Babooshka...

Now that I have my 4 servers, fully patched and added to the Microsoft corporate domain, the next task was to install the various application components.

First off, I installed SQL Server 2005 on SQL01. Unlike SQL Server 2000, not only do I get the option of installing "SQL Server" and "SQL Server Agent" using "Local System" or a Domain User account, but I can now use "Network Service". Strangely, when I set up a demo Virtual PC the other day, I installed everything on a single server and didn't get "Network Service as an option. I put this down to the fact that the server was also a Domain Controller, but I haven't found any information to back-up this assumption.

For simplicity, I chose to use the "Network Service" account as I would have to raise a request with Microsoft IT to create a Domain User account for this purpose - It takes about a week for the internal approval process, and I wanted CRM now. The official Microsoft recommendation is to use a domain user account - http://msdn2.microsoft.com/en-us/library/ms143691.aspx, so maybe I will re-visit this in the near future.

Next I configured the server role on both CRM01 and RPT01 as "Application Server", which installs IIS, ASP.NET 1.1, COM+ and other associated components required by both CRM and SQL Reporting Services. In addition, I also installed the .NET Framework 2.0 on RPTS01 as this is a prerequisite.

After this I was able to install SQL Server 2005 Reporting Services on RPT01. I chose to to install only the Reporting Services application, with the actual Report Server databases on SQL01. Again, when configuring the IIS App Pool service account I chose to use "Network Service" rather than a domain user account.

So now I was ready to install Microsoft Dynamics CRM 3.0

My first task was to download the Microsoft CRM 3.0 Implementation Guide and read "Chapter 19: Use the Command Line to Install Microsoft CRM". I was then able to create my unattended setup file as follows:

<CRMSetup>
    <Server>
        <SqlServer>SQL01</SqlServer>
        <Database create="true" />
        <Organization>Microsoft UK</Organization>
        <licenseKey>XXXX-XXXX-XXXX-XXXX-XXXX</licenseKey>
        <WebsiteUrl Create="False">/LM/W3SVC/1</WebsiteUrl>
        <InstallDir>C:\Program Files\Microsoft CRM</InstallDir>
        <CrmServiceAccount type="NetworkService" />
        <Reporting UseSSL="False" URL="
http://RPT01/ReportServer
" />
        <Groups autogroupmanagementoff="true">
            <PrivUserGroup>CN=CRMPrivUserGroup,OU=...</PrivUserGroup>
            <SQLAccessGroup>CN=CRMSQLAccessGroup,OU=...</SQLAccessGroup>
            <UserGroup>CN=CRMUserGroup,OU=...</UserGroup>
            <ReportingGroup>CN=CRMReportingGroup,OU=...</ReportingGroup>
        </Groups>
        <reboot>false</reboot>
    </Server>
</CRMSetup>

Most of the parameters are self-explanatory, but let me explain a couple of things. The <GROUPS autogroupmanagementoff="true"> element is required so that setup will use the existing security groups in Active Directory rather than creating them during installation. Secondly, when automanagegroupsoff="true", then the CRM server will not add or remove any members to those groups. This is required because the CRM Server running under the "Network Service" credentials doesn't have rights to change the group membership when CRM users are created.

That's fair enough, so before raising another call to Microsoft IT to change the Access Control List on the 4 security groups, I just have to remember to perform two steps when creating new CRM users:

  • Using Autogroup, add the User Account to the "CRMUsersGroup" and "CRMReportingGroup" groups.
  • Create the user in CRM in the normal way

Finally, the last thing I checked was what accounts needed to be members of the 4 security groups. I have a Virtual PC system set up so I checked what was set up and found that all CRM User Accounts need to be members of the "CRMUserGroup" and "CRMReportingGroup" groups (as discussed above), and the CRM Server was a member of the "CRMPrivUserGroup" and "CRMSQLAccessGroup" groups. So just to be safe I added the computer accounts "CRM01", "SQL01" and "RPT01" to the last two groups.

The observant amongst you will have noticed that I don't have any Exchange Server configuration parameters here. Well, if you think it's a time consuming process to get a Service Account set up by Microsoft IT, just imagine how much effort it would take to actually get the Exchange Router software installed on one of our production Exchange Servers - Sometimes you just gotta know when to quit. Besides, there's nothing wrong with manually promoting e-mails to CRM when they arrive in my inbox.

I was good to go, so finally I lit the blue touch paper and ran the following command

"C:\Source Files\Server\SetupServer.exe" /config "C:\Source Files\CRM Unattended Setup.xml"

To be continued…

This posting is provided "AS IS" with no warranties, and confers no rights.