How to Configure Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Microsoft Exchange Server 2010


Update Rollup 8 for Microsoft Dynamics CRM E-mail Router (On-Premise) includes support for Microsoft Exchange Server 2010. In continuation to the blog titled “Configure Microsoft Dynamics CRM Online E-mail Router with Exchange Online”, this one explains the detailed steps required to setup Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Microsoft Dynamics CRM 4.0 On-Premise users and queues having mailboxes in Microsoft Exchange Server 2010.

Microsoft Exchange Server 2010 replaces the WebDAV functionality with Exchange Web Services (EWS). Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Update Rollup 8 has been enhanced to integrate EWS support and hence function with Microsoft Exchange Server 2010. The E-mail Router maintains compatibility with Exchange 2003 (only WebDAV) and Exchange 2007 (both WebDAV and EWS).

Prerequisites

  • Microsoft Dynamics CRM 4.0 On-Premise installation.
  • Microsoft Exchange Server 2010.
  • Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Update Rollup 8 or higher.

Configuration Steps

Microsoft Exchange Server 2010

Granting Exchange Impersonation permissions.

Microsoft Exchange Server 2010 makes do with the permissions model used in Microsoft Exchange Server 2007 and adopts the new Role Based Access Control (RBAC) allowing users to define extremely broad or extremely precise permissions models based on the roles of administrators and users. New commands are available to allow User/Mailbox Impersonation with varying scopes. Exchange Impersonation permission is required for a given Exchange 2010 account if it needs to cater to multiple Exchange 2010 accounts. The profile created with a user account having Exchange Impersonation permission can access the mailboxes of the users who are in the scope of this Exchange Impersonation permission.

In the Microsoft Exchange Server 2010 system, launch Exchange Management Shell from Start-> All Programs-> Microsoft Exchange Server 2010 -> Exchange Management Shell. The shell will connect to the Microsoft Exchange Server 2010 and display the prompt.

[PS] C:\Windows\System32>.

clip_image001

Example: impersonation scenarios

1. A single user is configured to connect to mailboxes of all other CRM users and queues that have their mailboxes on Microsoft Exchange Server 2010. This configuration hence makes do with the need to create profile for each CRM user and queue individually.

To achieve this you need to run the following command in Exchange Management Shell–

New-ManagementRoleAssignment   –Name: "ImpersonationName

-User: "RouterAdministrator@YourOrganization.com"   –Role:"ApplicationImpersonation”

In the above command, the Name parameter specifies a name for the new management role assignment. User is the username of the user who is given Exchange Impersonation permission and therefore can now access Exchange 2010 mailboxes of all other users in the Exchange organization.

[Details on New-ManagementRoleAssignment can be found here]

2. A single user is configured to connect to mailboxes of select set of CRM users and queues that have their mailboxes on Microsoft Exchange Server 2010. This configuration is preferable as the impersonation rights are given selectively on the desired mailboxes only.

To enable this scenario, you need to define the set of users as a Management Scope in Microsoft Exchange Server 2010. To do so, run the following command in Exchange Management Shell–

New-ManagementScope   –Name: "ManagementScopeName

–RecipientRestrictionFilter { Name  -eq  ‘ crmuser1 ’ }

In the above command, The Name parameter specifies the name of the management scope. The RecipientRestrictionFilter parameter specifies the filter to apply to recipient objects.

[Details on New-ManagementScope can be found here]

The new Management Scope created can now be used in the Role Assignment command to restrict the scope of Exchange Impersonation.

New-ManagementRoleAssignment   –Name: "ImpersonationName

-User: "RouterAdministrator@YourOrganization.com"   –Role:"ApplicationImpersonation”

-CustomRecipientWriteScope: ”ManagementScopeName

Removing Exchange Impersonation permission.

Exchange Impersonation permission can be removed using the

Remove-ManagemntRoleAssignment command.

[Details on Remove-ManagemntRoleAssignment can be found here]

Microsoft Dynamics CRM

Configure users and queues to use Microsoft Dynamics CRM E-mail Router.

Users and Queues in CRM can be configured to use the E-mail Router for processing the incoming Exchange and outgoing CRM e-mails. To utilize this functionality, Users and Queues must have a valid email address and select E-mail Router as the incoming and outgoing E-mail access types. This can be setup by an administrator or users having relevant permissions.

CRM Users

1. Navigate to Settings->Administration->Users and configure the user record as displayed.

clip_image002

  1. Individual users can select which e-mails from the specified Exchange On-Premise mailbox to Track in CRM. This can be selected from the Tools->Options-> E-mail tab.

clip_image003

CRM Queues

  1. Navigate to Settings->Business Management->Queues and configure the Queue as displayed.
    clip_image004
  1. In line with Users, Queue form also provides the flexibility to choose the desired category of e-mails which need to be promoted to Microsoft CRM.
    clip_image005

Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise)

After the Router has been installed, launch the E-mail Router Configuration Manager from Start-> All Programs-> Microsoft Dynamics CRM E-mail Router. There are three main tabs in the Configuration Manager as shown below.

clip_image007

Configuration Profiles. To configure the E-mail Router, you first create one or more incoming and one or more outgoing configuration profiles. These configuration profiles contain information about the e-mail server and authentication methods that the E-mail Router will use to connect to the e-mail server and transfer e-mail messages to and from the Microsoft Dynamics CRM organization. You create configuration profiles on the Configuration Profiles tab in the E-mail Router Configuration Manager.

Deployments. After you create the configuration profiles that you want, you must define at least one deployment. The information that you enter into the Deployment area will be used by the E-mail Router to connect to your Microsoft Dynamics CRM deployment.

Users, Queues and Forward Mailboxes. After you have the configuration profiles and deployment established, then you manage the users, queues, and forward mailboxes that will be used by the E-mail Router to route Microsoft Dynamics CRM e-mail messages. You manage these items on the Users, Queues, and Forward Mailboxes tab in the E-mail Router Configuration Manager.

Creating Exchange Server 2010 incoming profile.

  1. In the E-mail Router Configuration Manager tool, click the Configuration Profiles tab, and then click New.
  2. Type a profile name. For example, type Exchange 2010 Incoming Email.
  3. Choose Incoming in the Direction list.
  4. Choose Exchange Web Services as the Protocol.
  5. Choose Exchange 2010 as the E-mail Server Type.
  6. The only Authentication Type allowed is “Windows Authentication”.
  7. Type the name of the Microsoft Exchange Server 2010 web services URL.

Default Location
https://<Exchange-2010-Server-Name>/EWS/Exchange.asmx

clip_image008

8. Select how the e-mail Router will gain access to the Microsoft Exchange Server 2010 in the Access Credentials list.

  • If you select Local System Account for the Profile, the Router will use the credentials specified in the Microsoft CRM Email Router service running in the host machine. The credentials provided should be the username of user in your Microsoft Dynamics CRM organization who has the System Administrator role. This user must have Exchange Impersonation permission on the mailboxes that this Incoming Profile will serve including self. This type of profile is typically used for polling large number of mailboxes using the credentials of a user with Administrative privileges and Exchange Impersonation permissions.
  • If you select User Specified for the Profile, the Router will use the user name and password provided in Microsoft Dynamics CRM for users who are configured to use this Incoming Profile.
  • If you select Other Specified for the Profile, the Router will use the user name and password provided in the open textboxes as shown below. User name has to be provided in the form DomainName\UserName. The specified user must have Exchange Impersonation permission on all the mailboxes that this Incoming Profile will serve (Exchange Impersonation Permissions on self is not required).

Note: The above steps can also be used to create an incoming profile for a CRM user having Microsoft Exchange Server 2007 mailbox by choosing Exchange 2007 as the Email Server Type in step 5.

Creating Exchange Server 2010 outgoing profile.

Microsoft Dynamics CRM 4.0 Email Router (On-Premise) with Update Rollup 8 supports SMTP as the default and only protocol for outgoing e-mail messages as in the case of previous versions.

  1. In the E-mail Router Configuration Manager tool, click the Configuration Profiles tab and then click New.
  2. Type a profile name. For example, type Exchange 2010 Outgoing Email.
  3. Choose Outgoing in the Direction list.
  4. The only Protocol allowed is SMTP.
  5. Verify that SMTP is selected as the E-mail Server Type.
  6. Choose the Authentication Type as appropriate.

clip_image009

  1. Type only the name of the Microsoft Exchange Server 2010 system in the Location field.
  2. Check SSL box if the Microsoft Exchange Server 2010 uses SSL for SMTP.
  3. Select and provide the appropriate Access Credentials with Exchange Impersonation permission as required. [See section on Granting Exchange Impersonation permission for details]

Configure the Microsoft Dynamics CRM On-Premise deployment.

After you have created the outgoing and incoming e-mail profiles, click the Deployments tab in the E-mail Router Configuration Manager tool.

  1. Click New to create a new deployment. The default Deployment option will be set to My Company.
  2. In the Microsoft Dynamics CRM Server open text box it will default to http://discovery/<OrganizationName>. Replace discovery with the name of the Microsoft Dynamics CRM On-Premise Server and <OrganizationName> with your Microsoft Dynamics CRM Organization Unique Name.
    Note: The Organization Unique Name is case-sensitive.
  3. Verify that Microsoft Dynamics CRM secure URL Port contains valid value if the CRM server is SSL enabled. clip_image010
  1. Select how the e-mail Router will gain access to the Microsoft Exchange Server 2010 in the Access Credentials list.
    • If you select Local System Account, the Router will use the credentials specified in the Microsoft CRM Email Router service running in the host machine.
    • If you select Other Specified, the Router will use the user name and password provided in the open textboxes as shown below. User name has to be provided in the form DomainName\UserName.

    5. In the Incoming configuration profile, select the incoming profile you created.

  1. In the Outgoing configuration profile, select the outgoing profile you created.
    Note: Setting the Incoming and Outgoing configuration profiles on the Deployment will make these the default profiles for the users that are set to use the E-mail Router for incoming and outgoing e-mail. You can change it for each user in the Users, Queues and Forward Mailboxes tab.
  2. Click OK to finish creating the deployment.

Forward Mailbox

Forward Mailbox is one of the options available for processing the incoming e-mails in Microsoft CRM. This option is helpful in scaling the system where all the Forward Mailbox users and queues have all their e-mails forwarded to the Forward Mailbox using Exchange forwarding rules. Emails for multiple users and queues are present in this single E-mail box as an attachment and hence Router can promote them to Microsoft Dynamics CRM using the single polling location. Users and Queues can have this options set for incoming e-mails processing as follows.

  • Users: Settings->Administration->Users
  • Queues: Settings->Business Management-> Queues

clip_image012

Set up the Forward Mailbox.

  1. Open the Microsoft Dynamics CRM E-mail Router Configuration tool.
  2. Click the Users, Queues and Forward Mailboxes tab.
  3. In the Select a CRM Deployment to view users and mailboxes list, select the Microsoft Dynamics CRM deployment you created.

clip_image013

  1. Click Load Data. This will display the Microsoft Dynamics CRM users who are configured to use the Email Router for processing their e-mails.
    Note: If you receive an error displaying the users, verify the correct organization name is listed in the Select a CRM Deployment to view users and mailboxes list. Also, verify the organization name is entered with the correct case. The organization name is case-sensitive.
    Note: If no users are listed after you click Load Data, or if you are missing users, check the user’s settings by following the steps in the section titled “Configure users and queues to use Microsoft Dynamics CRM E-mail Router.”
  2. Click the Forward Mailboxes tab, and then click the New.
  3. Type a name for the forward mailbox profile. For example type ForwardMailbox in the Name open text box.
  4. Type the e-mail address for the forward mailbox in the E-mail Address open text box.
  5. Click OK

Deploy Exchange rules manually through Microsoft Exchange Server 2010.

In order to use the forward mailbox feature Microsoft Exchange Server 2010 users need to manually create rules on their own mailboxes from OWA or using Outlook client. This can be done by using the Rule Deployment Wizard for Microsoft Exchange Server 2007 and earlier systems. In Microsoft Exchange Server 2010 they will need to manually setup a rule with the following logic:

clip_image014

Forward All e-mails as An Attachment to <a mailbox you defined in your system>

This rule will forward all incoming e-mail to the Microsoft Dynamics CRM forwarding mailbox. After the rules have been deployed, any e-mail that is received in a user’s mailbox will be forwarded as an attachment to the forwarding mailbox. The Microsoft Dynamics CRM E-mail Router Service monitors the forward mailbox. The service will route Microsoft Dynamics CRM e-mail to Microsoft Dynamics CRM as an e-mail activity. If the e-mail is not related to Microsoft Dynamics CRM, the service will delete the e-mail message from the forwarding mailbox.

Test and publish the new incoming /outgoing profiles and deployment.

The final step is to publish new incoming profiles, the deployment and forward mailbox settings. Before publishing, connectivity to all mailboxes using the specified profiles must be tested. To do this, complete the following steps:

  1. Click the Users, Queues and Forward Mailboxes tab within the E-mail Router Configuration Manager tool.
  2. In the Select a CRM Deployment to view users and mailboxes list, select the Microsoft Dynamics CRM deployment you created.
  3. Click Load Data. This will display the Microsoft Dynamics CRM users configured to use the e-mail Router. clip_image015

Note: If you receive an error loading the data, verify the correct organization unique name is listed in the Select a CRM Deployment to view users and mailboxes list. Also, verify the organization unique name is entered with the correct case. The organization unique name is case sensitive. If no users are listed after you click Load Data, or if you are missing users, check the user’s settings. Also Forward Mailbox users and queues do not have the option of assigning the incoming profiles because the forward mailbox is directly used for the incoming E-mail processing.

  1. If you want to change the Incoming or Outgoing configuration profiles for certain users, double click the user and change the selection for the Incoming Configuration Profile or Outgoing Configuration Profile and click OK.
  2. Click Test Access. Tests will be performed on all users for both profiles. A successful test will display a green succeeded message that resembles the following:
    clip_image016
  3. To publish the deployment, click Publish. A successful publish will display the following message: 

clip_image018

On publishing the Router will start catering the Microsoft CRM Users and Queues having the Microsoft Exchange Server 2010 mailboxes.

Cheers,

Ravindra R Upadhya

Comments (29)

  1. David Finley says:

    We have been playing around with your setup here and have had some success but failed too. I wonder if we can get some suggestions.

    We have two mail server, 2003 and 2010 and have migrated some users to 2010 for testing.

    We just cannot get a successful test for incoming against the 2010 server.

    The Exchange Web Services URL we are using is this:  https://servername.externaldomain.com/EWS/Exchange.asmx

    When we hit that URL from the server with the CRM Router on it, we can enter a users Windows Authentication data and access the "Services.wsdl". We assume that this is a test of the access to the Exchange  Web Services?

    However once we publish the Inbound Configuration Profile and Test. We get nothing. The test hangs on the first account.

    Access Credentials have been tested with both user specified (was working before migration to 2010) and with Other Specified, where we set the details of the first users that is tested in the test access process (assuming that it would at least prove test one account), but nothing.

    Any suggestions would be appreciated here.

  2. dub says:

    We have been playing around with your setup here and have had some success but failed too. I wonder if we can get some suggestions.

    We have two mail server, 2003 and 2010 and have migrated some users to 2010 for testing.

    We just cannot get a successful test for incoming against the 2010 server.

    The Exchange Web Services URL we are using is this:  https://servername.externaldomain.com/EWS/Exchange.asmx

    When we hit that URL from the server with the CRM Router on it, we can enter a users Windows Authentication data and access the "Services.wsdl". We assume that this is a test of the access to the Exchange  Web Services?

    However once we publish the Inbound Configuration Profile and Test. We get nothing. The test hangs on the first account.

    Access Credentials have been tested with both user specified (was working before migration to 2010) and with Other Specified, where we set the details of the first users that is tested in the test access process (assuming that it would at least prove test one account), but nothing.

    Any suggestions would be appreciated here.

  3. Hemant says:

    It seems that exchange web services are not configured correctly. Can you look into the windows eventlog for the error details after publishing the profile. Also try EWS url with just http.

    You can check exchange web services working using the console app from the steps given at

    http://msdn.microsoft.com/en-us/library/bb408521.aspx

  4. hemant says:

    Can you try with just http in the url, seems that the web serivices are not setup properly. To verify the exchange web services configuration you can use the console app from the steps given at http://msdn.microsoft.com/en-us/library/bb408521.aspx.

    Note that the router does not work with self signed certs (http://support.microsoft.com/kb/954584).

    To Disable https from the web service for testing.

    Replace all "httpsTransport" with "httpTransport" in $Exchange ServerV14ClientAccessexchwebewsapp.config

    Replace in EWSServiceBehavior ->  httpsGetEnabled="false" instead of “true” in $Exchange ServerV14ClientAccessexchwebewsapp.config

  5. Rajpreet Kalyan says:

    Hi Ravindra,

    Nice article ! When is the RDW support for Exchange 2010 coming out ?

    Thanks,

    Rajpreet

  6. Dean Gillan says:

    With the update of the email router is the installation now supported on Server 2008 and or Server 2008 R2?

  7. Mark Smyth says:

    We have same problem as David Finley above. We have a new install of Exchange 2010 using https with a 3rd party cert. Webmail works correctly. If we use the InternalNLBBypassUrl in the CRM incoming profile we get a cert error exactly as expected.

    We are not prepared to change the config file as suggested for testing as this is a live production environment

  8. Hemant says:

    The resolution pointed above was for the test exchange environments where the https default is not backed up by the signed certs. Router should work fine if the https is correctly setup with the valid certs. I think there might be the issue with the EWS endpoint which is used in the profile. Please use the following link having the pointer to the sample application to determine the correct end point. http://msdn.microsoft.com/en-us/library/bb204057.aspx

  9. Ravindra says:

    Dean,

    From the Microsoft Download page for Email Router UR8 –

    http://www.microsoft.com/downloads/details.aspx?familyid=C53B2916-6B93-4092-BDD3-A394C96CA000&displaylang=en

    Windows Server 2008 is supported.

  10. Joakim says:

    Are there any special considerations to be taken when using Exchange 2010 clustered servers? Should the cluster DNS name be used or one of the servers name/address?

  11. Ravindra R Upadhya says:

    Hey Joakim, you should use the MBX server's name/address in the incoming/outgoing profiles.

  12. Ravindra R Upadhya says:

    Joakim, CAS/MBX server name is what you need to provide in Email router in the Incoming/Outgoing profile.

  13. Feifei says:

    by following your instruction . i am still facing below error:

    "Incoming Status: Failure – The request failed with HTTP status 403: Forbidden."

    I'm sure the access credential I provided for incoming profile have enough permission to access the mail account i specified. any other setting i need to config ?

    BTW. one more question, if an account could access to certain mail address. does it mean this account have the impersonation permission?

  14. Ravindra R Upadhya says:

    Feifei, the particular error you are seeing is not due to access credentials. Rather, it is due to incorrect binding used in URL. It looks like the URL you have provided is HTTP while the server expects HTTPS.

  15. Ravindra R Upadhya says:

    For the second question : Not necessarily. You may have access to the mailbox and yet not have rights to send emails as that user. This may well be sufficient for receiving emails though.

    Although, we recommend that you verify the permissions using Exchange Management Shell with the help of commands mentioned here : technet.microsoft.com/…/dd351024.aspx

  16. Ravindra R Upadhya says:

    Update :

    The configuration steps mentioned in this blog also applies as is to Exchange Server 2007 with EWS support with one exception:

    In the Incoming Profile, choose Exchange 2007 as the Email Server Type.

    Exchange Impersonation :

    The below example shows how to grant Impersonation permissions

    to an account named "Administrator" over all other mailboxes in the Exchange Server with CAS role:

    Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User Administrator -ExtendedRights ms-Exch-EPI-Impersonation}

    Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User Administrator -ExtendedRights ms-Exch-EPI-May-Impersonate}

    Both of these commands would be necessary.

    For detailed Impersonation commands please refer to this location:

    technet.microsoft.com/…/bb629567(EXCHG.80).aspx

  17. James McDonagh says:

    Hi, im gettin stuck on the section shown below

    New-ManagementScope   –Name: "ManagementScopeName"  

    –RecipientRestrictionFilter { Name  -eq  ‘ crmuser1 ’ }

    I would like to filter to on mailboxes within a Distribution list i created 'CRM Users'. how would i go about doing that?

    Thanks

  18. Feifei says:

    Hi Ravindra,

    Great thanks for your reply on my issue. really appreciate!

    As you suggested, I tried to configure Exchange web service URL as https://TK5EX14MBXC***/EWS/Exchange.asmx for incoming mail settings (Note: TK5EX14MBXC*** is the exchange server on which our specified mail accout is hosted). but still got below error:

    Incoming Status: Failure – The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.

    and I try to open https://TK5EX14MBXC***/EWS/Exchange.asmx in internet explorer . got 404 server error: File or directory not found.

    if open http://TK5EX14MBXC***/EWS/Exchange.asmx in internet explorer,got 403 server error:Forbidden: Access is denied

    If we'd like to verify account permission on TK5EX14MBXC***. it should be done by someone who has right to access to exchange server, right? right now, we didn't have this right. which team are we supposed to turn to at this circumstance

    Could you please provide some insights on my issue? THANKS A MILLION!

  19. Feifei says:

    Hi Ravindra,

    Great thanks for your reply on my issue. really appreciate!

    As you suggested, I tried to configure Exchange web service URL as https://TK5EX14MBXC***/EWS/Exchange.asmx for incoming mail settings (Note: TK5EX14MBXC*** is the exchange server on which our specified mail accout is hosted). but still got below error:

    Incoming Status: Failure – The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.

    and I try to open https://TK5EX14MBXC***/EWS/Exchange.asmx in internet explorer . got 404 server error: File or directory not found.

    if open http://TK5EX14MBXC***/EWS/Exchange.asmx in internet explorer,got 403 server error:Forbidden: Access is denied

    If we'd like to verify account permission on TK5EX14MBXC***. it should be done by someone who has right to access to exchange server, right? right now, we didn't have this right. which team are we supposed to turn to at this circumstance

    Could you please provide some insights on my issue? THANKS A MILLION!

  20. David Gerke says:

    Thanks for the article. Very useful indeed.

    I have a question about changing the incoming type from a forward mailbox to an email router type configuration for incoming email.

    Is there anyway to limit how far back the Email Router will interrogate?

    Once deployed it is scanning messages back from 2008 in inboxes and associating with entities which is triggering workflow for me.

    What I am really looking for here is a flag where I can say “use CRM router for incoming messages from this point forward and don’t bother trying to ingest old messages”

    Cheers,

    Dave

  21. Ravindra R Upadhya says:

    David,

    There is a way to do exactly what you need.

    We recommend you to update to the latest Update Rollup (UR) available in order to do this.

    Once you have the latest UR, please follow the below mentioned steps on the machine where Email Router is installed.

    – Stop the Email Router Service. To do so, open Services.msc and look for "Microsoft CRM Email Router". Stop this service.

    – In your installation Directory, browse to "Service" folder. By default this will be at "C:Program FilesMicrosoft CRM EmailService"

    – Take a backup copy of "Microsoft.Crm.Tools.EmailAgent.xml" and store it in a safe location. Open "Microsoft.Crm.Tools.EmailAgent.xml" for edit. Inside the <ProviderOverrides> node, add a new node "<MessageProcessingThresholdDays>1</MessageProcessingThresholdDays>".

    – Change the value 1 to any number 'N' suitable for your needs and save changes.

    – Take a backup copy of "Microsoft.Crm.Tools.EmailAgent.SystemState.xml" and store it in a safe location. Open "Microsoft.Crm.Tools.EmailAgent.SystemState.xml" for edit. Delete entire content and add only "<State> </State>".

    – Save changes and Start the Email Router Service.

    This will instruct the Email Router to process emails from each mailbox starting from time (Now – N), i.e, N days before now.

    Please note –

    Both files must be edited as mentioned.

    This will apply to all mailboxes that the router is catering to.

  22. Ravindra R Upadhya says:

    In multibox Exchange environments, please use the CAS exchange server name while creating the EWS URL.

    In most cases that we have seen, MBX servers will give a 404 error.

  23. Pete Weston says:

    Hi there,

    First off great article.

    Although i am unable to complete our CRM router settiungs on Exchange 2010. The outgoing profile tests on the CRM Router Configuration work fine, but the Incoming fails with "the account does not have permission to impersonate etc" & on the Exchange 2010 server i get the "RBAC authorization returns acces denied"

    Now the account we are using for the incoming profile is the Local System account (which also runs the crm router service) on our crm server.

    On our Exchange 2010 server there is no way to add a Computer (local system) using the impersonate shell commands or manualy adding full mailbox rights in the console. Ive been stuck on this for some time and its just stumped me. All the guids and examples talk about 'add the user account here to impersonate the organisation, i dont want to do that i want to use local system account on our CRM server.

    This is the way its been setup now migrating to Exchange 2010 its just wont work. We are running CRM UR12. and Exchange 2010 has SP1.

    I may be going about this all wrong, any help would be appreciated. Thanks.

  24. Manoj Batchu says:

    Hi Ravindra,

    Thanks for the great article. One Question: While doing test access, we get message "An internal server error occurred. Try again later." frequently for few queues/forward mailboxes. Upon trying multiple times it shows 'Succeeded'.

  25. Ravindra R Upadhya says:

    Hi Pete,

    I'd like to know the previous setup you've had the current setup you have :

    Exchange domain/deployment setup;

    CRM domain/deployment setup;

    Which domain and machine is router installed on?

    I've been able to mimic the setup you are trying to achieve on one of my local environments.

    – Granted the impersonation rights to my admin account of Exchange domain.

    – Installed router on a machine that is joined to the Exchange domain.

    – Logged into router machine as the Exchange admin with impersonation rights.

    – Configure router to use Local System Account for Incoming profile.

    I'd also like to know how you granted the impersonation rights previously to the Local System Account. There should certainly be an equivalent shell script in Exchange 2010.

  26. Ravindra R Upadhya says:

    Hi Manoj,

    We have seen that error in our local environments wherein a single Exchange Server is used to cater to multiple CRM organization; each org having its own email router; each router having around 50 users; all users catered to by the same Exchange account that has been granted impersonation permissions.

    The issue is that Exchange has a limit on the number of sessions that can be opened by a single account at any given time. In the scneario that I mentioned above, we are clearly exceeding this limit, by a large margin. The exceptions are a result of Exchange server not allowing newer connections from the same account.

    Few questions regarding your setup :

    – Is the router in your deployment in Admin mode (single account used to cater to multiple users)? If so, how many users?

    – Since when are you seeing this error? (Update Rollup 8, 9, 10, 11, 12 or 14)?

    – Are you using MSIT's hosted Exchange servers?

  27. Ravindra R Upadhya says:

    Hi Manoj,

    The error you are seeing is indeed due to the session limit I mentioned in the previous post.

    It looks like you have modified the Excahnge Throttling policy. By default, throttling kicks in when the number of connections is greater than 10. If this number is changed to a value greater than 20, then I noticed that we get "Internal Server Error" from Exchange instead of the throttling exception 'ErrorServerBusy".

  28. Ravindra R Upadhya says:

    Hi Manoj,

    The error you are seeing is indeed due to the session limit I mentioned in the previous post.

    It looks like you have modified the Excahnge Throttling policy. By default, throttling kicks in when the number of connections is greater than 10. If this number is changed to a value greater than 20, then I noticed that we get "Internal Server Error" from Exchange instead of the throttling exception 'ErrorServerBusy".

  29. Manoj Batchu says:

    Thanks Ravindra. Please find the answers for your questions.

    – Is the router in your deployment in Admin mode (single account used to cater to multiple users)? If so, how many users? – 150+ users

    – Since when are you seeing this error? (Update Rollup 8, 9, 10, 11, 12 or 14)? – UR 12

    – Are you using MSIT's hosted Exchange servers? – Yes