Skip to main content

Notifications

Microsoft Dynamics 365 | Integration, Dataverse...
Unanswered

[TROUBLESHOOTING | ON-PREMISES ] CRM PowerShell commands failing

Posted on by

PowerShell commands towards CRM are dependent on a proper Setup of the Deployment Role and its Deployment Web Service.

These commands are normally used to  perform administrative tasks such as create, import, enable and disable organizations.

https://learn.microsoft.com/en-us/powershell/module/microsoft.crm.powershell/?view=dynamics365ce-ps 

These are also used during the setup of Server-Side-Sync configuration:

V9.0+

https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/admin/connect-dynamics-365-on-premises-exchange-online?view=op-9-1 

v8-v8.2

https://learn.microsoft.com/en-us/previous-versions/dynamicscrm-2016/administering-dynamics-365/mt703269(v=crm.8) 

Deployment Web Service

Deployment Web service is installed when we install the Deployment Role:

https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/microsoft-dynamics-365-server-roles?view=op-9-1 

We can define its endpoint on Deployment manager:

pastedimage1675038233718v11.png

On Split installations with Frontends and Backends separated, most customers will install Deployment Role together with the Frontend Role.A low amount of customer will install it on Backend Role machines. On the latest context, customers need to change the Deployment Web Service target Machine as it is different from all the rest.

pastedimage1675038331877v14.png

When we defined the URL as above, PowerShell commands will make these sample calls:

https://VMASYNC.contoso.lab/XrmDeployment/2011/deployment.svc?wsdl 

When Server-side-Sync configuration commands fail, its normal that the problem is not on the command but on the Deployment Web Service state.

Sample SSS command:

$CertificateScriptWithCommand = ".\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\CRMAsyncService -storeFindType FindBySubjectDistinguishedName" Invoke-Expression -command $CertificateScriptWithCommand

When an error occurs when executing the above command, with messages such as 503,502,404, SSL/TLS, error occurred on a send, it is normally caused by a deployment Web service misconfiguration.

The engineer can then quickly ignore SSS setup and test a more generic CRM powershell command and confirm the issue is the same:

Add-PSSnapin microsoft.crm.powershell

Get-CrmSetting TraceSettings

Once that is confirmed, the topic is mostly tied to a skill belonging to a Platform Infra skill, but anyone can attempt to resolve it with this Article.

Frequent issues

1. "An unexpected error occurred on a send"

Get-CrmSetting : The underlying connection was closed: An unexpected error occurred on a send. At line:1 char:1

+ Get-CrmSetting TraceSettings

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (Microsoft.Crm.P...rmSettingCmdlet:GetCrmSettingCmdlet) [Get-CrmSetting

   ], WebException

    + FullyQualifiedErrorId : CRM Deployment Cmdlet Error,Microsoft.Crm.PowerShell.GetCrmSettingCmdlet

This normally means that the defined URL for Deployment Web Service does contain a Webserver but does not accept our request, either because the binding/port does not exist or something else.

Solution: Here you need to confirm that the URL defined on Deployment Web service is a valid machine with Deployment Role , and that the binding and protocol (http/https) are correctly matching between the URL and the machine IIS. Default https port is 443.

pastedimage1675038380256v15.png

pastedimage1675038413435v16.png

2. "Could not establish trust relationship for the SSL/TLS secure channel.""

Get-CrmSetting : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At line:1 char:1


This normally means that the defined URL for Deployment Web Service contains a string that is not included on the Certificate that is setup on Deployment IIS HTTPS binding certificate.

Sample: If i use a wildcard certificate like *.contoso.lab , and then I define the Deployment Web service URL as VMCRM90 only, my certificate does not include such name and give the above error.

Solution: We always need to define a URL that matches the certificate. In this case i would have to define Deployment Web Service URL as VMCRM90.contoso.lab. On scenarios customer is not using a wildcard certificate, but a SAN certificate, customer would have to generate a new one that contains this machine name, or a DNS that customer creates pointing to this machine.

3. "The remote server returned an error: (503) Server Unavailable"

Get-CrmSetting : The remote server returned an error: (503) Server Unavailable. At line:1 char:1

This normally means that the Deployment Web Service AppPool is stopped.

pastedimage1675038436899v17.png

4. "Unable to connect to the remote server"

Get-CrmSetting : Unable to connect to the remote server At line:1 char:1

This normally means the website is stopped:

pastedimage1675038465063v18.png

5. "The remote server returned an error: (404) Not Found."

Get-CrmSetting : The remote server returned an error: (404) Not Found. At line:1 char:1

This normally means that the account that runs the APPPool for the Deployment Service, doesn't have enough privileges to generate the resources that are needed.

pastedimage1675038490507v19.png

Please check deployment web service account requirements:

https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/security-considerations-for-microsoft-dynamics-365?view=op-9-1#deployment-web-service-crmdeploymentserviceapppool-application-pool-identity 

6. "Deployment Web Service URL is not available."

Get-CrmSetting : Deployment Web Service URL is not available. This can be specified using the DwsServerUrl parameter. At line:1 char:1

This most often happens when you try to run the PowerShell commands and you are not a local admin (the PowerShell commands should be run with a PowerShell window as Administrator) and you do not have enough permissions on the Dynamics Deployment.

This can be easily fixed if you run the commands with a Dynamics Deployment Administrator + local admin. How to find a deployment admin :

pastedimage1675038509165v20.png

Please check permissions required to be a deployment admin:

https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/add-a-new-deployment-administrator?view=op-9-1 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

November Spotlight Star - Khushbu Rajvi

Congratulations to a top community star!

Forum Structure Changes Complete!

🔔 Be sure to subscribe to the new forums you are interested in to stay up to date! 🔔

Dynamics 365 Community Platform update – Oct 28

Welcome to the next edition of the Community Platform Update. This is a status …

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 290,900 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 229,275 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Product updates

Dynamics 365 release plans