Setting up Dynamics 365 Data Export Service requires a Azure KeyVault to be set up which is typically done using a PowerShell script which can be found in the Data Export Service setup wizard. However, if you run into issues setting this up, it might be easier to do this directly in Azure by minimizing the steps of the scripts. This was a tip that my friend and Business Solution MVP Scott Durow recommended. He mentions this in his very instructive video, but doesn’t actually show how, so I thought I’d just detail how I made it work.
First some background. The reason why I even started investigating how to do this manually was that when I tried running the PowerShell script supplied by Microsoft in the wizard.
|Press the “i” icon to get a window containing the PowerShell Script that Microsoft recommends for setting up the Key Vault.
When running the PowerShell script both as myself (not a global admin) and asking a global admin to do it, it failed in the latter parts. The key vault was created by some of the access policies seemed to be missing and it just didn’t work. My users rights in Azure was Contributor in the Resource Group, and it was a bit interesting cause the global admin and I got different error messages, but when I finally managed to create the key vault manually, I could do it all with my user, so it didn’t seem I was missing any rights to do it.
First step is to make sure you have all your data straight. The power shell script is good for this. Check out Scott clip if you want to know how to find the different strings. He shows it very clearly.
Just copied from the PS-Script:
$subscriptionId = '<subscription ID>'
$keyvaultName = 'MyVault'
$secretName = 'MySecretName'
$location = 'North Europe'
$connectionString = 'Server=tcp:<db-name>,1433;
Persist Security Info=False;
$organizationIdList = '<DYN365GUID>'
$tenantId = ‘<AZURE TENANT ID>‘
The highlighted parts have to be replaced by your settings. I will use these variables to have something to reference to further in this article.
|Search for Key Vault and add the “Key vault”, the top one in this picture
Then we have to set it up. Not so tricky if you have worked with Azure before. Consider if you want to work in an existing Resourcegroup or if you want to create a new one. Typically you need to have Azure SQL services running as well so it might be good to keep them all together to be able to see the costs and control who has access why a resource group might be a good idea. But that should hence already exist. If not, you can create it. I would recommend keeping Azure SQL and Key vault in the same, not sure if it actually works in different resource groups, probably does, but I haven’t tested.
|Creating the key vault – in this case I am creating a new resource group, normally it would already exist
Azure will add you as the default principal with access to the key vault. We will add Data Export Service to this later. For now, just create it.
Now we need to open the Key vault and select the “Secrets” section in the menu on the left hand side and press the button:
Then you have to enter you Secret name ($secretName) and the connection string ($connectionString) into the value.
|Creating a secret – $secretname in Name and $connectionstring in Value
You should now return to the previous screen and see a row for your secret.
It should open the settings panel for the Secret, press the “Tags” part which is located in the middle and add a tag which has $OrgIdList ($organizationIdList) as the key and Tennant ($tenantId) as value. I have blurred them out below as they are rather private.
|Adding a tag with OrgIdList and tenantId to a Secret
You then need to go back to the Key Vault and click on the “Access Policies” menu item, you should then see yourself as the principal as this was set when we created the key vault. We now need to add Data Export Service as a valid Principal with read access rights.
So click “Add”, click “Select Principal” and search for “b861dbcc-a7ef-4219-a005-0e4de4ea7dcf” which is the ID for Data Export Service. It should show up like this:
It needs to have “Secret Management Operations – GET” permissions and nothing else.
Now, go back to the Secret and copy the URI to the Secret.
|Getting the URI for the Key Vault Secret
Paste it into the Data Export Service Wizard field for Key Vault.
Fill in the other information and press validate. Hopefully it will work out well!
Being too cheap with the Azure SQL level
If you don’t go for a Azure SQL P1 and choose a lower tier, you might get this warning:
We tried an S0 for our Dev environment and tried to sync a couple of million records and that just didn’t work, we got tons of errors. We upgraded the ASQL to S2 and then at least we didn’t get any errors. We are planning for P1s in UAT and production.
Might have to set activation date on secret
Seems that you might have to set an activation date on the secret. Not sure why this is, the PS-script doesn’t seem to do this. But not very hard.
|Added activation date on the Secret from June 4.th
Using Database schema that is not created
The default database schema is “dbo” in the Data Export Service Wizard. If you change this to something else like “crm” and you haven’t created this in the database, you will get an error. It is simple to fix, you just have to go into the database and create the schema. To create the schema “crm” open a query and run:
CREATE SCHEMA crm
For more information on how to create schemas, check this site: https://docs.microsoft.com/en-us/sql/t-sql/statements/create-schema-transact-sql?view=sql-server-2017
Once the schema has been created, there should be no problem using it, as long as the user has permissions using it.
I hope this works for you. If you have any questions, don’t hesitate to leave a comment.
MVP, Founder and Principal Consultant at CRM-konsulterna AB
If you are using Dynamics 365 Online, Dynamics 365 Support is your IT-department for your Dynamics system and you need to know or start learning how to working with them in a good way. There are several things you should consider.
Registering a support ticket
First of all, registering a support ticket is of course important. This might not be as trivial as it seems, as it depends on which type of license you have. If you have bought your licenses using CSP (Cloud Service Provider) or Select/Volume Licensing then you will most probably be directed to your CSP/Select partner for any support issues. You can of course buy premier support from Microsoft but that might not always be an option for smaller companies. There are some tricks as well if you are stuck with CSP/Select or similar, and will be happy to tell you about these in person if I meet you, but I won’t write about them, as I am afraid it will be “fixed” which would be sad.
If you have bought your licenses directly through the O365 portal, you can also create a ticket using the portal. You need to be a Global Admin or a Dynamics 365 Service Admin to place a ticket. Currently you cannot indicate that the ticket is for Dynamics so you simply write so in the text and the O365 support team will create a new Dynamics 365 ticket for you. I was amazed at how fast the Office 365 support called me after registering a ticket, I think it took less than 1 minute. So I would suggest you choose the option “call me”.
If you have a partner, I strongly suggest that you register them in the Office 365 portal for the Dynamics 365 subscription as Partner of Record (PoR). This will make your company show up in their Microsoft partner portal where they can register a support ticket for you.
When registering the ticket with Microsoft, there are some things you have to note:
- Be polite. Even if your system is slower than sirup in January (a Swedish saying) or nobody can log in, you will not be getting any help faster by screaming or being rude. I like to quote my grandfather who had a good saying: “Better to be strong in argument and withheld in words, than the other way round.” I have actually gotten written compliments for being nice by the support people, do you think they will go the extra mile for me?
- Be very exact with what is you think is wrong. The best way is to formulate it like this: “I did X and expected Y but I got Z”. Also be clear on when you define the case as closed. This is particularly important, and hard when you have performance issues or intermittent errors. But try to be as exact as you can. For example: “When users run Chrome open a Contact (after the contact form already has been loaded for another record) it takes 10 seconds. We expect it to take no more than 2 seconds.”
- Only have one issue per ticket. Better to have many tickets open. I have had 4 tickets open for one single customer at the same point in time.
- If you think the issue is important, describe it in business impact terms. For example “The bug X affects all sales people in the organization effectivly stopping them from using Dynamics 365. It severly risks our entire Dynamics 365 investment as users look at other solutions and the user adoption drops dramatically and the trust in the system is drastically lowered for every hour this bug is not fixed. We have 4354 sales people in our global sales organization spread out over 34 countries. It also affects managements abilities to manage the company as no pipleline and forecast numbers are produced which could potentially cause sever business damages that cannot easily be fixed within the coming 4-5 years.” – This was just made up 🙂 but it is important to not hold back when doing this, especially if you are Swedish or from other cultures which value humbleness.
- Be clear on limits of the error.
- Which Operating system?
- Which browsers?
- What times? Can you see any clear patterns on when it happens?
- Security roles?
- Types of users affected, AD users federated to O365 or Cloud users?
- How long?
- Which versions of Dynamics 365 are you running?
- Which instances have the issue (the url:s)?
Types of tickets
What types of tickets can be registered? Should you only register a ticket when you want help with something?
Well, no, you can and should register a ticket for many different reasons. As I mentioned at the top of the article it is important to think about Microsoft Support as your Dynamics 365 IT-department. They will help you with a lot of things that your IT-department would have helped you with had they hosted your Dynamics system. The main difference is probably that they do nothing else than host Dynamics 365, every day, year after year… not many IT-departments that can compare with that.
Typical issues they can help out with are:
- Something seems to have stopped working that used to work, and you didn’t change anything. Like you cannot create an Application User anymore.
- Something clearly is a bug in Dynamics 365 and you want Microsoft to know about it (they might not know) and you want to let them know how important it is for you (they will surely not know this).
- You need some information from the Server, like the “Top 10 table Usage” report from the SQL database.
- You have performance issues.
- You need to change the planned upgrades because your team won’t make the set time.
- You want to set some non-clustered indexes on the database.
- You are doing a migration of large amounts of data and you will be a bad neighbour for a few days and if possible you would like a little more than the 2 allocated threads in the API.
- You want a database copy prepared for installation into an on-prem equivalent.
- You need some detailed information on how the service is managed, like
- How backups are stored
- How to restore backups from the 90 day tape backup
- Where an instance is hosted
- You would like to move an instance to another datacenter
- You need to remove a managed solution but it has dependencies that shouldn’t be there…
- You need to do some task with an instance that you cannot do yourself with the instance manager.
In other words, they will be your superfriend when working with Dynamics 365 and you want to be really nice to your super friend!
MVP, Founder and Principal Consultant at CRM-konsulterna AB
I just ran into one of the weirdest errors I have seen in my Dynamics CRM/365 carreer, and I have seen a few.
The problem we had was that the case entity had stopped working more or less totally. When trying to open any type of case form either as a normal user or in the form editor, I got a more or less anonymous error message. After a lot of banging my head against the wall and loosing some of my few strands of hair, I finally with the help of Deepesh excellent blog article:
it got me on the right track. I did some URL-hacking to try to access the form editor directly and accidentaly got to a mixed form editor. Very weird, but it showed that the form itself wasn’t broken, hence there was something wrong further down… probably the fields, just as Deepesh’s error. And after removing all custom fields, I got it working. Then tediously going back and removing them one by one, I found the culprit, a custom Lookup to the Product.
To give you some more background:
When trying to edit any case form, I got the following error:
When trying to create a new case, I got the following error:
And if I downloaded the file, the contents was: (I have hightlighted the part which has some, but only slight relevance)
Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=220.127.116.11, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #D856E3CEDetail:
<OrganizationServiceFault xmlns:i=”http://www.w3.org/2001/XMLSchema-instance” xmlns=”http://schemas.microsoft.com/xrm/2011/Contracts”>
<ErrorDetails xmlns:d2p1=”http://schemas.datacontract.org/2004/07/System.Collections.Generic” />
<Message>System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #D856E3CE</Message>
<ExceptionSource i:nil=”true” />
<ErrorDetails xmlns:d3p1=”http://schemas.datacontract.org/2004/07/System.Collections.Generic” />
<Message>System.NullReferenceException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #5CCC57F6</Message>
<ExceptionSource i:nil=”true” />
<InnerFault i:nil=”true” />
<OriginalException i:nil=”true” />
<TraceText i:nil=”true” />
<OriginalException i:nil=”true” />
<TraceText i:nil=”true” />
Here are some facts:
- We had installed a solution that is an upgraded solution, originally from CRM 4 via CRM 2011 and 2013. Not sure if the field definition from the earlier versions are causing this. Probably not.
- I tried switching off all plugin steps. But it didn’t help at all. This is usually what Microsoft support will ask you to do when you have issues why I tried it myself. Always good to try and send this to Microsoft support when registering a support ticket.
- I have tried spinning up a clean 8.2 Dyn 365 with no customizations, creating a solution with just the case entity and importing that. It did not work. Not very strange, as the problem was a field that is causing the problem. Adding solutions does not remove anything unless you are using managed solutions with patches etc.
- I tried exporting a small solution with just the case forms and removed all custom fields from the customization file manually and reimported it. It did not work, which is not strange either, as the error was not on the form.
- I tried creating cases via the API. That did work. I did not use the lookup field that I later found out was the culprit. Perhaps writing something to all fields in the case entity would have generated an error. The reason for doing this was that I wanted to see if I could get an exception in my code that contained more information than what I was getting in the UI. Hence I wasn’t at all happy that it did work.
- I tried retrieving cases via the API. That did work. Again, not happy at all.
- I tried to manufacture the URL to the form ( https://contoso.crm4.dynamics.com/main.aspx?appSolutionId=%7b<solutionguid>%7d&etc=<entityobjectid, 112 for case>&extraqs=formtype%3dmain%26formId%3d<Guid for the ofrm>%26action%3d-1&pagetype=formeditor) That did not work. No form URL with etc=112 works.
- I tried to retrieve the form via the API, that works. Again, not happy, but at least it showed that there probably wasn’t any problem with the form.
- I tried to manufacture a weird URL, with the correct form id with the incorrect EntityObjectID. That showed the form, but with the information that the form is for the “other” entity. Weird, but showed that there is actually nothing wrong with the form itself. I could even edit the caseform this way, move fields, remove fields, but not add new stuff. Totally unsupported way of editing a form, but when in love, war and when Dyn365 buggs out, anything is allowed.See below. This proved to be a very useful, as the form seemed for some very strange reason to be involved in this. The way I proved this was that I had an “original”, instance where the error showed and one where I had got it to work, after removing some fields, and removing all unnecessary fields from the main form. After this I created a solution which only imported the form from the non-functioning instance for the case entity and imported it into the working instance. I had not expected the result, but it actually stopped working. With the error described above. So for some reason the form was part of the problem.
|A weird Form Editor – the Case form loaded with the Account Entity (EntityTypeCode=1). Be careful when using this, and use at your own risk!
- I got the same error as above when I try to open the case form in the normal UI.
- When I try to create a new case, I get the error shown in the file “AnErrorHasOccuredWithTimeStampAndLog.png”
- As for what happened with the system just before/during/when this error occurred, we were doing customizations on the case form from a spotty internet Connection, and the case for did work before.
- In the field-section of the Case entity, I selected “Custom” fields, and I have a notion that most of these errors are probably caused by code which mix up custom lookup fields with built in ones. So I would start by looking at lookup fields based on system entities with custom relationships to case like:
- case 1:N case
- product 1:N case
- account 1:N case
- contact 1:N case
- pricelevel 1:N case
- However you might have several fields that are causing errors (I did), and that might make it very tricky to find what is wrong. Cause once you managed to remove the last field causing the error, and then restore the solution and then remove it again, you will find that you are back to a non-functioning entity, and you will have to work your way through each of the fields, with all their dependencies again, until you find the next one. Hence the methodology becomes
- Export solution
- Remove fields until you get the entity to work. Document exactly which fields you try and in which order. Always work in the same order. Remove a field, try to open the case, remove the next field, try to open case form, and so on. All the time documenting, which fields and in which order.
- When you get the case form to work, import the solution again.
- Remove the the field(s) that you know are causing the problems.
- If, after this, it still does not work, go to 2.
- After I removed the fields, and cleaned the form, I recreated the fields with the exact same schema-names and that worked perfectly. Not sure though how it will work when I export it, I am still not sure what is causing this. Probably some erroneous code in the case logic.
- I was able to replicate this error on other instances. So the problem is certainly connected to the solution itself.
So to sum it up. This is most obviously a bug in the Dynamics 365 platform as it should never be able to go into this state. In my case entity the problem was two lookups AND the main “Case” form. After removing the fields and removing all non-necessary stuff from the form by using a URL hack described above, I managed to get it working.
If you run into this, I hope you manage to fix it. It isn’t easy and it will take some time. Hopefully I have given you some pointers.
MVP, Founder and CTO at CRM-konsulterna AB