Enterprise Search Setup

Jun 23, 2010 at 8:24 PM
Edited Jun 23, 2010 at 8:24 PM

I'm having touble setting up the CRM BDC. I have a feeling the problem is our environment. Our MOSS, SQL and CRM servers are all physically different machines. With that in mind, I updated the connection to "RevertToSelf" and added the search account as a user in the CRM database... When I try to crawl the content source I get a total of 17 successful crawled items but none of them seem to be actual items in CRM (they look like this: bdc2://{GUID}/16783/17063 where the last set up numbers changes and, of course, the GUID is consistent) If I try to display the BDC data in a list I get the following error: An error occurred while retrieving data from Microsoft Dynamics CRM. Administrators, see the server log for more information. I don't see anything in the app log or SharePoint logs - unless I'm not looking in the right place.

<LobSystemInstance Name="Microsoft Dynamics CRM"> <Properties> <Property Name="AuthenticationMode" Type="Microsoft.Office.Server.ApplicationRegistry.SystemSpecific.Db.DbAuthenticationMode">RevertToSelf</Property> <Property Name="DatabaseAccessProvider" Type="Microsoft.Office.Server.ApplicationRegistry.SystemSpecific.Db.DbAccessProvider">SqlServer</Property> <Property Name="RdbConnection Data Source" Type="System.String">SQLServer</Property> <Property Name="RdbConnection Initial Catalog" Type="System.String">MSCRM</Property> <Property Name="RdbConnection Integrated Security" Type="System.String">SSPI</Property> <Property Name="RdbConnection Pooling" Type="System.String">false</Property> </Properties>

Jun 24, 2010 at 3:56 PM

Upon further review the RevertToSelf isn't going to work because that would allow all users to see everything (assuming I could get it to work)

Is my only option here Kerberos?  If so, do I have to change the security contruct of my entire site collection or is there a way to get my SQL Server to trust logins coming from my WFE without affecting anything else?

Aug 11, 2010 at 5:21 PM
I'm stuck with a very similar problem. I've tried RevertToSelf, everything in between, and even hardcoding admin credentials. In the auth modes that don't cause errors in the application or SQL logs, I can't see any records of any kind. Kerberos is not an option for me at all but it seems more like the SQL views that are defined in the CRM install and used by the BDC def simply filter out all records no matter what method I try. The only other idea I have is that the SQL backend for the 4.0 installation is 2005. Maybe this just doesn't work without a 2008 environment? Any suggestions are appreciated.
Aug 12, 2010 at 2:53 PM

I got it working to a certain extent.  I still used RevertToSelf but what I did was then set up the SharePoint account that's hitting CRM/SQL as a CRM user with a role similar to my sales people.

So, everything that a typical sales person would see gets crawled and then I used the BDC entity permissions to restrict who sees the search results.  Not perfect, but It's a step forward.

Aug 12, 2010 at 3:41 PM

Interesting solution.  Not sure I understand it, nor could implement it in my SAAS environment but thanks for responding.  Definitly some advantages over my workaround.

I verifed that RevertToSelf ends up passing SQL the IIS credentials of NT AUTHORITY/ANONYMOUS LOGON in my environment.  So, as I suspected, I was getting no data because no data existed with that owner.  It sounds like you simply changed IIS to use a different account?  Anyway, that led me to the "filtered" views defined in the CRM database and after analysis, this info here (which I had been looking for but couldn't find until now).  I now have full access with any SP user to all records but no search yet--at least with the default scope.  Since my needs are simple and my time short, this is probably all I will do.

Aug 12, 2010 at 5:45 PM

Yes, I did miss a layer.  IIRC the way I did it was that the account the SSP Application Pool is running as has rights to both the database and is an account is CRM.

So, if your crawl is working but you're not seeing results be sure to check the permissions of the BDC itself and/or of each entity you want to be able to search on.  In Shared Services > View Applications click on the CRM BDC then manage permissions.  Add the user/group that you want to be able to see the CRM search results. If you want to search on every entity select the "Copy all permissions to decendants" link... or back at the Application Information page, click each entity that you want to adjust permissions on and add the users/groups there.

In my case I only wanted to search on Accounts. Leads and Contacts so I didn't touch the application permissions, I just edited those three entities.

Hope this makes sense...

Aug 13, 2010 at 3:47 PM
It does make sense. Thank you. I did a full crawl on just the CRM data and now results are showing up. Did you have any difficulty with the Contact Entity? I can view a list of Contacts with the web part but if I try to add a BDC column to an existing list, I get the generic error "An error occurred. Administrators, see the server log for more information. " This only happens with Contact and Quote. All other entities work fine.
Aug 14, 2010 at 4:47 PM
Edited Aug 14, 2010 at 4:49 PM

Figured it out.  There were duplicate LocalizedDisplayName entries under the Specific Finder definition.  Contact ID was listed under the fullname tag for the Contact entity and Status Code was listed under the statuscodename tag for Quote.  I just renamed the text inside the tags to match the Name attribute but with title case and spaces.  Don't know if the file came that way or intellesense in VS2008 (the editor I used) freaked out like it does on occasion.