web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM 2013 data encrypti...
Microsoft Dynamics CRM (Archived)

CRM 2013 data encryption key not visible

(0) ShareShare
ReportReport
Posted on by Clint Woods 1,031

I have an on prem 2013 installation (RC1 I believe) and am getting the data encryption error which is well documented on how to enable after installation. However, when I go to Settings > Data Management > Data Encryption there is no data encryption key to enable...just an empty textbox. There was nothing scary noted during the installation other than the standard warning about enabling the key after installation. Any ideas?

*This post is locked for comments

I have the same question (0)
  • Chirag Bhatia Profile Picture
    Chirag Bhatia on at

    Hi,

    I believe your CRM website is running on HTTP Protocol.

    Data Encryption Dialogue Box is only Displayed when the CRM Website is running on HTTPS Protocol.

    Extract from CRM 2013 IG

    Microsoft Dynamics CRM 2013 uses standard SQL Server cell level encryption for a set of default entity attributes that contain sensitive information, such as user names and email passwords. This feature can help organizations meet FIPS 140-2 compliance.

    For Microsoft Dynamics CRM Online, all new and upgraded organizations use data encryption.

    For on-premises versions of Microsoft Dynamics CRM 2013, data encryption is not active by default for new or upgraded organizations. However, data encryption may be activated at any time.

    Microsoft Dynamics CRM  users who have the system administrator security role can activate data encryption or change the encryption key after data encryption is enabled in the Settings > Data Management > Data Encryption area. After you activate data encryption, you cannot turn it off.

    Important

    For on-premises versions of Microsoft Dynamics CRM:

    • Changing the encryption key requires SSL configured on the Microsoft Dynamics CRM website.

    • It is a best practice is to change the encryption key once every year.

    • The encryption key is required to activate data encryption when you import an organization database into a new deployment or a deployment that has had the configuration database (MSCRM_CONFIG) re-created after the organization was encrypted. You can copy the original encryption key to Notepad and paste it into the Settings > Data Management > Data Encryption dialog box after the organization import is completed.  

    • When you re-enter the data encryption key, we recommend that you run the Microsoft Dynamics CRM web application using Internet Explorer to paste the encryption key into the Data Encryption dialog box.

  • Clint Woods Profile Picture
    Clint Woods 1,031 on at

    The site is running under https.

    The issue seems to be that for some reason the service account cannot read the certificate even though I have verified that it does have explicit read permission through the mmc console. Still looking...

  • Verified answer
    Anjali Raj Profile Picture
    Anjali Raj on at

    Hello Clint,

    It seems that due to some reason encryption key was never generated during the update process from CRM 2011 to 2013. As it was giving us an option to set new key, it make sense to create a new key and activate it and i hope after activating new key everything is working fine :)

  • Community Member Profile Picture
    Community Member on at

    Hi Clint, I fixed this problem by:

    Using the simplified connection sample code in the SDK "CRMSDK\samplecode\cs\quickstart" created a C# Project and used the following code:

    string connectionString = ConfigurationManager.ConnectionStrings["MyConnectionStringKeyInApp.Config"].ConnectionString;

    Microsoft.Xrm.Client.CrmConnection connection = CrmConnection.Parse(connectionString);

    using (_orgService = new OrganizationService(connection))

    {

       SetDataEncryptionKeyRequest setDataEncryptionKeyRequest = new SetDataEncryptionKeyRequest();

       setDataEncryptionKeyRequest.ChangeEncryptionKey = false;

       setDataEncryptionKeyRequest.EncryptionKey = "Pass@word1";

       SetDataEncryptionKeyResponse setDataEncryptionKeyResponse = (SetDataEncryptionKeyResponse)_orgService.Execute(setDataEncryptionKeyRequest);

    }

    This resulted in a visible Key in DataManagement and the appearance of the "Change" button

    Cheers,

    D

  • VTec Profile Picture
    VTec on at

    Hi all,
    I have the same problem, but I get the following error when I run the script update script:
    'Cannot perform 'activate' because the encryption key doesn’t match the original encryption key that was used to encrypt the data.'
    Is there a way around this if there was no original key generated during upgrade form CRM 2011 to CRM 2013? I have tried all the above

    RetrieveDataEncryptionKeyRequest returns NULL and when I change the parameter setDataEncryptionKeyRequest.ChangeEncryptionKey = true the the message slightly changes
    'Additional information: Cannot perform 'change' encryption key because the encryption key is not already set or is not working. First use 'activate' encryption key instead to set the correct current encryption key and then use 'change' encryption if you want to re-encrypt data using a new encryption key.'
    We are running CRM 2013 SP1

    Any suggestions are welcome. I guess we might need to reinstall CRM, but don't want to end up in the same situation....

  • Clint Woods Profile Picture
    Clint Woods 1,031 on at

    Sorry to see this error is still popping up. I thought MSFT fixed this due to the original report. The only way I got through this was by escalating to MSFT and they did acknowledge it as a bug. That's when @Chetan jumped in and helped us out. If you did anything a bit outside of the normal upgrade process, reinstalling might be a logical option. Perhaps verifying  you have the latest bits, etc. Otherwise, you may need to escalate as well.

  • VTec Profile Picture
    VTec on at

    Hi Clint. We did not do anything unusual, so might need to escalate to MSFT. Thanks for your reply.

  • Suggested answer
    Mojtaba Profile Picture
    Mojtaba 735 on at

    Hi my friends please check the below link

    www.magnetismsolutions.com/.../data-encryption-errors-after-restoring-microsoft-dynamics-crm-database

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans