Microsoft Dynamics CRM 2013 and CRM 2015 Server-Side Synchronization – Allow Setting Credentials on Nonseecure Channel

Dynamics CRM 2013 and Dynamics CRM 2015 by default doesn’t allow save credentials in email server profile and mailboxes records if SSL is not used i.e. if you are running CRM on HTTP instead of HTTPS and if you select “Credentials in Email Server Profile” or “Credentials Specified by a User or Queue” then you get following error.

“You can’t set the user name and password in this email server profile and its associated mailboxes because the Microsoft Dynamics CRM server requires using a secure mode (SSL) to specify credentials. Use another mode of authentication, or contact the Microsoft Dynamics CRM server admin to allow setting credentials on a nonsecure channel.”

ServerProfileError

and CRM disable credentials fields (User Name and Password)

credentials fields disabled

At the time of Dynamics CRM 2011 with Email Router we used to add the registry key called “DisableSecureDecryptionKey” under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and set value to 1 but now this doesn’t do the trick anymore.

In Dynamics CRM 2013 this can be done by adding the new dword value registry key with name “AllowCredentialsEntryViaNonSecureChannels” under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and set value to 1.

However it is quite commonly noticed that creating a new registry key is not a solution and this has to be done through PowerShell script and that helped to resolve the problem.

If you know how to use power shell. Here are the steps to create this key and value;

 Add-PSSnapin Microsoft.Crm.PowerShell
$mycred = Get-Credential
$dwsurl = "http://xxxxxxxxxxxxxxx:5555"
$setting = Get-Crmsetting -settingtype ServerSideSyncEmailSettings -credential $mycred -dwsserverurl $dwsurl
$setting.AllowCredentialsEntryViaNonSecureChannels=$True
Set-CrmSetting $setting
Get-CrmSetting TraceSettings

Later when SP1 for CRM 2013 released and in CRM 2015, “AllowCredentialsEntryViaNonSecureChannels” registry key stopped working. Instead this part of functionality is controlled through two deployment properties “AllowCredentialsEntryViaInsecureChannels” and “ECAllowNonSSLEmail”.  These setting are within the DeploymentProperties table within the MSCRM_CONFIG database (please see more details in later part of this blog) and can be changed using following PowerShell commands.

To allow the saving of credentials when SSL is not used, run the following PowerShell commands:

add-pssnapin Microsoft.Crm.Powershell
$itemSetting = new-object ‘System.Collections.Generic.KeyValuePair[String,Object]'("AllowCredentialsEntryViaInsecureChannels",1) 
$configEntity = New-Object "Microsoft.Xrm.Sdk.Deployment.ConfigurationEntity"
$configEntity.LogicalName="Deployment"
$configEntity.Attributes = New-Object "Microsoft.Xrm.Sdk.Deployment.AttributeCollection"
$configEntity.Attributes.Add($itemSetting) 
Set-CrmAdvancedSetting -Entity $configEntity

To allow the use of connections to servers that do not use SSL, run the following PowerShell commands:

add-pssnapin Microsoft.Crm.Powershell
$itemSetting = new-object 'System.Collections.Generic.KeyValuePair[String,Object]'("ECAllowNonSSLEmail",1) 
$configEntity = New-Object "Microsoft.Xrm.Sdk.Deployment.ConfigurationEntity"
$configEntity.LogicalName="Deployment"
$configEntity.Attributes = New-Object "Microsoft.Xrm.Sdk.Deployment.AttributeCollection"
$configEntity.Attributes.Add($itemSetting) 
Set-CrmAdvancedSetting -Entity $configEntity

Although Microsoft recommends to use above PowerShell script to make changes to above two deployment properties however if you are not PowerShell expert and if you are getting any unexpected errors then you can update these properties by updating Deployment Properties directly into database. (Note: direct database update is not supported by Microsoft, so please make sure you take backup of the database)

To allow the saving of credentials when SSL is not used, run the following SQL statements in SQL Management Studio:

select ColumnName,BitColumn from DeploymentProperties
where ColumnName = 'AllowCredentialsEntryViaInsecureChannels'
Update DeploymentProperties
Set BitColumn = 1
Where ColumnName = 'AllowCredentialsEntryViaInsecureChannels'

To allow the use of connections to servers that do not use SSL, run the following SQL statements in SQL Management Studio:

select ColumnName,BitColumn from DeploymentProperties
where ColumnName = 'ECAllowNonSSLEmail'
Update DeploymentProperties
Set BitColumn = 1
Where ColumnName = 'ECAllowNonSSLEmail'

Note:

A guide to using PowerShell with Dynamics CRM can be found on MSDN (here) which has a number of useful of cmdlets for administrating a Dynamics CRM Deployment.

Please click here if you wish to find more about server-side synchronization.