Recently one of my customers started getting insufficient permissions messages and having issues accessing files on the CRM.

image

Exception detail was as below.

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3s344d364e35]]: System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #CBE39829Detail:

<OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">

  <ActivityId>f6dfec3a-6114-4eef-9544-a9396f5d1572</ActivityId>

  <ErrorCode>-2147220970</ErrorCode> 

<ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />

  <Message>System.Web.HttpUnhandledException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #CBE39829</Message>

  <Timestamp>:44:42.8709171Z</Timestamp>

  <ExceptionRetriable>false</ExceptionRetriable>

  <ExceptionSource i:nil="true" />

  <InnerFault>

    <ActivityId>GUID</ActivityId>

    <ErrorCode>-2147220960</ErrorCode>   

<ErrorDetails xmlns:d3p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />

    <Message>Principal user (Id=GUID, type=8) is missing prvReadComplexControl privilege (Id=GUID)</Message>

    <Timestamp>2019-07-04T07:44:42.8709171Z</Timestamp>

    <ExceptionRetriable>false</ExceptionRetriable>

    <ExceptionSource i:nil="true" />

    <InnerFault i:nil="true" />

    <OriginalException i:nil="true" />

    <TraceText i:nil="true" />

  </InnerFault>

  <OriginalException i:nil="true" />

  <TraceText i:nil="true" />

</OrganizationServiceFault>

The actual error is given in the inner fault section, the same error is logged in the event log of the CRM server as below.

Exception information:

Exception type: CrmException

Exception message: Principal user (Id=GUID, type=8) is missing prvReadComplexControl privilege (Id=GUID)  at Microsoft.Crm.Application.Platform.ServiceCommands.PlatformCommand.XrmExecuteInternal()

   at Microsoft.Crm.Application.Platform.ServiceCommands.RetrieveCommand.Execute()   at Microsoft.Crm.Caching.ComplexControlLoader.LoadCacheData(Guid key, IOrganizationContext context)   at Microsoft.Crm.Caching.CrmMultiOrgCacheBase`2.CreateEntry(TKey key, IOrganizationContext context)   at Microsoft.Crm.Caching.CrmMultiOrgCacheBase`2.LookupEntry(TKey key, IOrganizationContext context)   at Microsoft.Crm.Application.Components.Sdk.InlineEditControls.Web.CompositionLinkControl.GetFlyOutDescriptor()    at Microsoft.Crm.Application.Components.Sdk.InlineEditControls.Web.LinkControl.GetRequiredColumns(Int32 entityTypeCode)   at Microsoft.Crm.Application.Forms.CompositeControlVisitor.HandleColumnProvider(Control control, FormDescriptor formDescriptor)   at Microsoft.Crm.Application.InlineEdit.Mediators.FormMediator.AddControlProperties(ICrmControl crmControl, ControlDescriptor controlDescriptor)   at Microsoft.Crm.Application.InlineEdit.Mediators.FormMediator.ProcessControlHierarchy(Action`2 controlHandler)   at Microsoft.Crm.Application.InlineEdit.Mediators.FormMediator.GetInstance(FormFactor formFactor, FormDescriptor descriptor, Guid processId, Int64 processVersionNumber, IOrganizationContext organizationContext)   at Microsoft.Crm.Application.InlineEdit.ReadFormDataBuilder..ctor(String recordId, String entityTypeCode, Guid formId, FormFactor formFactor)   at Microsoft.Crm.Application.Pages.Form.FormDataPage.Render(HtmlTextWriter writer)   at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

After a while found the “Complex Control” privileges are listed as “Process Configuration” in CRM security roles. To fix the issue go to CRM Security Roles and open Customization tab. There you will find Process Configuration for which you need to provide Read permission.

image

Giving permissions according to the error you see will fix the issue, for example if your error showed your were missing prvCreateComplexControl, then you need to provide Create permissions.

More details about security role UI and privilege mapping can be obtained from the Microsoft article.

Advertisements

I recently received an error while trying to run a SSIS package in Visual Studio. The full error is seen as below.

Error: The SSIS Runtime has failed to enlist the OLE DB connection in a distributed transaction with error 0x8004D024 "The transaction manager has disabled its support for remote/network transactions.".

This error is happening when a component with transactions try to connect and manipulate data on a remote server.

To avoid this error, two things can be done.

* Remove the transaction handling from the component. – This should be done only if the transactions are not required or as a temporary measure.

You can do this by selecting the properties of the component, also check the package properties to make sure transactions are not enabled at the package level.

image

For an explanation of the options please visit the URL.

* Configure the Distributed Transaction Coordinator (DTC).

For a component to work correctly with transactions, below two things are required.
1. Running Distributed Transaction Coordinator (DTC) Service

This service should be running on the database server the component connects to and on  the machine where the package is running. This will coordinate the work between two machines / servers.

This can be checked and started by going to Windows Services.

image

2. Properly configuring the security of DTC.

To make the DTC service work properly, it should be given permission as required. This can be done by opening the Component Services window. In the component services window, navigate to Component Services –> Computers –> My Computer –> Distributed Transaction Coordinator. Right click Local DTC and click on Properties to open properties window.

If you are intending to run any workloads with transactions via any external servers you should enable “Network DTC Access”.

Depending on the situation you should allow Inbound, Outbound or both transaction manager communication options.

image

For complete list of explanations on each property please refer the following URL.

It seems in Windows Server latest versions the good old disk clean up tool is not enabled by default. If you just want it back you can run the below commands in a command prompt to copy the required files.

Copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe C:\Windows\System32\

Copy C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui C:\Windows\System32\en-US\

Then create a shortcut pointing to the Disk Clean up tool found in the following path.

C:\Windows\System32\CleanMgr.exe

I did try this on Windows Server 2008 R2 and hope it works as it is or with slight changes on other versions of Windows as well.

Recently I needed to filter the results of a Stored Procedure, After some searching I found 2 options for this as below.

1. Using OpenRowSet Command

SELECT * FROM OPENROWSET (‘SQLOLEDB’, ‘Server=ServerName;TRUSTED_CONNECTION=YES;’, ‘EXEC sp_Who2’)

Remember in this method this feature should be enabled in the server.

2. Using Temporary Tables.

— Creating a temporary table.
CREATE TABLE #tblSPWho2
(SPId INT, Status NVARCHAR(200), LoginName NVARCHAR(200), HostName NVARCHAR(200), BlockedBy NVARCHAR(200), DBName NVARCHAR(200),
Command NVARCHAR(200), CPUTime BIGINT, DiskIO BIGINT, LastBatch NVARCHAR(200), ProgramName NVARCHAR(200), SPId2 INT, RequestId NVARCHAR(200))

— Inserting the results of the Stored Procedure into the temporary table.
INSERT INTO #tblSPWho2
EXEC sp_Who2

— Doing the required filtering using the temporary table.
SELECT * FROM #tblSPWho2 WHERE LoginName = ‘Domain\UserName’

— Removing the temporary table.
DROP TABLE #tblSPWho2

SP_Who2 Stored Procedure will bring all the processes that is currently active in SQL server with the relevant information, the above query will filter the results and will only display the processes that are initiated by the given username (Domain\UserName).

Today a friend of mine started getting this error while he tried to deploy his solution to a server. This only started when ‘Precompiling during publishing’ option is selected.

image

“Error 20 It is an error to use a section registered as allowDefinition=’MachineToApplication’ beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.”

After having a look, I identified this was caused by a temporary copy of a Web.Config file. Earlier developer created a copy of the Web.Config and placed it inside a folder named Backup within the solution. This backup config file had authentication tag (<authentication>), which is a tag that can be only used in global Web.Config file or the Web.Config file in applications root. Due to the presence of authentication tag, compiler started complaining that there is a virtual directory not configured as a application in IIS.

The solution for my friend’s issue was to simply exclude the copy of the Web.Config file from project by right clicking the file. Then the project started deploying happily.

Have you heard the good news that SriLankan Airlines is going to restart their direct flights to Australia. Yes it is true, SriLankan is going to start direct services between Sri Lanka and Australia from November 2017. They have decided to do this after acquiring brand new aircrafts from Airbus Industries. So when compared to other airlines, you will fly in more recently built modern aircraft with SriLankan.

SriLankan A340

SriLankan A333

With this new competition I think we will see better fairs to more Asian destinations. Introductory prices for the month of November 2017 from SriLankan seems very good as you see from some of the screenshots I have taken from the web site. Reserve your seats quickly by visiting SriLankan web site.

image

imageimageimageimage

As you may be knowing, now you do not need to separately download and install .Net framework as we used to do with the older .Net frameworks. Since it is coming with Windows, you can just go to “Turn Windows Features On or Off” screen and enable framework you are after. It is simple right?

But in one of the machines it was not that simple for me. The installation tried to download files from Windows Update and was failing mentioning that it cannot get connected to Windows Update when the machine is connected to the internet without any issues.

The solution is to use DISM (Deployment Image Servicing and Management) tool to get it installed.

First you need to find a Windows setup media, a setup DVD or an ISO downloaded will work.

Then use the below command to enable the feature using a local source. Remember to open the Command Window as an Administrator of the machine.

DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:E:\Sources\sxs

/Online – Targets the currently active and running OS.

/LimitAccess – If some installation files are missing, this will check Windows Update for the missing files. For not to check use /LimitAccess:True.

/Source – Is the location to find the source files, E: is my virtual drive which I mounted the previously downloaded Windows ISO.

If typed correctly, there will be a progress bar showing the installation progress.

image