CRM 2011 Email Router Configuration Wizard might fail during “loading data”


After you deployed the CRM 2011 on premise and the CRM e-mail router you may experience a problem when loading data from Email Router Configuration manager.

Issue
When you hit the “load data” button on the “User, Queues, and Forward Mailboxes” Tab in the Email Router Configuration manager …

image

… the e-mail router might not be able to load the data. Within the  CRM platform trace the below error can be seen:

>Crm Exception: Message: The decryption key could not be obtained because HTTPS protocol is enforced, but not enabled. Enable HTTPS protocol, and try again., ErrorCode: -2147187707, InnerException: Microsoft.Crm.CrmException: The decryption key could not be obtained because HTTPS protocol is enforced, but not enabled. Enable HTTPS protocol, and try again.

at Microsoft.Crm.ObjectModel.EmailService.GetDecryptionKey(ExecutionContext context)

On the UI the following error will be reported:
image

Cause
The e-mail router expects a HTTPS connection to the CRM website and if SSL is not enabled on the website the request will fail.

Workaround
Add the registry key "DisableSecureDecryptionKey" on the CRM Server. If you configure the value to 1 the email router configuration manager will explicitly check for HTTP.

1. Click Start , click Run , type regedit , and then click OK .
2. Locate and then click the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM

3. On the Edit menu, click New , and then click DWORD Value .
4. Set the name of the subkey to DisableSecureDecryptionKey .
5. Right-click DisableSecureDecryptionKey, and then click Modify .
6. In the Value data box, type 1 in the Value data field, and then click OK .
7. On the File menu, click Exit .

Greetings from the CRM team


Comments (4)
  1. AWOMS says:

    I am getting this error, even though the site has only HTTPS bindings. I've tried with both HTTP & HTTPS, and with only HTTP or HTTPS. It is a self-signed cert, but I have added the cert to both the local system trusted root & the user the service is running under's trusted root and nothing will work…

  2. Merijn van Mourik says:

    Exactly the same situation als AWOMS is describing. Also rebooted server. Using the key DisableSecureDecryptionKey. However at cost of security so I'm dissatisfied with this 'solution'.

  3. Nicolai W Hjorth says:

    Merijn, if you are dissatisfied with the lack of security the deploy your CRM using HTTPS (TBA / IFD) then it works. This is only for solutions running with HTTP and if you expose your CRM server externally using HTTP then you need to read up on the documentation from MS.

  4. Nitesh says:

    Great Article…….. thanks a lot for your help

Comments are closed.

Skip to main content