PowerShell commands towards CRM are dependent on a proper Setup of the Deployment Role and its Deployment Web Service.
These commands are normally used to perform administrative tasks such as create, import, enable and disable organizations.
https://learn.microsoft.com/en-us/powershell/module/microsoft.crm.powershell/?view=dynamics365ce-ps
These are also used during the setup of Server-Side-Sync configuration:
V9.0+
v8-v8.2
Deployment Web service is installed when we install the Deployment Role:
We can define its endpoint on Deployment manager:
On Split installations with Frontends and Backends separated, most customers will install Deployment Role together with the Frontend Role.A low amount of customer will install it on Backend Role machines. On the latest context, customers need to change the Deployment Web Service target Machine as it is different from all the rest.
When we defined the URL as above, PowerShell commands will make these sample calls:
https://VMASYNC.contoso.lab/XrmDeployment/2011/deployment.svc?wsdl
When Server-side-Sync configuration commands fail, its normal that the problem is not on the command but on the Deployment Web Service state.
Sample SSS command:
$CertificateScriptWithCommand = ".\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\CRMAsyncService -storeFindType FindBySubjectDistinguishedName" Invoke-Expression -command $CertificateScriptWithCommand
When an error occurs when executing the above command, with messages such as 503,502,404, SSL/TLS, error occurred on a send, it is normally caused by a deployment Web service misconfiguration.
The engineer can then quickly ignore SSS setup and test a more generic CRM powershell command and confirm the issue is the same:
Add-PSSnapin microsoft.crm.powershell
Get-CrmSetting TraceSettings
Once that is confirmed, the topic is mostly tied to a skill belonging to a Platform Infra skill, but anyone can attempt to resolve it with this Article.
Get-CrmSetting : The underlying connection was closed: An unexpected error occurred on a send. At line:1 char:1
+ Get-CrmSetting TraceSettings
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Microsoft.Crm.P...rmSettingCmdlet:GetCrmSettingCmdlet) [Get-CrmSetting
], WebException
+ FullyQualifiedErrorId : CRM Deployment Cmdlet Error,Microsoft.Crm.PowerShell.GetCrmSettingCmdlet
This normally means that the defined URL for Deployment Web Service does contain a Webserver but does not accept our request, either because the binding/port does not exist or something else.
Solution: Here you need to confirm that the URL defined on Deployment Web service is a valid machine with Deployment Role , and that the binding and protocol (http/https) are correctly matching between the URL and the machine IIS. Default https port is 443.
Get-CrmSetting : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At line:1 char:1
This normally means that the defined URL for Deployment Web Service contains a string that is not included on the Certificate that is setup on Deployment IIS HTTPS binding certificate.
Sample: If i use a wildcard certificate like *.contoso.lab , and then I define the Deployment Web service URL as VMCRM90 only, my certificate does not include such name and give the above error.
Solution: We always need to define a URL that matches the certificate. In this case i would have to define Deployment Web Service URL as VMCRM90.contoso.lab. On scenarios customer is not using a wildcard certificate, but a SAN certificate, customer would have to generate a new one that contains this machine name, or a DNS that customer creates pointing to this machine.
Get-CrmSetting : The remote server returned an error: (503) Server Unavailable. At line:1 char:1
This normally means that the Deployment Web Service AppPool is stopped.
Get-CrmSetting : Unable to connect to the remote server At line:1 char:1
This normally means the website is stopped:
Get-CrmSetting : The remote server returned an error: (404) Not Found. At line:1 char:1
This normally means that the account that runs the APPPool for the Deployment Service, doesn't have enough privileges to generate the resources that are needed.
Please check deployment web service account requirements:
Get-CrmSetting : Deployment Web Service URL is not available. This can be specified using the DwsServerUrl parameter. At line:1 char:1
This most often happens when you try to run the PowerShell commands and you are not a local admin (the PowerShell commands should be run with a PowerShell window as Administrator) and you do not have enough permissions on the Dynamics Deployment.
This can be easily fixed if you run the commands with a Dynamics Deployment Administrator + local admin. How to find a deployment admin :
Please check permissions required to be a deployment admin:
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
André Arnaud de Cal... 290,900 Super User 2024 Season 2
Martin Dráb 229,275 Most Valuable Professional
nmaenpaa 101,156