and select Compute | Virtual Machines | From Gallery.
     
  4. In the Virtual Machine Operating System Selection list, select Windows Server 2012 Datacenter and click the Next button.
     
  5. On the Virtual Machine Configuration page, complete the fields as follows:
     
    - Version Release Date: Select the latest version release date to build a new VM with the latest OS updates applied.
    - Virtual Machine Name: XXXlabad01
    - New User Name: Choose a secure local Administrator user account to provision.
    - New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
    - Size: Small (1 core, 1.75GB Memory)
     
    Click the Next button to continue.
     
    Note: It is suggested to use secure passwords for Administrator users and service accounts, as Windows Azure virtual machines could be accessible from the Internet knowing just their DNS.  You can also read this document on the Microsoft Security website that will help you select a secure password: http://www.microsoft.com/security/online-privacy/passwords-create.aspx.
     
  6. On the Virtual Machine Mode page, complete the fields as follows:
     
    - Standalone Virtual Machine: Selected
    - DNS Name: XXXlabad01.cloudapp.net
    - Storage Account: Select the Storage Account defined in the Getting Started steps from the Prerequisites section above.
    - Region/Affinity Group/Virtual Network: Select XXXlabnet01 – the Virtual Network defined in Exercise 2 above.
    - Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
     
    Click the Next button to continue.
     
  7. On the Virtual Machine Options page, click the Checkmark button to begin provisioning the new virtual machine.
     
    As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning).  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.
     
  8. After the new virtual machine has finished provisioning, click on the name ( XXXlabad01 ) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
     
  9. On the virtual machine Dashboard page for XXXlabad01, make note of the Internal IP Address displayed on this page located on the right-side of the page.  This IP address should be listed as 10.0.0.4
     
    If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabad01, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.
     
  10. On the virtual machine Dashboard page for XXXlabad01, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machine form:
     
    - Name: XXXlabad01-data01
    - Size: 10 GB
    - Host Cache Preference: None
     
    Click the Checkmark button to create and attach the a new virtual hard disk to virtual machine XXXlabad01.
     
  11. On the virtual machine Dashboard page for XXXlabad01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined in Step 5 above.
     
  12. From the Remote Desktop console of XXXlabad01, create a new partition on the additional data disk attached above in Step 10 and format this partition as a new F: NTFS volume.  This volume will be used for NTDS DIT database, log and SYSVOL folder locations.
     
    If you need additional guidance to complete this step, feel free to leverage the following study guide for assistance: Windows Server 2012 “Early Experts” Challenge – Configure Local Storage
     
  13. Using the Server Manager tool, install Active Directory Domain Services and promote this server to a domain controller in a new forest with the following parameters:
     
    - Active Directory Forest name: contoso.com
    - Volume Location for NTDS database, log and SYSVOL folders: F:
     
    If you need additional guidance to complete this step, feel free to leverage the following study guide for assistance: Windows Server 2012 “Early Experts” Challenge – Install and Administer Active Directory
     
  14. After Active Directory has been installed, create the following user accounts that will be used when installing and configuring SharePoint Server 2013 later in this step-by-step guide:

    - CONTOSO\sp_farm – SharePoint Farm Data Access Account
    - CONTOSO\sp_serviceapps – SharePoint Farm Service Applications Account
     
    If you need additional guidance to complete this step, feel free to leverage the following study guide for assistance: Windows Server 2012 “Early Experts” Challenge – Install and Administer Active Directory
The configuration for this virtual machine is now complete, and you may continue with the next exercise in this step-by-step guide.

Exercise 4: Configure SQL Server 2012 in a Windows Azure VM


Provision a new Windows Azure VM to run SQL Server 2012 by performing the following steps:
  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
     
  2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
     
  3. Click the +NEW button located on the bottom navigation bar and select Compute | Virtual Machines | From Gallery.
     
  4. In the Virtual Machine Operating System Selection list, select SQL Server 2012 SP1 Enterprise and click the Next button.
     
  5. On the Virtual Machine Configuration page, complete the fields as follows:

    - Virtual Machine Name: XXXlabdb01
    - New User Name: Choose a secure local Administrator user account to provision.
    - New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
    - Size: Medium (2 cores, 3.5GB Memory)
     
    Click the Next button to continue.
     
  6. On the Virtual Machine Mode page, complete the fields as follows:
     
    - Standalone Virtual Machine: Selected
    - DNS Name: XXXlabdb01.cloudapp.net
    - Storage Account: Select the Storage Account defined in the Getting Started steps from the Prerequisites section above.
    - Region/Affinity Group/Virtual Network: Select XXXlabnet01 – the Virtual Network defined in Exercise 2 above.
    - Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
     
    Click the Next button to continue.
     
  7. On the Virtual Machine Options page, click the Checkmark button to begin provisioning the new virtual machine.
     
    As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning).  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.
     
  8. After the new virtual machine has finished provisioning, click on the name ( XXXlabdb01 ) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
     
  9. On the virtual machine Dashboard page for XXXlabdb01, make note of the Internal IP Address displayed on this page.  This IP address should be listed as 10.0.0.5
     
    If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabdb01, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.
     
  10. On the virtual machine Dashboard page for XXXlabdb01, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machine form:
     
    - Name: XXXlabdb01-data01
    - Size: 50 GB
    - Host Cache Preference: None
     
    Click the Checkmark button to create and attach the a new virtual hard disk to virtual machine XXXlabdb01.
     
  11. On the virtual machine Dashboard page for XXXlabdb01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined in Step 5 above.
     
  12. From the Remote Desktop console of XXXlabdb01, create a new partition on the additional data disk attached above in Step 10 and format this partition as a new F: NTFS volume. After formatting this new volume, create the following folders:
     
    1. Create F:\MSSQL folder
       
    2. Create F:\MSSQL\DATA folder
       
    3. Create F:\MSSQL\LOGS folder
       
    4. Create F:\MSSQL\BACKUP folder
  13. Open SQL Server Management Studio from Start | All Programs | Microsoft SQL Server 2012 | SQL Server Management Studio and update default folder locations to the F: volume.
    1. Connect to the SQL Server 2012 default instance using your Windows Account.
       
    2. Now, you will update the database's default locations for DATA, LOGS and BACKUP folders. To do this, right click on your SQL Server instance and select Properties.
       
    3. Select Database Settings from the left side pane.
       
    4. Locate the Database default locations section and update the default values for each path to point to the new folder paths defined above in Step 12.
       
    5. Close SQL Server Management Studio.
  14. In order to allow SharePoint to connect to the SQL Server, you will need to add an Inbound Rule for the SQL Server requests in the Windows Firewall. To do this, open Windows Firewall with Advanced Security from Start | All Programs | Administrative Tools.
    1. Select Inbound Rules node, right-click it and select New Rule to open the New Inbound Rule Wizard.
    2. In the Rule Type page, select Port and click Next.
    3. In Protocols and Ports page, leave TCP selected, select Specific local ports, and set its value to 1433. Click Next to continue.
    4. In the Action page, make sure that Allow the connection is selected and click Next.
    5. In the Profile page, leave the default values and click Next.
    6. In the Name page, set the Inbound Rule's Name to SQLServerRule and click Finish
    7. Close Windows Firewall with Advanced Security window.
  15. Using the Server Manager tool, join this server to the contoso.com domain and restart the server to complete the domain join operation.
  16. After the server restarts, connect again via Remote Desktop to the server’s console and login with the local Administrator credentials defined above in Step 5.
  17. Open SQL Server Management Studio from Start | All Programs | Microsoft SQL Server 2012 | SQL Server Management Studio and add the CONTOSO\Administrator user to SQL Server with the Sysadmin server role selected.
    1. Expand Security folder within the SQL Server instance. Right-click Logins folder and select New Login.
    2. In the General section, set the Login name to CONTOSO\Administrator, and select the Windows Authentication option.
    3. Click Server Roles on the left pane.  Select the checkbox for the Sysadmin server role.
    4. Click the OK button and close SQL Server Management Studio.
The configuration for this virtual machine is now complete, and you may continue with the next exercise in this step-by-step guide.


Exercise 5: Configure SharePoint Server 2013 in a Windows Azure VM


Provision a new Windows Azure VM to run SharePoint Server 2013 by performing the following steps:
  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
     
  2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
     
  3. Click the +NEW button located on the bottom navigation bar and select Compute | Virtual Machines | From Gallery.
     
  4. In the Virtual Machine Operating System Selection list, select SharePoint Server 2013 Trial and click the Next button.
     
  5. On the Virtual Machine Configuration page, complete the fields as follows:

    - Virtual Machine Name: XXXlabapp01
    - New User Name: Choose a secure local Administrator user account to provision.
    - New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
    - Size: Large (4 cores, 7GB Memory)
     
    Click the Next button to continue.
     
  6. On the Virtual Machine Mode page, complete the fields as follows:
     
    - Standalone Virtual Machine: Selected
    - DNS Name: XXXlabapp01.cloudapp.net
    - Storage Account: Select the Storage Account defined in the Getting Started steps from the Prerequisites section above.
    - Region/Affinity Group/Virtual Network: Select XXXlabnet01 – the Virtual Network defined in Exercise 2 above.
    - Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
     
    Click the Next button to continue.
     
  7. On the Virtual Machine Options page, click the Checkmark button to begin provisioning the new virtual machine.
     
    As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning).  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.
     
  8. After the new virtual machine has finished provisioning, click on the name ( XXXlabapp01 ) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
     
  9. On the virtual machine Dashboard page for XXXlabapp01, make note of the Internal IP Address displayed on this page.  This IP address should be listed as 10.0.0.6
     
    If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabapp01, and go back to Exercise 2,  Exercise 3 and Exercise 4 to confirm that all steps were completed correctly.
     
  10. On the virtual machine Dashboard page for XXXlabapp01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined in Step 5 above.
     
  11. In the Server Manager tool, click on Local Server in the left navigation pane and click on the Workgroup option.  Join this server to the contoso.com domain and restart the server to complete the domain join operation.
     
  12. After the server restarts, re-establish a Remote Desktop connection to the server and logon with the CONTOSO\Administrator domain user credentials defined earlier in Exercise 3.
  13. In the Server Manager tool, click on Local Server in the left navigation pane and select IE Enhanced Security Configuration.  Turn off enhanced security for Administrators and click the OK button.
     
    Note: Modifying Internet Explorer Enhanced Security configurations is not good practice for production environments and is only for the purpose of this particular step-by-step lab guide.
  14. On the Desktop, double-click on the SharePoint 2013 Products Configuration Wizard shortcut to launch the configuration wizard.  Click the Next button to continue. If prompted to start or reset services, click the Yes button.
  15. In the SharePoint Products Configuration Wizard, when prompted on the Connect to server farm dialog, select the option to Create a new server farm.
     
  16. On the Specify Configuration Database Settings, specify the following values for each field:
     
    - Database Server: XXXlabdb01
    - Username: CONTOSO\sp_farm
    - Password: Type the password specified when the sp_farm domain user account was created earlier in Exercise 3, Step 14.
     
  17. Click the Next > button and accept all other default values in the SharePoint Products Configuration Wizard.  Click the Finish button when prompted to complete the wizard.
     
  18. The SharePoint 2013 Central Administration web page should launch automatically.  When prompted, click the Start the Wizard button to begin the Initial Farm Configuration Wizard.
     
  19. When prompted for Service Account, type the CONTOSO\sp_serviceapps domain username and password specified when this account was created earlier in Exercise 3, Step 14.
     
  20. Accept all other default values and click the Next > button to continue.
     
  21. On the Create a Site Collection page, create a new top-level Intranet site collection using the following field values:
     
    - Title and Description: Enter your preferred Title and Description for the new site collection
    - URL: Select the root URL path – http://XXXlabapp01/
    - Select experience version:
    2013
    - Select a template: Publishing | Publishing Portal
     
    Click the OK button to provision a new top-level Intranet site collection. 
     
    After the new top-level Intranet site collection is provisioned, test navigating to the URL for this site collection from within the Remote Desktop session to the server.
     
  22. On the SharePoint 2013 Central Administration site, configure a Public URL alternate access mapping for accessing the new top-level Intranet site collection from the Internet.
     
    1. On the Central Administration site home page, click the Configure alternate access mappings link.
       
    2. On the Alternate Access Mappings page, click the Edit Public URLs link.
       
    3. On the Edit Public Zone URLs page, select and specify the following values:
       
      - Alternate Access Mapping Collection: SharePoint - 80
      - Internet: http://XXXlabapp01.cloudapp.net
       
      Click the Save button to complete the Alternate Access Mapping configuration.
       
  23. Close the Remote Desktop session to the server.
     
  24. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
     
  25. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
     
  26. On the Virtual Machines page, click on the name of the SharePoint virtual machine – XXXlabapp01.
     
  27. On the XXXlabapp01 virtual machine details page, click on Endpoints in the top navigation area of the page.
     
  28. Click the +Add Endpoint button in the bottom navigation bar of the page to define a new virtual machine endpoint that will permit HTTP web traffic inbound to the SharePoint virtual machine. 
     
  29. On the Add an endpoint to a virtual machine form, select the Add Endpoint option and click the Next button to continue.
     
  30. On the Specify the details of the endpoint form, specify the following field values:
     
    - Name: WebHTTP
    - Protocol: TCP
    - Public Port: 80
    - Private Port: 80
     
    Click the Checkmark button to create a new endpoint definition that will permit inbound web traffic to the SharePoint virtual machine.
     
  31. After the endpoint configuration has been successfully applied, test browsing to the following public URL to confirm that you are able to access the Intranet site collection that is configured on SharePoint:
     
    - URL: http://XXXlabapp01.cloudapp.net
The configuration for this virtual machine is now complete, and you may continue with the next exercise in this step-by-step guide. Be sure to shutdown your lab VMs from the Windows Azure Management Portal when not in use to save on compute charges.




Thursday 10 July 2014

CRM 2013 Exchange Synchronization

Untill version 2013 of Dynamics CRM we had two ways to processing incoming and outgoing email on CRM:
  • CRM Email Router
  • CRM Outlook Client
With Dynamics CRM 2013 the Asynchronous service now provides server-side Exchange Synchronization so there is no need for the old component, even due they are still exists. The Exchange Synchronization allowing users to:
  • Process outgoing emails
  • Process incoming emails
  • Synchronize contacts, tasks and appointments
  • Automatically tracking emails based on Correlation rules (smart matching or/and tracking token)
On this post I will walk-through how to set up Exchange synchronization with Dynamics CRM 2013, here is an overview of the steps:
  1. Set up an IIS self-signed certificate (it requires SSL)
  2. Configure Exchange Impersonation
  3. Create and configure a CRM 2013 Exchange profile
  4. Configure User Mailboxes
  5. Configure CRM global Email Settings
  6. Test synchronization
  7. Design Overview
  8. known issues
  9. Summary and References
Before we start configuring CRM 2013 with exchange we need to have in-place HTTPS. We just need a self-signed certificate generated by IIS to get us going.

Step 1 :
  Self-signed Certificate To generate the certificate open IIS and highlight the server name and double click Certificates
  • On the right-hand side click on Self-signed certificate
  • Give it a Name (I call it MyCertificate) leave Personal and click OK
  • You should see the certificate listed on the list:
  • Next step is to bind the Dynamics CRM website to HTTPS (443) Highlight the Dynamics CRM web site under sites and on the right-hand side chose Bindings. The below window opens and on the type field you choose HTTPS  this will enable the SSL certificate field to choose a certificate and we choose the MyCertificate, click OK

Step 2: Exchange Account Impersonation
Before we start Configuring profiles in CRM we want to make sure CRM service account has impersonation rights on the Exchange side to do this we run the following PowerShell command: Exchange 2010 New-ManagementRoleAssignment -Name “” -Role:ApplicationImpersonation -User “<service_account>” For example: New-ManagementRoleAssignment -Name “CRM ExServiceAcc” -Role:ApplicationImpersonation -User crm13.service Exchange 2007 Get-MailboxServer “<mailbox_server_name>” | Add-AdPermission -User “<service_account>” -AccessRights ExtendedRight -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation The second PowerShell command requires the Distinguished Name (DN) of the Microsoft Client Access Server (CAS).   To enable impersonation rights on a single Microsoft CAS server use the following command:   Get-ClientAccessServer -Identity “<cas_server_name>” | Add-AdPermission -User “<service_account>” -ExtendedRights ms-Exch-EPI-Impersonation
Step 3 :
Configuring CRM Exchange Profile With the https binding in-place navigate to CRM using https://server/organization and settings > Email Configuration Click on Email Server Profiles and then New Exchange Profile:
Fill in the details as per the below screenshot, you could use auto-discovery if it’s working okay for you, I have tested in my environment and worked perfectly. The service account we specified has been given server-wide impersonation. I’ve named the profile UK Mailboxes if you have users across different countries and exchange servers located on these sites you should create multiple profiles with the corresponding Exchange servers.
Leave the Advanced settings as they are:   Navigate to Mailboxes and on the Ribbon choose Add Existing Mailbox, by default every user created or imported during an organization import it’s automatically generated a mailbox in the system, so when you click add existing mailbox the system will list all available user accounts.
  •  
  •  

 Step 4 :
Configuring Mailboxes At this stage we have created an Email Server Profile and added 2 mailboxes, lets double click on one of the mailboxes: Change the: Server Profile: UK Mailboxes (the profile we just created) Incoming Email: Server-Side Synchronization or Email Router Outgoing Email: Server-Side Synchronization or Email Router Note: on the configuration test results you should see Not Run instead of Success the screenshot was taken after the configuration was completed
  •  
Approve the Email and then click on Test & Enable Mailbox: You then get the following alert message on the mailbox profile:
Click on Alerts and in a few seconds you will see the following messages coming up:
  •  
This means all checks completed successfully and you ready to test it in Outlook. If you look back at the Mailbox General tab you should now see the Configuration test results as Success. During this test a test email is sent to your Inbox: This is a test message to check the outgoing email configuration for [User].
Step 5 :
CRM Global Email settings Before we start the Outlook test, lets first look at the CRM Global Email settings navigate to: Settings > Administration > System Settings Go to the Email Tab, on this section there are a number of important settings that you should think from a design phase rather than implementation. Configure email processing: here you define which default method you want to process users email as it says if you choose Server-Side it will block Email Router. As we want to test server-side synchronization choose server-side instead of Email router. Configure default synchronization method: This will define users profile preferences and this is very important from a design perspective because will avoid duplicating work. If all your users are in UK you can default a server profile to UK Mailboxes, if you have users across different countries you could still define a default Email Server Profile using auto-discovery and then workout manually any specific users that require a manual Server Profile. On the incoming, outgoing email and appointments, contacts and tasks default this to Server-Side synchronization or Email Router this will make sure it can use both.
  •  
Below you define if you should only process emails for approved users, this means if email processing is not a sensible subject in your implementation then I would recommend you untick this boxes because it removes an extra click on the configuration steps as we have seen above.
  •  

Step 6 : Test Synchronization
You ready to test the exchange synchronization create one appointment in CRM and include as required yourself and another CRM user fill in the other details and SAVE in a few minutes if all works well a meeting request is received in Outlook by all users.
To test sending emails confirm that on the Configure Email processing in the Global email settings is set to server-side synch, send an email to someone from CRM and ask that person to reply back, you should see the email tracked automatically in CRM.

Monday 21 April 2014

CRM 2011 IFD Multi-Tenency Migration Tips


Following on from that we tested the migration from CRM 4.0 hosted CRM instillations to the newly configured test environment for CRM 2011.
We ran into a few problems (and a few things we did not know) and thought others may benefit from this.

CRM Migration

The process was reasonably simple for us and for that reason we will just list the steps.
  1. Backup the CRM 4.0 database to file.
  2. On the new CRM 2011 SQL server, perform a normal SQL database restore from the backup file.
  3. Use the CRM 2011 deployment tool to “Import and Organisation”. Specifying the obvious settings for the database selection and user mapping. (In our case, we were on the same domain, so user mapping was easy).
All this worked well, but there were a few problems when we went to browse the new Org from outside the server. In other words, using the IFD to access the org.
Internally the org was accessible with https://internalcrm.domain.com/orgname  but external access: https://orgname.domain.com:xxx  failed.

The Problems

First one
Was simple but only because we have seen it before. Originally we had accessed the org from our IE 9 browser with https://org.domain.com and accessed the CRM 4.0 IFD. Actually we used it for over a year.
Now we wanted to use the new IFD on CRM 2011, but on the same browser. We found when going to: https://org.domain.com:444 that the browser was not even rendering the request for user name and pass that we expected:

The IE failure gave no message or indication of why. Basically a 404 failure to hit anything useful.
Yet in another “real browser” (not IE) we could at least get prompted for user and pass info.
The Cause
IE really sucks with clearing old data. The delete all / clear cache / remove cookies appears on the outset to dump everything, but it does not. In our case, it cached something from the previous connection to CRM 4.0 that was killing our access. We then also deleted data in “C:\Windows\Temp”  Can’t explain what the cause is… I would just rather put it down to the fact that IE 9 “blow chunks” (big ones).
The solution is to manually navigate to the Temporary Internet Files directory under Windows, and manually delete everything you find in there. That fixes the page rendering issue.
More information here: http://www.interactivewebs.com/blog/index.php/crm/crm-2011-server-error-404-file-or-directory-not-found/
The Second One
Second, we entered a user name and pass, and received a message:
There was a problem accessing the site. Try to browse to the site again. If the problem persists, contact the administrator of this site and provide the reference number to identify the problem. Reference number: numbers
There was a matching set of AD FS 2.0 Event Logs that looked like this:
image
A token request was received for a relying party identified by the key ‘https://org.domain.com:444/default.aspx’, but the request could not be fulfilled because the key does not identify any known relying party trust.
Key: https://org.domain.com:444/default.aspx
This request failed.
User Action
If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.
and
Encountered error during federation passive request.
Additional Data
Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust ‘https://org.domain.com:444/default.aspx’ is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

The solution

An easy one, but something we did not know. With CRM 2011 in IFD. Each time you add an org, you need to update your Relying Party Trusts from Federation Metadata. Big words that mean…
  1. Open AD FS Management Tool
  2. Expand Trust Relationships
  3. Click on Relying Party Trusts
  4. Click on you IFD Trust, Right Click and Select Update From Federation Metadata
image
I have no idea why this is not automatically updated every time the service starts, or even every time the service is called upon….

 

CRM 2011 Email Router Setup and Settings



Often with the setup of CRM 2011. Users experience messages about Pending e-mail warning and sometimes email messages are not sending.
This can be especially frustrating as both the CRM email queuing and tracking system and the Email router application are terrible to help you understand exactly what is going on with your CRM e-mail.
We mentioned some of the issues we have experience here:
http://www.interactivewebs.com/blog/index.php/server-tips/crm-2011-email-router-problemsshes-a-fickle-bitch/

Here are some basic setup tips for email in Microsoft CRM 2011

1. Out of the box, CRM does not send email messages. You need to configure an application known as CRM 2011 Email Router to have email messages send.
2. You also need a working SMTP (email server) that is configured to allow the relay of email messages from email accounts at your domain name. This can be achieved with Amazon SES message service or your own servers. We can assist you setup Amazon SES if you need assistance with this.
3. You should install and configure your Email Router. Some notes to help you may include these: http://www.interactivewebs.com/blog//?s=email+router

Recommended email settings in CRM 2011

1. Out of the box. CRM will only be able to send email messages to leads, contacts, and accounts. Until you change this setting found in the Admin / System Settings in CRM.
image
2. Avoid delayed email messages in CRM by Approve Email Address. In the Administration / Users. Go into each user and approve the configured email address.
image
There is a view of users who are Pending Email address approval to help identify who is needing approval.
image
Also uncheck the option for Process emails only for approved users and process email only for approved queues. Administration / System Settings.
image

3. Configure users email settings to use the email router for outbound email messages. (optionally inbound configuration too).
image
Our recommendation is to set the outbound processing for the email router. This will allow emails generated by the crm system to be delivered right away via the email router. This also means that you do need to install and configure the email router.
The above settings can be set automatically for all users by the use of a simpler out of the box workflow that runs on create of new users.
image
4. The next setting is recommended. Knowing that email can be tracked in CRM with the outlook client:
image
Email messages can automatically be tracked too.
image
5. The all powerful features of creating contacts in CRM when and email address is not known.
image
This is a great way to automatically get more leads or contacts (depending on your business) in crm. And depending on your business can also be a great way to pollute your crm full of contacts or leads that you don’t want.

Troubleshooting Tips

To troubleshoot an E-mail Router outgoing profile configuration, follow these steps:
  1. Make sure that you follow the incoming profile configuration procedures in the E-mail Router Configuration Manager Help.
  2. For more information about how to configure an incoming profile, see the E-mail Router configuration information in the latest version of the Installing Guide that is included in the Microsoft Dynamics CRM 4.0 Implementation Guide.
  3. Refer to the following sections for information about how to resolve commonly encountered outgoing profile issues.
Test Access error
If there is a problem with your outgoing e-mail configuration, you may receive the following error message when you click Test Access on the E-mail Router Configuration Manager:
“Outgoing status: Failure – An error occurred while checking the connection to e-mail server EXSERVERNAME. The requested address is not valid in its context”
If you receive this message, follow these steps to troubleshoot the problem:
  1. Run a telnet command to verify that connectivity is functioning between the computer that is running CRM Router and the Exchange Server. For example, start the TELNET utility and enter the following command:TELNET EXSERVERNAME PORT
  2. Make sure that you have no antivirus services running on the Exchange Server computer that prevent connection by using port 25.
  3. For information about how to configure the SMTP server to allow relay messages from Microsoft Dynamics CRM, see KB article 915827.
E-mail error when message sent from the Web application
Symptom: When a user sends an e-mail message by using the Web application, the user might receive one of the following messages:
This message has not yet been submitted for delivery. 1 attempts have been made so far.
The message delivery failed. It must be resubmitted for any further processing.
Resolution: For information about how to resolve this issue, see KB article 915827.
Load Data error
When you click Load Data in the E-mail Router Configuration Manager, you receive the following error:
The E-mail Router Configuration Manager was unable to retrieve user and queue information from the Microsoft Dynamics CRM server. This may indicate that the Microsoft Dynamics CRM server is busy. Verify that URL ‘http://OrganizationName‘ is correct. Additionally, this problem can occur if the specified access credentials are insufficient. To try again, click Load Data. (The request failed with HTTP status 404: Not Found.)
To resolve this problem, follow these steps:
  1. Make sure that the user account that is running the E-mail Router Configuration Manager service is a member of the Active Directory PrivUserGroup security group.
  2. The account that is specified in the Access Credentials field on the General tab of the E-mail Router Configuration Manager must be a Microsoft Dynamics CRM administrative user. If the access credentials are set to Local System Account, the computer account must be a member of the Active Directory PrivUserGroup security group.
  3. Make sure that the URL is spelled correctly. The organization name in the URL field is case-sensitive and must be spelled exactly as it appears in the Microsoft Dynamics CRM server. To view the organization name as it appears in the Microsoft Dynamics CRM server, start the Web application. The organization name appears in the upper-right corner of the application window.
  4. The DeploymentProperties table may have incorrect values if you have modified the port or hostheaders on your Web site. To update the DeploymentProperties table see, KB article 950248.

Pending Email warning

image
On the Email Router, configure:
1. Check event view for Email Router related errros
2. Change the send email
3. Restart CRM email Router service
4. Reduce the pooling time and conneciton timeout
image

Automatically Resending Failed Email Messages

The Advanced find can be used to find email messages that have not sent. A workflow can also be created to resend messages automatically. However constant failures is going to indicate a problem some other place. So the use of this automatic workflow should not be introduced in place of fixing your sending issues.
Steps to create the workflow to re-send failed e-mails:
1. Create a new Workflow in CRM | Processes on the E-mail entity
image
2. Set the workflow to be Available to Run “As an on-demand process”, Change the scope to Organization and uncheck “Record is created”.  This will make the workflow available to run On-Demand, function for all e-mails in the organization and also not run when every time a new e-mail is created as we just want to use this when needed on specific e-mails.
image
3. Click “Add Step” and choose “Change Status”
image
4. Set the E-mail to a status of “Pending Send”
image
5. Click Save and then Activate in the toolbar.  Click ”OK” to the message to confirm you want to Activate the workflow and then click “Close” on the workflow.
image
Advanced Find to see how many e-mails are in a failed status:
1. Open Advanced Find by clicking the “Advanced Find” button in the CRM ribbon
image
2. Select “E-mail Messages” in the Look For option set and then select “Status Reason” and set it equal to “Failed”. Then click the Results button in the Advanced Find ribbon.
image
3. You can refine the results using the filter criteria from here as well in case you do not want to re-send all of the e-mails. Once you are done, multi-select the e-mails you want to re-send and then click the “Run Workflow” button in the CRM ribbon.
4. Select the e-mail workflow that you created using the steps above and click OK.
The workflow will then run and change the status of all the e-mails you had selected back to “Pending Send”.  This is an asynchronous process, so it may take a few minutes depending on your current asynchronous workload in CRM.  Then the CRM e-mail router will process them again and send them out through SMTP as expected.