Troubleshooting CRM-Azure AppFabric Integration

imageMicrosoft Dynamics CRM 2011 has this cool new feature which enables the integration with the Windows Azure platform AppFabric Service Bus. This is a new generation approach that enables you to integrate your CRM implementation with your other Line of Business (LOB) applications in an exciting new ways, without having to deal with the problems in other traditional approaches like polling, opening up firewalls on your secure network, etc.

To learn more about this feature, please refer to the “Azure Extensions for Microsoft Dynamics CRM” in the CRM 2011 SDK.

The purpose of this blog is to save you time by listing solutions for common errors you may run into while working with this feature.

Wondering where run-time error details will be listed in CRM when there is a failure? Here you go!clip_image002

Since the “Service Bus” plug-ins executeasynchronously, there will be a system job created every time a service bus plug-in is triggered.

When there is an error inside your CRM deployment/organization, the related system job will be set to a “Failed” state. In case of an external failure (an error outside of CRM), the system job will be set to a “Waiting” state, and the system job will be retried with exponential back-off. The details of the error (if any) will be available in the message and details section of the system job, when the job is in waiting (for re-run) state or failed state.

Following is the list of common issues you may face and their solutions:

1. Service integration issuer information not found:

System job State: Failed

What does this mean? This indicates that the AppFabricIssuer information (public certificate) is not present in the MSCRM_CONFIG database of Microsoft Dynamics CRM.

How to fix this: Execute the powershell command “set-crmcertificate” to set the AppFabricIssuer information in the config db. Refer to the SDK topic, Configure CRM for Integration with Windows Azure , for the syntax of this command.

2. Service integration issuer certificate not found:

System job State: Failed

What does this mean? This indicates that the AppFabricIssuer private certificate (corresponding to the public certificate specified in “AppFabricIssuerInfo”) could not be found in the certificate store.

Either there is no match or there is more than one match found in the certificate store (while performing a search by the StoreFindType specified for the AppFabricIssuer certificate) of the machine where Microsoft CRM Asynchronous Service role is installed. Microsoft CRM by default uses FindBySubjectDistinguishedName as the StoreFinType for AppFabricIssuer.

How to fix this: Install the AppFabricIssuer private certificate into the certificate store on Async server.

3. KeySet does not exist:

System job State: Waiting

Inner Fault in system job details: System.Security.Cryptography.CryptographicException:Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #570DF9F0

What does this mean? This indicates that the account under which Async service is running does not have permission to access the certificate.

Note: To view the current permissions on the certificate, right click the certificate from the certificate store, and choose All Tasks-> Manage Private Keys.

How to fix this: Grant “Read” permission for the account under which Asynchronous service is running to access the cert.

4. 400 Bad Request [OR] 401 Unauthorized [OR] An output claim token cannot be issued because the issuer and claims in the request do not map to any output claims for this scope:

System job State: Waiting

What does this mean? This means CRM does not have access to post to the Azure Service bus endpoint.

How to fix this: Set up issuer, scope, rules, and token policy in Azure ACS using the acm.exe utility so that CRM can post to the service bus. Or, you can use the “Configure ACS” button in the Plug-in Registration tool to do this for you.

5. There was no endpoint listening at https://<solutionname><path> that could accept the message:

System job State: Waiting

What does this mean? This means there is no listener listening at the specified endpoint in Azure.

When the system job trigerred by your servicebus plugin is executed, Dynamics CRM is sending the message to the registered service endpoint in Azure AppFabric– so a listener web service is expected to be running to process that message synchronously.

So, this error means that your listening service is not running and listening at the specified endpoint in Azure AppFabric. This error is applicable for queue/oneway/twoway/REST bindings. (But only for Queue binding, the endpoint may still exist just for a few minutes even after the listener has stopped listening, after which it will not exist, until you start listening again).

How to fix this: Start your listener at the same endpoint where CRM is trying to post, and make sure it is listening successfully.

6. Mismatched config:

System job State: Waiting

Inner Fault in system job details (sample): The message with Action

‘’ cannot be processed at the receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the receiver.  Check that sender and receiver have the same contract and the same binding (including security requirements, e.g. Message, Transport, None).

What does this mean? You have a mismatched configuration. For example, your service listening in Azure AppFabric implements One-way service contract but is registered as a two-way/Queue/Rest contract in the ServiceEndpoint record in CRM.

How to fix this: Update the contract in your ServiceEndpoint record in CRM to match the contract your listener service in AppFabric is implementing or vice versa.