Tip #179: How to change CRM Online password

Concerned about bleeding heart’s effects and decided to change your CRM password from pass@word1 to something a bit more robust? Nothing could be easier, right? Right, unless you are not an administrator and you have only CRM license assigned in which case instructions do not apply simply because mentioned menu is not there!

“Easy”, say you, “I’ll just go to https://portal.microsoftonline.com“. Since you do not have anything but CRM license, you will be redirected straight to your CRM home page. Same applies to https://portal.office.com.

“Well”, say you, “I’ll just open my user record in CRM and follow the admin link”:
Demo user account record in CRM

Since you are not an administrator, everyone is very sorry:
Sorry, we can't process your request.

The solution? Just bookmark the following URL:

https://portal.office.com/EditProfile15.aspx

Not guaranteed to work forever but it does work at the moment.

Tip #178: Do you know what a wildcard is?

From time to time I discover that not everyone on this planet knows what the wildcard is or how to use it. Just the other day I overheard a conversation between two [reasonably advanced] business users that went along the lines:

I was looking for this guy in our CRM but couldn’t find him. I remember his name has “Dumble” in it but I’m not sure if we recorded Dumbledore or van Dumbledwarf or something else. But I learned how to use OR condition in Advanced Find so I’ll use that to locate his record.

Please.

Just type *dumble into the search box.

When you use asterisk in your search string it acts as a wildcard, i.e. it means any number of any characters. Simple yet infinitely useful. Few things to remember:

  • You can use any number of asterisks mixed with characters. For example, if you forgot the area code and are unsure if phone number was formatted as 80238029 or 8023 8029, just type *8023*8029 – that will cover for any area code and any characters (or none) separating the numbers. Going wild, as in *8*0*2*3*8*0*2*9, will cover pretty much any formatting. Beware that wildcard matches digits as well so you may accidentally match (802)36668029, for example.
  • Wildcard at the end of the string is implied, i.e. there is no difference between searching for *Lebowski or *Lebowski*, both will find “Big Lebowski, The Dude” just fine (including “Small Lebowski, Not The Dude” in the process).
  • Wildcard can be used in any search box including quick find, search box in lookup dialogs and lookup control itself – just type *sample in any account lookup field, press tab and let lookahead feature to figure out if you have any accounts with a word sample in the name!
  • It will apply to all attributes selected for search in quick search system view definition. Type *@microsoft.com to quickly find all contacts with email address from Microsoft.
  • As with any potent weapon, experimenting is the best way to learn how to use the wildcard efficiently.

Tip #177: Understand “First Response Sent” for SLA

When you use the new SLA functionality introduced in Dynamics CRM 2013 SP1, it is important to define your success criteria correctly. the success/failure of an SLA is definable per SLA. It can be single field condition or a combination of multiple field values.

A common SLA is time to first response. For example, high priority cases should be responded to within 3 hours. There is a new field called “first response sent” that can be used to record when the first response is logged, but there is nothing magical about this field, and there is nothing that automatically sets this field to “completed.”

If you wish to use this field (or any other field to indicated completion of the first response), a workflow or plugin can be used to automatically set the “First Response Set” to “Completed.” You will need to define what “first response” means to you. Is it the first completed phone call? The first note? You can define any type of event and have it mark the first response sent as “completed.”

A word of caution though, you probably don’t want to make the first email sent regarding the case to set the “First Response Sent” field if you have a workflow process that automatically sends an email to the customer when the case is created.

Thanks to Dana Martens and Shan McArthur for this tip.

Tip #176: Adminless traceless troubleshooting

tl;dr

When users are presented with a generic error message, URL in a browser address bar sometimes contain enough details about the error to determine the actual cause.

How to fish

“An error has occurred.” How wonderful. We all have seen it at one point of our CRM lives or another.

No administrators allowed

Users unable to login, and instead presented with this message. Note that there are no references to send more information to Microsoft, no option to download the log file. Try again or get out. (I’m not sure why did anyone even bother to add Try Again button, like that ever worked.)

So what is going to happen if you decide to stop using this dialog as an excuse to attend to your facebook page and contact system administrator (presumably, you have one of those)? Troubleshooting of generic messages like this one usually involves setting up a trace on CRM server(s), capturing errors, analyzing, drinking lots of coffee, etc. Depending on size of your company and your relationship with administrator it may take a day or two. Or a week. Or a month. Don’t call us we’ll call you. Troubleshooting, in short.

Surely, there must be a better way and on this occasion there is! Let’s have a close look at the URL:

https://auth.foobar.com/_common/error/errorhandler.aspx?BackUri=https%3a%2f%2fadfs.foobar.com%2fadfs%2fls%2f%3fwa%3dwsignin1.0%26wtrealm%3dhttps%253a%252f%252fcrm.foobar.com%252f%26wctx%3drm%253d1%2526id%253db6f1f7e4-2178-4e23-8344-4a39cae5b2c1%2526ru%253dhttps%25253a%25252f%25252fcrm.foobar.com%25252fdefault.aspx%26wct%3d2014-07-10T11%253a12%253a44Z%26wauth%3durn%253aoasis%253anames%253atc%253aSAML%253a1.0%253aam%253apassword&ErrorCode=&Parm0=%0d%0a%0d%0aError%20Details%3a%20ID1044%3a%20An%20encrypted%20security%20token%20was%20received%20at%20the%20relying%20party%20which%20could%20not%20be%20decrypted.%20Configure%20the%20relying%20party%20with%20a%20suitable%20decryption%20certificate.%20Current%20relying%20party%20decryption%20certificate%20info%3a%0a%5bThumbprint%5d%2074864195002BC54673D5D31A852B494D02548DF2&RequestUri=%2fdefault.aspx&user_lcid=1033

And after plonking this monstrosity into one of the online decoders:

https://auth.foobar.com/_common/error/errorhandler.aspx?BackUri=https://adfs.foobar.com/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fcrm.foobar.com%2f&wctx=rm%3d1%26id%3db6f1f7e4-2178-4e23-8344-4a39cae5b2c1%26ru%3dhttps%253a%252f%252fcrm.foobar.com%252fdefault.aspx&wct=2014-07-10T11%3a12%3a44Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword&ErrorCode=&Parm0=

Error Details: ID1044: An encrypted security token was received at the relying party which could not be decrypted. Configure the relying party with a suitable decryption certificate. Current relying party decryption certificate info:
[Thumbprint] 74864195002BC54673D5D31A852B494D02548DF2&RequestUri=/default.aspx&user_lcid=1033

It looks like AD FS server receives an encrypted request from CRM to authenticate but certificate to decrypt the request cannot be found. Quick check of the certificates on the AD FS server and, lo and behold, some smart administrator installed a replacement certificate but re-configured neither AD FS nor CRM servers. Easy to fix by repeating claims & IFD configuration process.

Lesson: before running for help to the community, your system administrator or, gosh, Microsoft, just have a look at URL. If it’s all foreign to you, at least copy URL and send it to your administrator as part of the problem reporting. Unless, of course, all you want to do is to get back to that facebook page.

Tip #175: Miscellaneous privileges with multiple access levels

We are all familiar with the record privileges in Dynamics CRM. User-owned entities have 5 access levels (None, User, Business Unit, Parent: Child Business Units, Organization) while organization-owned entities have only two of those (Go/No Go). Then there are miscellaneous privileges and training documentation states that (highlight is mine):

Each Security Role also includes miscellaneous privileges that relate to application features, such as Print, Merge, Export to Excel and Go Offline. These privileges have only two levels that represent an on or off setting because these privileges do not relate to records, they apply to features globally.

That’s where it gets interesting because some of the miscellaneous privileges can have more than two levels. It opens some additional opportunities to fine-tune security of your CRM implementation. For example, consider Send Email as Another User privilege
Send As Privilege
The level can be set to Business Unit, Parent: Child Business Unit or Organization (naturally, user always has ability to send as themselves). For example, managers can have ability to send on behalf of users in their Business Unit only while CTO can be allowed to pretend to be just about anybody in the system.

Other interesting privileges include ability to override product pricing on quotes, invoices, etc. For example, you can allow user to override product pricing of their quotes, but not anyone else’s.

The full list of miscellaneous privileges that can have multiple access levels:

Tab in role editor Roles with multiple access levels
Core Publish Duplicate Detection Rules
Marketing Configure Internet Marketing module
  Use internet marketing module
Sales Override Invoice Pricing
  Override Opportunity Pricing
  Override Order Pricing
  Override Quote Pricing
Busines Management Assign manager for a user
  Reparent team
  Send Email as Another User
  Approve Email Addresses for Users or Queues
  Assign Territory to User
  Enable or Disable User
  Reparent user
Customization Activate Real-time Processes

Tip #174: Replace standard system dialogs

Dynamics CRM includes some system dialogs that are very useful, but cannot be customized. Some of these include close opportunity, resolve case, and others.

Let’s say that you want to use the close opportunity button, but you don’t want to record revenue using the actual revenue field. Having users use the standard opportunity close dialogs may confuse users, as they are forced to populate a value for actual revenue.

While these dialogs cannot be customized, one way to achieve a customized dialog is by hiding the system button and adding a custom button that calls a custom dialog process.

First, create a dialog that mimics the behavior and constraints of the system dialog. For example, in the case of the close opportunity dialog, the opportunity cannot be closed if there are any open quotes related to the opportunity. Fortunately, the dialog “query CRM” function allows me to query CRM and see if there are any open quotes related to the opportunity, and if there are, display a message and stop the dialog.

dialog1

The really great thing is this gem of a feature in dialogs enables us to add additional constraints. Say I don’t want to allow opportunities to be closed unless there are related opportunity products. I could easily add additional constraints.

Bonus tip: To create a notification in a dialog, add a page and add a prompt, but choose “None” for Response Type. This will display the message to the user without asking them to type a response. Basically a label with no field.

Next, add the page for your close dialog form,  and add prompts for the fields that you want to appear on the dialog form.

Then, add an update record step to update the opportunity using the values specified in the dialog, then a step to change record status to the appropriate status.

Once your dialog is complete and published, use the Ribbon Workbench to hide the standard system button.

Finally, follow these instructions to add a custom button to call your new close dialog.

Notes and disclaimers:

  • The custom dialog will work in all user interfaces except for the CRM for tablets app.
  • The standard opportunity close process also creates an opportunity close activity during the close process. In many cases, users don’t actually see or use these activities, so my simplified close dialog simply closes the opportunity. If you use opportunity close activities, you will want to modify the above process.
  • One challenge is mapping a custom status reason option set in the custom dialog to the change status step. So to mimic the standard behavior of users selecting the reason won or reason lost during the dialog, I created a custom status reason picklist and use a series of branched check condition steps to close with the selected status reason. This is somewhat tedious, especially if you have many status reasons. If anyone knows of a way to map a dialog picklist to a status change step, we will feature your tip prominently on the best CRM tip blog on the internet.

Tip #173: Don’t disable quick create for standard entities

During a recent deployment, users started seeing the following error in CRM for Tablets when creating opportunities.

errortablet

The curious thing about this error was that it did not happen in any other interface, and only happened in the tablet app when creating records. Viewing existing records did not give us this error, and app traces gave no additional details.

Working with Microsoft support, it was determined that we were seeing the error because we had disabled “quick create” on the Opportunity entity.

After updating the quick create form for Opportunities to include all of our key fields and re-enabling the entity for quick create, users could once again create opportunity records from the tablet app.

Lesson learned: Don’t disable quick create on standard system entities if those entities are used via the tablet app. it expects quick create to be there.

Tip #172: Easy forecasting with Dynamics CRM

Dynamics CRM deployment can amass vast quantities of data, both relevant and irrelevant. If this information is not used, it’s a burden on your infrastructure (on premises) or your wallet (online), and a dead weight for your business. It’s important to know or, at very least, have appreciation of forecasting techniques, for example, as demonstrated by our resident tipster .

Sometimes the job can be accomplished more effectively with the use of lesser known and documented Dynamics CRM features. Recently I uncovered one of these hidden gems. Want to know what is going to happen tomorrow in your business? Just use audit logs!

I can see the future!

Almost forgot. Dear lawyers, have a nice day!

CRM Tip of The Day (the “website”) takes no responsibility whatsoever for any loss or damage, cost or expense (either directly or indirectly) incurred by individuals or businesses resulting from any error, omission or misrepresentation in any information contained within this web site. Unless stated otherwise, all information on this web site is supplied without any warranty, condition or other term as to the quality of any information, product or service, or their suitability for any particular purpose. Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements. The website is not liable to you or anyone else for any loss of income, profit, business contracts or goodwill or any indirect or financial loss suffered whether arising in negligence or otherwise arising in connection with information provided or use of this web site. The content of the pages of the website website are for your general information and use only. It is subject to change at any time and without notice. Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose.

Tip #171: If email router is having a slow day or how to add custom index

Sometimes things are slow. Very. Slow. So slow that your email router starts spitting dreadful messages:

#9628 – An error occurred while delivering the e-mail message with subject “None of your business” in mailbox foo@bar.baz for delivery to https://crm.bar.baz. System.ServiceModel.FaultException`1 [Microsoft.Xrm.Sdk.OrganizationServiceFault]: SQL timeout expired. (Fault Detail is equal to Microsoft.Xrm.Sdk.OrganizationServiceFault).

If you are on CRM Online, contact support, not much else you can do. On premises, however, it’s a different story. The most important bit of the message is highlighted.

tl;dr

If your email router keeps generating SQL Timeout errors, and you have a large number of email records (YMMV but think millions not thousands), then try adding the following index to EmailHashBase table:

CREATE NONCLUSTERED INDEX [indx_router] 
   ON [dbo].[EmailHashBase] 
(
	[ActivityId] ASC,
	[HashType] ASC
) ON [PRIMARY]

Longer version or how to fish

SQL timeout means we can skip CRM tracing and go straight to SQL Profiler.

  1. Start SQL Profiler, select T-SQL template. Make sure all columns are available, set database filter to your foobar_MSCRM database only to reduce noise. If possible, also filter the user by setting a condition on the account used to run email router.
  2. Ready? Start the trace, restart email router service (to force the operation without waiting for the polling interval). Keep your eye on the log, the moment you get the error message, stop SQL trace
  3. Now you have a massive trace to work with (your definition of “massive” may vary). What I usually do is go through the trace, select and copy bunches of select statements, paste into a SQL query window and run
  4. Sooner of later you’ll find a statement that just hangs. In my case it was something like 
    WITH Candidates
	 (
		  ActivityId
	 ) AS
	 (SELECT  ActivityId
	 FROM     EmailHashBase WITH (NOLOCK)
	 WHERE    ActivityId IN
		(SELECT  ActivityId
		  FROM   EmailHashBase WITH (NOLOCK)
		  WHERE    HashType = 0
		           AND Hash IN (-101500970,-295814632)
		  GROUP BY ActivityId
		  HAVING   COUNT(ActivityId) >= 3
		)
		  AND HashType = 1
		  AND Hash IN (-248594596,-742304120)
	 GROUP BY ActivityId
	 HAVING   COUNT(ActivityId) >= 2
	 )
SELECT   TOP 1 a.ActivityId
FROM     ActivityPointerBase AS a WITH (NOLOCK)
WHERE    a.ActivityId IN
		 (
		 SELECT ActivityId
		 FROM    Candidates AS c
		 WHERE(
			(SELECT COUNT(*)
			   FROM    EmailHashBase AS h
			   WHERE   h.ActivityId = c.ActivityId
			       AND h.HashType   = 0
			) <= 3
		    ) 
		 )
ORDER BY a.ModifiedOn DESC
go
  5. That’s where you need to possess some SQL skills or get someone who does. Find which part is exactly slow, check the execution plan, look at where clauses and indexes, think. What was suspicious in my case is that EmailHashBase table had over 2 million records but the only helpful index was on ActivityId and HashType condition for some reason pushed SQL to an index scan.
  6. After adding a new combined index on ActivityId and HashType, the entire statement execution dropped from few minutes to under 1 second. And the router was happy again.

So here you have it. Measuring your SQL Server performance, identifying bottlenecks (specific to your schema and deployment) and tackling them by either throwing more hardware at the problem or by doing some troubleshooting, is a very important part of all on premises installations. And the best part of adding custom indexes is that it’s 100% supported.

Tip #170: There is no queue like a business queue

When user wants to add item to a queue, the default view used to perform the lookup is the “Business Queues” view.
Business Queue View
Don’t try to look it up in customizations – it’s not there and seems to be hard-coded. Not only that, it’s not documented anywhere [I could find] making it extremely difficult to understand what is it, how to deal with it and how to explain it to the end users.

Not for the first time, SQL Server Profiler and troubleshooter’s hunch to the rescue.

Business queue is a queue that is assigned as default to neither users nor teams.

Here you have it. I understand why it’s not defined as a system view – it’s one of those – impossible to define in Advanced Find. If you have a queue that does not show in Business Queues view (typically after the upgrade from 2011), just find and remove link to it from the teams or users using it as a default. In other words, find users and teams that have field Default Queue linked to the queue in question and set it to null.