web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Lost CRM Encryption Key
Microsoft Dynamics CRM (Archived)

Lost CRM Encryption Key

(0) ShareShare
ReportReport
Posted on by nicko88 284

Long story short, encryption is not enabled on our CRM.

When we try to navigate into user Mailboxes to configure CRM server-side synchronization we get an error saying that there are encrypted fields on that entity and that we need to enable encryption before we can open them.

We unfortunately do not have any encryption key.

How do we go about generating a new key.  Obviously we will lose the user email password fields (which are the only encrypted fields as far as I know: http://msdn.microsoft.com/en-us/library/dn481562.aspx)

 

I found this information:  http://crmtipoftheday.com/2014/10/15/if-you-lost-your-encryption-key/

 

However I cannot delete Mailboxes as the CRM says: 

Delete Mailbox error

A mailbox associated with a user or a queue cannot be deleted.

 

Any suggestions as to what my course of action should be to ultimately get back into the email settings so that I can set up CRM service-side synchronization.

 

I'm completely fine with blowing away all the email stuff in CRM and setting it all back up again like mailboxes and queues and such as we only have a small number of users.

 

Thanks.

*This post is locked for comments

I have the same question (0)
  • Deepesh161 Profile Picture
    Deepesh161 6,317 on at

    Was encryption never enabled in your organisation?

    Is it on-premise?

    Why cant you set a new one like this : technet.microsoft.com/.../dn531199.aspx

  • nicko88 Profile Picture
    nicko88 284 on at

    Thanks for the reply.

    Sorry I did not mention, this is on-premise.

    Apparently encryption had been enabled in the past which caused the email password fields to become encrypted.

    We moved our deployment a few months ago to a new server (to prepare for CRM 2015 with a newer OS and SQL server version) but didn't know we needed to backup the encryption key because we didn't even know we had encryption enabled.  We didn't manually turn it on, I guess it automatically enabled during the upgrade to 2013 previous to this server migration.

    We didn't realize that we couldn't get into the mailbox settings immediately after that organization import because we didn't try to set up emailing for the last few months because we were first waiting for an upgrade from Exchange 2007 (which CRM 2013 SP1 removed support for) to the new Exchange 2013 server that we have running now.

    So as it stands right now I cannot get into the Mailbox settings (to set up Exchange server-side synchronization).  Because encryption is not currently enabled.  And I cannot enable encryption because I don't have the key it's asking for.

    Surely there has to be some way to blow away the encrypted data and generate a new key.

  • Deepesh161 Profile Picture
    Deepesh161 6,317 on at

    Go to Settings > Data Management > Data Encryption.

    In the Data Encryption dialog box, select Show Encryption Key, it shows nothing in the new server instance?

    And you mean your old org is deleted now?

  • nicko88 Profile Picture
    nicko88 284 on at

    On that page there is nothing.  I can't even check the "Show Encryption Key" box, it's disabled.  we are using https and have a valid certificate and everything.

    We do have nightly backups of all our databases that go back a long time, so I could get copies of old CRM databases and config databases.

    Do you know if the encryption key is stored here?

    [MSCRM_CONFIG].[dbo].[DataEncryptionKey]

    In the current config DB this table is obviously empty, but do you think our key is located in this table in an older backup of the config DB before we migrated CRM and everything to the new server?

    I'll have to dig through some tapes to get an older backup.

  • Verified answer
    Deepesh161 Profile Picture
    Deepesh161 6,317 on at

    It seems your encryption key is not set at all and not activated.

    You can enter any key in the textbox and close which should set it up for you, see the Activate button, it needs to be clicked

  • nicko88 Profile Picture
    nicko88 284 on at

    Wow, I could have sworn that earlier today when I tried entering something in that box and clicking Activate that CRM told me the key I entered didn't match something.

    This was before I deleted our old Email Server Profile though.  Maybe deleting the old Email Server Profile allowed a brand new encryption key to be used.  Or maybe I'm not remembering correctly or some other reason.

    Either way, I was able to activate new encryption key and I can now get into user Mailboxes and continue on with my configuration.

    And of course I backed up this key!

    Thanks!

  • asifnaveed99 Profile Picture
    asifnaveed99 5 on at

    did anyone manage to sort this out and got the encryption key ?

  • Community Member Profile Picture
    Community Member on at

    Hi asifnaveed99,

    What is the issue you are facing?

    The resolution on this thread was to Activate the encryption key.

  • Community Member Profile Picture
    Community Member on at

    hmm yeah not quite.  We're have the same issue.  Org updated from CRM 2011 to 2013 and now 2015.  No Encryption Key has ever been requested of us and as the OP shows, everything is blank.  When we go to put in a generic Key, we get the following error:

    Data encryption can't be activated because the encryption key doesn't match the source encryption key used to encrypt the data.

    Same story though.  It's a catch-22 that last left 5 CRM organisations tied to this specific issue.  Niko I'll try your suggestion of recreating the profile and see how I go.

    Jase.

  • Community Member Profile Picture
    Community Member on at

    Deleting the email profile didn't help as it has queues that also need to be deleted as well as the associated user accounts.  The problem here is we can't delete users as that will have a major impact on the CRM organisations and related records.  We really need help with this, just wondeirng if anyone has any additional thoughts on this as we're stuck and have customers screaming as they can't use email notifications, nor email clients directly from within CRM anymore.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans