Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2023 Release Wave 1Check out the latest updates and new features of Dynamics 365 released from April 2023 through September 2023
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
I noticed an odd scenario pop up in my CRM dev environment.
We have Dynamics CRM 2015 On Premises and we are in our development phase. When I went into CRM Deployment Manager and created a new organization for the purpose of disaster recovery testing (call it org1), I received a warning during setup that stated that data encryption would be active after the install, and that it was recommended that I copy the encryption key and keep it in a safe place. As seen below:
Upon logging into org1 through the web interface, I went to Settings -> Data Management -> Data Encryption. It showed that encryption was active and it gave me an encryption key which I copied into a notepad text file. The encryption key appeared to be a very strange font and may have included Chinese language characters, which took me aback a little bit, but I was still able to copy it to clipboard and put it in notepad.
At this point, I am ready to start testing disaster recovery from backup. First, I entered a single Account into this new organization and filled in three fields (Account Name, Phone Number, Fax Number). This was to serve as my sample data. I then signed out of CRM. I then went into SQL Server 2014 Management Studio. Org1's database is listed as org1_mscrm in SQL Server. I made a backup of this database. I then used SQL Server Management Studio to restore the backup of org1_mscrm to a new database, called org2_mscrm.
I returned to CRM Deployment manager and import org2. This completes successfully. At this point, I do the configurations needed in DNS and ADFS to access org2 and then I login successfully.
I then go to Settings -> Data Management -> Data Encryption, and I see this, much to my surprise:
Data Encryption Inactive
Something seems wrong with this. I was under the impression that if I restored a database from a backup, that I would be required to enter the encryption key, without which I would be unable to access my data. I tested this and I was able to see the Account I added earlier and both phone numbers that I entered.
I have two concerns.
1) My data may come in unencrypted in a disaster recovery situation, which is less secure than I'd like.
2) My understanding is that upon restore, I should be required to enter the encryption key in order to read my data. It didn't work out that way under testing. I fear some odd, obscure, uniquely Microsoft sort of situation where encryption actually is active even though it says it isn't, and then when the day comes that I restore my database from a backup and I don't have the encryption key for some reason, our data is gone. FWIW, this is hypothetical. I'm never going to allow the encryption key for our production environment to NOT be recorded somewhere in case it's needed, but it bothers me greatly that I don't understand what is going on here.
Can anyone explain what is happening here?
First and foremost, your data is not encrypted. The information that is encrypted is related to a few, extremely-specific fields, not the entire thing.
I would advise reading the implementation guide about this specific subject.
Thank you for your query.
Firstly, I would like to know whether you are upgrading your CRM organization and moved it to a different/new SQL instance.
The information of the data encryption key lies on the MSCRM_CONFIG database in the SQL server. If you have installed a new CRM deployment, a new corresponding MSCRM_CONFIG database would have been generated. Upon restoring the Organization database, you would have retrieved your data, however, the details of the data encryption key did not pass on here and hence, it gave a warning to you at the system checks.
You can refer the following articles over data encryption:
If you never had a data encrypted previously ever, you can try entering a new Activation Key and hit on the button ACTIVATE. ( The encryption key should generally be in the following format: An upper case key, A lower case key, A special character and a Number Eg: --- Example@123)
If you get through it, save that activation key and you would be good with it.
And if it errors out, you can click on download log file and send me the error message here and I shall let you know what to be done next.
I hope this helps.
Please do inform me about update. Feel free to reply here and I'll be glad to assist you.
Thanks & Regards,
Microsoft Dynamics CRM
Please help. I had same issue. Here's the downloaded log file.
Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=22.214.171.124, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Please select an account that is a member of the PrivUserGroup security group and try again.Detail:
<OrganizationServiceFault xmlns:i="www.w3.org/.../XMLSchema-instance" xmlns="schemas.microsoft.com/.../Contracts">
<ErrorDetails xmlns:d2p1="schemas.datacontract.org/.../System.Collections.Generic" />
<Message>Please select an account that is a member of the PrivUserGroup security group and try again.</Message>
<InnerFault i:nil="true" />
<TraceText i:nil="true" />
Business Applications communities