mars 4, 2015 Legg igjen en kommentar
So this will be one of my shortest blog posts, it’s just a tiny bit of information about server-side-sync (SSS) for those who still are trying to get their head around it. So here it goes!
- If you want to use the Exchange Webservices
- CRM Online with Exchange On-Premises -> E-Mail Router
- CRM On-Premises with Exchange Online -> E-Mail Router
- Everything else -> Server-Side-Synchronization
If you have Exchange but can/want to use POP and SMTP for handling e-mails, you CAN use server-side-sync. The only caveat is that with POP/SMTP you won’t get task/calendar/contacts/tracking/etc synchronization, you will only get incoming and outgoing email. You can still track emails automatically inside CRM, but there won’t be any information about it in your e-mail server.
And just to be perfectly clear:
If you want synchronization, and EITHER both MSCRM and Exchange is online, OR both MSCRM and Exchange is on-premises, then you can and should use Server-Side-Synchronization.
So how does server-side-synchronization work?
- It uses the asynchronous processing service, no need to install any additional software.
- You can specify credentials EITHER for every mailbox OR for a service account, OR you can EITHER use integrated authentication (see below) OR anonymous authentication (but you shouldn’t because that’s not secure)
- You have to use HTTPS for your environment to be able to configure server side synchronization, or you could edit the registry to ignore this (but you shouldn’t, see below)
How to use a service account:
Set up a service account which gets IMPERSONATE permissions for the mailboxes you want to use. It is not enough to give it «full access» and «send as». See BOTH of the following URLs to get Exchange impersonation working
How to use integrated authentication (on-premises only):
The account running the Asynchronous Processing Service needs to have impersonate permissions for the mailboxes you want to use, see the above point (How to use a service account) on how to set impersonate permissions. To get the name of the account running the asynchronous processing service run the following command in PowerShell on one of your CRM back-end servers:
gwmi win32_service -Filter "name=’MSCRMAsyncService’" | select startname
How to set up server-side-synchronization without SSL:
Technically, you don’t, but here’s how you cheat. Create a self-signed certificate in IIS, guide found here (Microsoft). Add HTTPS-bindings to the MSCRM-website and use the self-signed certificate. Open up MSCRM, go to the server-side-sync settings and set up as needed (or create queues/users with hardcoded usernames and passwords), and when done you remove the bindings and delete the self-signed certificate. While you’re doing this, make sure you save the encryption key if you don’t have already (found in Settings -> Data Management -> Data Encryption). A good tip for creating a new key is to use a GUID, complete with dashes, and save it in your password manager (maybe add some special characters in there for good measure). Run the following in powershell to create a new GUID: