Silent configuration of CRM for Outlook client in CRM 2011 claims enabled environment

Hi Folks,

Today I’m going to talk about CRM Outlook Silent configuration.

CRM 2011 Outlook client provides silent configuration option to help administrators to deal with situations where users are remote, travelling and/or non-savvy to run Configuration Wizard with correct inputs. Configuring CRM 2011 Outlook client using silent method in a claims enabled environment can pose a challenge. The client Configuration Wizard when run in claims enabled environment and silent (/Q switch); the wizard expects the user’s CRM credentials in Credential Manager (a.k.a. Windows Vault) found in Control Panel->User Account->Manage your Credentials. In case of non-silent configuration when it doesn’t find CRM credential in Windows Vault it prompts user to enter CRM credentials and saves it to Vault based on user input for remembering credentials.

In case of silent configuration (i.e. /Q switch with Microsoft.Crm.Application.Outlook.ConfigWizard.exe) user’s credentials are expected in the Windows Vault. If configuration wizard doesn’t find the credentials or it’s not in required format, the wizard fails to configure the client and error like below is reported in configuration log file:

Stack Trace

13:43:35| Error| Error connecting to URL: Exception: Microsoft.Crm.CrmException: Credentials required
at Microsoft.Crm.Outlook.ClientAuth.ClaimsBasedAuthProvider`1.AuthenticateClaims()
at Microsoft.Crm.Outlook.ClientAuth.ClaimsBasedAuthProvider`1.SignIn()
at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvidersFactory`1.SignIn(Uri endPoint, Credential credentials, AuthUIMode uiMode, IClientOrganizationContext context, Form parentWindow, Boolean retryOnError)
at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow, Credential credentials)
at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.InternalLoadOrganizations(OrganizationDetailCollection orgs, AuthUIMode uiMode, Form parentWindow)
13:43:35| Error| Exception : Credentials required at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)
at Microsoft.Crm.Application.Outlook.Config.ClientConfig.AddDeployment(DeploymentsDeployment[] deployments, AuthUIMode uiMode)
at Microsoft.Crm.Application.Outlook.Config.ClientConfig.Run(Boolean runInsideOutlook)
at Microsoft.Crm.Application.Outlook.Config.ClientConfig.Start(String[] args, Boolean runInsideOutlook)
13:43:35|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ClientConfig.Terminate
13:43:35| Info| Exit code: Failure
13:43:35|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ClientConfig.Terminate
13:43:35| Info| === Microsoft Dynamics CRM for Outlook Configuration Wizard logging stopped: 10/30/2012 1:43:35 PM ===

Possible Solution/Recommendations

Simple solution is to add the credentials to Windows Vault before running configuration wizard; same is described in this blog post by field engineering team. In case silent configuration and/or non-savvy user this could be a challenge for system administrators.

Cmdkey command can be great help in this situation. Here is TechNet document describing cmdkey command
This command can be used in logon batch script like below example to add the credentials before running the Configuration Wizard and then calling the Microsoft.Crm.Application.Outlook.ConfigWizard.exe with required switches and parameters.

Here is the sample logon script:

@echo off
ECHO Logon Script to configure CRM Outlook client
@echo on
@echo off
reg query HKCU\Software\Microsoft\MSCRMClient /v OrgId
IF errorlevel=1 ( GOTO Configure) ELSE ( GOTO End)
cmdkey /generic:Microsoft_CRM_ /user:%username%@%userdnsdomain% /pass
ECHO Configuring CRM Outlook client
cd C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard
Microsoft.Crm.Application.Outlook.ConfigWizard.exe /Q /i c:\config.xml /l c:\crmclientinstall.log
ECHO CRM Outlook client is configured.

Basic requirements

There are few basic requirements for the entry made to Windows Vault;

  • It must be added as generic credential
  • Internet or Network Address must specified as Microsoft_CRM_ (don’t miss the slash (/) at the end of URL)
  • The Username must be in UPN format, i.e.@. E.g. –

When using CMDKEY command with /pass switch and w/o password supplied as parameter CMDKEY prompts for password. To get this command to work as part of logon script it’s mandatory that you have Run Logon Script Visible Group policy enabled. Run logon scripts visible can be found under User Configuration\Administrative Templates\System\Script and here is TechNet document describing this policy.

Thanks & Regards
Bhavesh Shastri