The Microsoft Dynamics CRM Blog
News and views from the Microsoft Dynamics CRM Team

How to Configure Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Microsoft Exchange Server 2010

How to Configure Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Microsoft Exchange Server 2010

  • Comments 29

Update Rollup 8 for Microsoft Dynamics CRM E-mail Router (On-Premise) includes support for Microsoft Exchange Server 2010. In continuation to the blog titled “Configure Microsoft Dynamics CRM Online E-mail Router with Exchange Online”, this one explains the detailed steps required to setup Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Microsoft Dynamics CRM 4.0 On-Premise users and queues having mailboxes in Microsoft Exchange Server 2010.

Microsoft Exchange Server 2010 replaces the WebDAV functionality with Exchange Web Services (EWS). Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Update Rollup 8 has been enhanced to integrate EWS support and hence function with Microsoft Exchange Server 2010. The E-mail Router maintains compatibility with Exchange 2003 (only WebDAV) and Exchange 2007 (both WebDAV and EWS).

Prerequisites

  • Microsoft Dynamics CRM 4.0 On-Premise installation.
  • Microsoft Exchange Server 2010.
  • Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise) with Update Rollup 8 or higher.

Configuration Steps

Microsoft Exchange Server 2010

Granting Exchange Impersonation permissions.

Microsoft Exchange Server 2010 makes do with the permissions model used in Microsoft Exchange Server 2007 and adopts the new Role Based Access Control (RBAC) allowing users to define extremely broad or extremely precise permissions models based on the roles of administrators and users. New commands are available to allow User/Mailbox Impersonation with varying scopes. Exchange Impersonation permission is required for a given Exchange 2010 account if it needs to cater to multiple Exchange 2010 accounts. The profile created with a user account having Exchange Impersonation permission can access the mailboxes of the users who are in the scope of this Exchange Impersonation permission.

In the Microsoft Exchange Server 2010 system, launch Exchange Management Shell from Start-> All Programs-> Microsoft Exchange Server 2010 -> Exchange Management Shell. The shell will connect to the Microsoft Exchange Server 2010 and display the prompt.

[PS] C:\Windows\System32>.

clip_image001

Example: impersonation scenarios

1. A single user is configured to connect to mailboxes of all other CRM users and queues that have their mailboxes on Microsoft Exchange Server 2010. This configuration hence makes do with the need to create profile for each CRM user and queue individually.

To achieve this you need to run the following command in Exchange Management Shell–

New-ManagementRoleAssignment   –Name: "ImpersonationName

-User: "RouterAdministrator@YourOrganization.com"   –Role:"ApplicationImpersonation”

In the above command, the Name parameter specifies a name for the new management role assignment. User is the username of the user who is given Exchange Impersonation permission and therefore can now access Exchange 2010 mailboxes of all other users in the Exchange organization.

[Details on New-ManagementRoleAssignment can be found here]

2. A single user is configured to connect to mailboxes of select set of CRM users and queues that have their mailboxes on Microsoft Exchange Server 2010. This configuration is preferable as the impersonation rights are given selectively on the desired mailboxes only.

To enable this scenario, you need to define the set of users as a Management Scope in Microsoft Exchange Server 2010. To do so, run the following command in Exchange Management Shell–

New-ManagementScope   –Name: "ManagementScopeName

–RecipientRestrictionFilter { Name  -eq  ‘ crmuser1 ’ }

In the above command, The Name parameter specifies the name of the management scope. The RecipientRestrictionFilter parameter specifies the filter to apply to recipient objects.

[Details on New-ManagementScope can be found here]

The new Management Scope created can now be used in the Role Assignment command to restrict the scope of Exchange Impersonation.

New-ManagementRoleAssignment   –Name: "ImpersonationName

-User: "RouterAdministrator@YourOrganization.com"   –Role:"ApplicationImpersonation”

-CustomRecipientWriteScope: ”ManagementScopeName

Removing Exchange Impersonation permission.

Exchange Impersonation permission can be removed using the

Remove-ManagemntRoleAssignment command.

[Details on Remove-ManagemntRoleAssignment can be found here]

Microsoft Dynamics CRM

Configure users and queues to use Microsoft Dynamics CRM E-mail Router.

Users and Queues in CRM can be configured to use the E-mail Router for processing the incoming Exchange and outgoing CRM e-mails. To utilize this functionality, Users and Queues must have a valid email address and select E-mail Router as the incoming and outgoing E-mail access types. This can be setup by an administrator or users having relevant permissions.

CRM Users

1. Navigate to Settings->Administration->Users and configure the user record as displayed.

clip_image002

  1. Individual users can select which e-mails from the specified Exchange On-Premise mailbox to Track in CRM. This can be selected from the Tools->Options-> E-mail tab.

clip_image003

CRM Queues

  1. Navigate to Settings->Business Management->Queues and configure the Queue as displayed.
    clip_image004
  1. In line with Users, Queue form also provides the flexibility to choose the desired category of e-mails which need to be promoted to Microsoft CRM.
    clip_image005

Microsoft Dynamics CRM 4.0 E-mail Router (On-Premise)

After the Router has been installed, launch the E-mail Router Configuration Manager from Start-> All Programs-> Microsoft Dynamics CRM E-mail Router. There are three main tabs in the Configuration Manager as shown below.

clip_image007

Configuration Profiles. To configure the E-mail Router, you first create one or more incoming and one or more outgoing configuration profiles. These configuration profiles contain information about the e-mail server and authentication methods that the E-mail Router will use to connect to the e-mail server and transfer e-mail messages to and from the Microsoft Dynamics CRM organization. You create configuration profiles on the Configuration Profiles tab in the E-mail Router Configuration Manager.

Deployments. After you create the configuration profiles that you want, you must define at least one deployment. The information that you enter into the Deployment area will be used by the E-mail Router to connect to your Microsoft Dynamics CRM deployment.

Users, Queues and Forward Mailboxes. After you have the configuration profiles and deployment established, then you manage the users, queues, and forward mailboxes that will be used by the E-mail Router to route Microsoft Dynamics CRM e-mail messages. You manage these items on the Users, Queues, and Forward Mailboxes tab in the E-mail Router Configuration Manager.

Creating Exchange Server 2010 incoming profile.

  1. In the E-mail Router Configuration Manager tool, click the Configuration Profiles tab, and then click New.
  2. Type a profile name. For example, type Exchange 2010 Incoming Email.
  3. Choose Incoming in the Direction list.
  4. Choose Exchange Web Services as the Protocol.
  5. Choose Exchange 2010 as the E-mail Server Type.
  6. The only Authentication Type allowed is “Windows Authentication”.
  7. Type the name of the Microsoft Exchange Server 2010 web services URL.

Default Location
https://<Exchange-2010-Server-Name>/EWS/Exchange.asmx

clip_image008

8. Select how the e-mail Router will gain access to the Microsoft Exchange Server 2010 in the Access Credentials list.

  • If you select Local System Account for the Profile, the Router will use the credentials specified in the Microsoft CRM Email Router service running in the host machine. The credentials provided should be the username of user in your Microsoft Dynamics CRM organization who has the System Administrator role. This user must have Exchange Impersonation permission on the mailboxes that this Incoming Profile will serve including self. This type of profile is typically used for polling large number of mailboxes using the credentials of a user with Administrative privileges and Exchange Impersonation permissions.
  • If you select User Specified for the Profile, the Router will use the user name and password provided in Microsoft Dynamics CRM for users who are configured to use this Incoming Profile.
  • If you select Other Specified for the Profile, the Router will use the user name and password provided in the open textboxes as shown below. User name has to be provided in the form DomainName\UserName. The specified user must have Exchange Impersonation permission on all the mailboxes that this Incoming Profile will serve (Exchange Impersonation Permissions on self is not required).

Note: The above steps can also be used to create an incoming profile for a CRM user having Microsoft Exchange Server 2007 mailbox by choosing Exchange 2007 as the Email Server Type in step 5.

Creating Exchange Server 2010 outgoing profile.

Microsoft Dynamics CRM 4.0 Email Router (On-Premise) with Update Rollup 8 supports SMTP as the default and only protocol for outgoing e-mail messages as in the case of previous versions.

  1. In the E-mail Router Configuration Manager tool, click the Configuration Profiles tab and then click New.
  2. Type a profile name. For example, type Exchange 2010 Outgoing Email.
  3. Choose Outgoing in the Direction list.
  4. The only Protocol allowed is SMTP.
  5. Verify that SMTP is selected as the E-mail Server Type.
  6. Choose the Authentication Type as appropriate.

clip_image009

  1. Type only the name of the Microsoft Exchange Server 2010 system in the Location field.
  2. Check SSL box if the Microsoft Exchange Server 2010 uses SSL for SMTP.
  3. Select and provide the appropriate Access Credentials with Exchange Impersonation permission as required. [See section on Granting Exchange Impersonation permission for details]

Configure the Microsoft Dynamics CRM On-Premise deployment.

After you have created the outgoing and incoming e-mail profiles, click the Deployments tab in the E-mail Router Configuration Manager tool.

  1. Click New to create a new deployment. The default Deployment option will be set to My Company.
  2. In the Microsoft Dynamics CRM Server open text box it will default to http://discovery/<OrganizationName>. Replace discovery with the name of the Microsoft Dynamics CRM On-Premise Server and <OrganizationName> with your Microsoft Dynamics CRM Organization Unique Name.
    Note: The Organization Unique Name is case-sensitive.
  3. Verify that Microsoft Dynamics CRM secure URL Port contains valid value if the CRM server is SSL enabled. clip_image010
  1. Select how the e-mail Router will gain access to the Microsoft Exchange Server 2010 in the Access Credentials list.
    • If you select Local System Account, the Router will use the credentials specified in the Microsoft CRM Email Router service running in the host machine.
    • If you select Other Specified, the Router will use the user name and password provided in the open textboxes as shown below. User name has to be provided in the form DomainName\UserName.

    5. In the Incoming configuration profile, select the incoming profile you created.

  1. In the Outgoing configuration profile, select the outgoing profile you created.
    Note: Setting the Incoming and Outgoing configuration profiles on the Deployment will make these the default profiles for the users that are set to use the E-mail Router for incoming and outgoing e-mail. You can change it for each user in the Users, Queues and Forward Mailboxes tab.
  2. Click OK to finish creating the deployment.

Forward Mailbox

Forward Mailbox is one of the options available for processing the incoming e-mails in Microsoft CRM. This option is helpful in scaling the system where all the Forward Mailbox users and queues have all their e-mails forwarded to the Forward Mailbox using Exchange forwarding rules. Emails for multiple users and queues are present in this single E-mail box as an attachment and hence Router can promote them to Microsoft Dynamics CRM using the single polling location. Users and Queues can have this options set for incoming e-mails processing as follows.

  • Users: Settings->Administration->Users
  • Queues: Settings->Business Management-> Queues

clip_image012

Set up the Forward Mailbox.

  1. Open the Microsoft Dynamics CRM E-mail Router Configuration tool.
  2. Click the Users, Queues and Forward Mailboxes tab.
  3. In the Select a CRM Deployment to view users and mailboxes list, select the Microsoft Dynamics CRM deployment you created.

clip_image013

  1. Click Load Data. This will display the Microsoft Dynamics CRM users who are configured to use the Email Router for processing their e-mails.
    Note: If you receive an error displaying the users, verify the correct organization name is listed in the Select a CRM Deployment to view users and mailboxes list. Also, verify the organization name is entered with the correct case. The organization name is case-sensitive.
    Note: If no users are listed after you click Load Data, or if you are missing users, check the user’s settings by following the steps in the section titled “Configure users and queues to use Microsoft Dynamics CRM E-mail Router.”
  2. Click the Forward Mailboxes tab, and then click the New.
  3. Type a name for the forward mailbox profile. For example type ForwardMailbox in the Name open text box.
  4. Type the e-mail address for the forward mailbox in the E-mail Address open text box.
  5. Click OK

Deploy Exchange rules manually through Microsoft Exchange Server 2010.

In order to use the forward mailbox feature Microsoft Exchange Server 2010 users need to manually create rules on their own mailboxes from OWA or using Outlook client. This can be done by using the Rule Deployment Wizard for Microsoft Exchange Server 2007 and earlier systems. In Microsoft Exchange Server 2010 they will need to manually setup a rule with the following logic:

clip_image014

Forward All e-mails as An Attachment to <a mailbox you defined in your system>

This rule will forward all incoming e-mail to the Microsoft Dynamics CRM forwarding mailbox. After the rules have been deployed, any e-mail that is received in a user’s mailbox will be forwarded as an attachment to the forwarding mailbox. The Microsoft Dynamics CRM E-mail Router Service monitors the forward mailbox. The service will route Microsoft Dynamics CRM e-mail to Microsoft Dynamics CRM as an e-mail activity. If the e-mail is not related to Microsoft Dynamics CRM, the service will delete the e-mail message from the forwarding mailbox.

Test and publish the new incoming /outgoing profiles and deployment.

The final step is to publish new incoming profiles, the deployment and forward mailbox settings. Before publishing, connectivity to all mailboxes using the specified profiles must be tested. To do this, complete the following steps:

  1. Click the Users, Queues and Forward Mailboxes tab within the E-mail Router Configuration Manager tool.
  2. In the Select a CRM Deployment to view users and mailboxes list, select the Microsoft Dynamics CRM deployment you created.
  3. Click Load Data. This will display the Microsoft Dynamics CRM users configured to use the e-mail Router. clip_image015

Note: If you receive an error loading the data, verify the correct organization unique name is listed in the Select a CRM Deployment to view users and mailboxes list. Also, verify the organization unique name is entered with the correct case. The organization unique name is case sensitive. If no users are listed after you click Load Data, or if you are missing users, check the user’s settings. Also Forward Mailbox users and queues do not have the option of assigning the incoming profiles because the forward mailbox is directly used for the incoming E-mail processing.

  1. If you want to change the Incoming or Outgoing configuration profiles for certain users, double click the user and change the selection for the Incoming Configuration Profile or Outgoing Configuration Profile and click OK.
  2. Click Test Access. Tests will be performed on all users for both profiles. A successful test will display a green succeeded message that resembles the following:
    clip_image016
  3. To publish the deployment, click Publish. A successful publish will display the following message: 

clip_image018

On publishing the Router will start catering the Microsoft CRM Users and Queues having the Microsoft Exchange Server 2010 mailboxes.

Cheers,

Ravindra R Upadhya



  • We have been playing around with your setup here and have had some success but failed too. I wonder if we can get some suggestions.

    We have two mail server, 2003 and 2010 and have migrated some users to 2010 for testing.

    We just cannot get a successful test for incoming against the 2010 server.

    The Exchange Web Services URL we are using is this:  https://servername.externaldomain.com/EWS/Exchange.asmx

    When we hit that URL from the server with the CRM Router on it, we can enter a users Windows Authentication data and access the "Services.wsdl". We assume that this is a test of the access to the Exchange  Web Services?

    However once we publish the Inbound Configuration Profile and Test. We get nothing. The test hangs on the first account.

    Access Credentials have been tested with both user specified (was working before migration to 2010) and with Other Specified, where we set the details of the first users that is tested in the test access process (assuming that it would at least prove test one account), but nothing.

    Any suggestions would be appreciated here.

  • We have been playing around with your setup here and have had some success but failed too. I wonder if we can get some suggestions.

    We have two mail server, 2003 and 2010 and have migrated some users to 2010 for testing.

    We just cannot get a successful test for incoming against the 2010 server.

    The Exchange Web Services URL we are using is this:  https://servername.externaldomain.com/EWS/Exchange.asmx

    When we hit that URL from the server with the CRM Router on it, we can enter a users Windows Authentication data and access the "Services.wsdl". We assume that this is a test of the access to the Exchange  Web Services?

    However once we publish the Inbound Configuration Profile and Test. We get nothing. The test hangs on the first account.

    Access Credentials have been tested with both user specified (was working before migration to 2010) and with Other Specified, where we set the details of the first users that is tested in the test access process (assuming that it would at least prove test one account), but nothing.

    Any suggestions would be appreciated here.

  • It seems that exchange web services are not configured correctly. Can you look into the windows eventlog for the error details after publishing the profile. Also try EWS url with just http.

    You can check exchange web services working using the console app from the steps given at

    http://msdn.microsoft.com/en-us/library/bb408521.aspx

  • Can you try with just http in the url, seems that the web serivices are not setup properly. To verify the exchange web services configuration you can use the console app from the steps given at http://msdn.microsoft.com/en-us/library/bb408521.aspx.

    Note that the router does not work with self signed certs (http://support.microsoft.com/kb/954584).

    To Disable https from the web service for testing.

    Replace all "httpsTransport" with "httpTransport" in $Exchange Server\V14\ClientAccess\exchweb\ews\app.config

    Replace in EWSServiceBehavior ->  httpsGetEnabled="false" instead of “true” in $Exchange Server\V14\ClientAccess\exchweb\ews\app.config

  • Hi Ravindra,

    Nice article ! When is the RDW support for Exchange 2010 coming out ?

    Thanks,

    Rajpreet

  • With the update of the email router is the installation now supported on Server 2008 and or Server 2008 R2?

  • We have same problem as David Finley above. We have a new install of Exchange 2010 using https with a 3rd party cert. Webmail works correctly. If we use the InternalNLBBypassUrl in the CRM incoming profile we get a cert error exactly as expected.

    We are not prepared to change the config file as suggested for testing as this is a live production environment

  • The resolution pointed above was for the test exchange environments where the https default is not backed up by the signed certs. Router should work fine if the https is correctly setup with the valid certs. I think there might be the issue with the EWS endpoint which is used in the profile. Please use the following link having the pointer to the sample application to determine the correct end point. http://msdn.microsoft.com/en-us/library/bb204057.aspx

  • Dean,

    From the Microsoft Download page for Email Router UR8 -

    http://www.microsoft.com/downloads/details.aspx?familyid=C53B2916-6B93-4092-BDD3-A394C96CA000&displaylang=en

    Windows Server 2008 is supported.

  • Are there any special considerations to be taken when using Exchange 2010 clustered servers? Should the cluster DNS name be used or one of the servers name/address?

  • Hey Joakim, you should use the MBX server's name/address in the incoming/outgoing profiles.

  • Joakim, CAS/MBX server name is what you need to provide in Email router in the Incoming/Outgoing profile.

  • by following your instruction . i am still facing below error:

    "Incoming Status: Failure - The request failed with HTTP status 403: Forbidden."

    I'm sure the access credential I provided for incoming profile have enough permission to access the mail account i specified. any other setting i need to config ?

    BTW. one more question, if an account could access to certain mail address. does it mean this account have the impersonation permission?

  • Feifei, the particular error you are seeing is not due to access credentials. Rather, it is due to incorrect binding used in URL. It looks like the URL you have provided is HTTP while the server expects HTTPS.

  • For the second question : Not necessarily. You may have access to the mailbox and yet not have rights to send emails as that user. This may well be sufficient for receiving emails though.

    Although, we recommend that you verify the permissions using Exchange Management Shell with the help of commands mentioned here : technet.microsoft.com/.../dd351024.aspx

Page 1 of 2 (29 items) 12
Leave a Comment
  • Please add 1 and 5 and type the answer here:
  • Post