Troubleshooting and things to know about CRM for tablets
Applies To: CRM for tablets, Microsoft Dynamics CRM 2013
The following are known issues with Microsoft Dynamics CRM for tablets.
Before you begin to configure CRM for tablets, it’s important to review the requirements:
Understand what operating systems, devices, and languages are supported. Review the requirements in Tablet support for Microsoft Dynamics CRM 2013 and CRM Online.
Be aware that Internet Facing Deployment (IFD) is required if you are using Microsoft Dynamics CRM 2013 (on-premises version). The system administrator must configure claims-based authentication before users can access Microsoft Dynamics CRM data with CRM for tablets. If you have your Microsoft Dynamics CRM website available over the internet but it is not using the Microsoft Dynamics CRM IFD configuration, it is not supported. To verify that your on-premises deployment is configured for IFD, open Microsoft Dynamics CRM Deployment Manager on your Microsoft Dynamics CRM Server. The Authentication Summary section should show that both Claims-Based Authentication and Internet-Facing Deployment are enabled. For more information, see Configure IFD for Microsoft Dynamics CRM 2013.
Use the error message that appears in the app to identify a potential fix listed below. Be aware that an error may have multiple causes. To narrow down the possibilities, system administrators can use tracing to capture details for analysis. See Enable tracing in CRM for tablets.
Microsoft Dynamics CRM System Administrators or System Customizers can access other users’ location and Clipboard data for users of Windows 8 and 8.1 devices. Users can decline location access or turn off location access in CRM for tablets by following these steps:
Swipe in from the right-side of the CRM for tablets app to open the command bar.
Tap Settings> Permissions.
Tap to turn off Location.
The following event may be recorded multiple times to the Event Log, when Show Analytic and Debug Logs is enabled, on the device where Microsoft Dynamics CRM for Windows 8 is running. Notice that, by default, Show Analytic and Debug Logs is disabled in Event Viewer and these messages won’t be recorded. More information: Enable Analytic and Debug Logs
Event Id: 10001
Message: SEC7131 : Security of a sandboxed iframe is potentially compromised by allowing script and same origin access.
Verify the source of the messages. If the source is Microsoft Dynamics CRM Server, these events don’t pose a security threat and can be ignored.
For on-premises deployments, Microsoft Dynamics CRM web application and mobile clients are capable of multi-factor authentication (MFA) using Windows Server 2012 R2 or another authentication provider that supports MFA. Using MFA can help make client authentication more secure.
Notice that using MFA requires that the device, operating system, and web browser are all MFA-capable. We recommend that you thoroughly test your MFA-capable devices running Microsoft Dynamics CRM to verify that your environment works correctly before deploying in a production environment. More information: Overview: Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications.
URLs that redirect, such as IIS host headers or link-shortening websites such as tinyurl or bitly, do not work when you use the URL in the CRM web address field with Microsoft Dynamics CRM for tablets or CRM for phones during configuration.
For example, an https://www.contosocrm.com host header for a Microsoft Dynamics CRM (on-premises) website URL that is actually https://crm.contososerver001.com, will not work and will display an error message. To work around this behavior, you must enter the actual web address for the Microsoft Dynamics CRM Online organization or Microsoft Dynamics CRM server (on-premises).When this issue occurs and you have enabled logging, the information logged is similar to the following. Notice that the URLs in lines 2 and 3 are different. That difference indicates a redirected URL.
User entered URL: https://URL_entered
Constructed server URL: https://URL_after_CRMforTablets_processing
HTTP Response location: https://URL_that_the_response_came_from
To enable logging, see Enable tracing for CRM for tablets.
If you enable Private Browsing on your iPad in your Safari browser, you will see the following error message when you attempt to connect to your CRM organization: “Microsoft Dynamics CRM has encountered an error.” You will need to disable Private Browsing. Tap the address bar, and then tap Private.
When you try to access Microsoft Dynamics CRM (on-premises) using an internal URL on a Nexus 10 tablet in the Chrome web browser, the URL doesn’t resolve and you can’t access the site. For example, a URL in the form of https://servername:5555 doesn’t resolve.
This is a known issue with Android devices accessing IIS intranet sites. To work around this issue, select one of the following solutions.
Use the fully qualified domain name to resolve the address, such as https://servername.contoso.com:5555.
Use the server IP address, such as https://10.0.0.1:5555.
Users who try to sign in to Microsoft Dynamics CRM Server 2013 (on-premises) configured for Internet-facing deployment (IFD) using Microsoft Dynamics CRM for tablets are repeatedly prompted for credentials and can’t sign in.
This issue occurs when the server running IIS where the CRM web application is installed has Negotiate and NTLM Windows authentication providers enabled on certain CRM website features.
To resolve the issue, run a Repair of Microsoft Dynamics CRM Server on the server running IIS where the Web Application Server role is installed.
|To resolve this issue by running Repair, the CRM deployment must already be configured for claims-based authentication and IFD.|
For more information about Repair, see Uninstall, change, or repair Microsoft Dynamics CRM Server 2013.
A user viewing records in CRM for tablets can view records in another user’s queue.
For Microsoft Dynamics CRM Online users
To improve the reliability of DNS resolutions to Microsoft Dynamics CRM Online organizations, CRM for tablets modifies the organization URL used when signing in. When a user signs in, CRM for tablets adds “—d” (two dashes + d) to the URL. For example, if the organization URL is https://contoso.crm.dynamics.com, CRM for tablets will change the URL to https://contoso--d.crm.dynamics.com.
If a user needs to retry signing in, they’ll see “—d” in the web address. They can sign in with the modified URL or reset it to the URL normally used.
This can occur if the time on the device is not within a certain variance of the Microsoft Dynamics CRM server. For example: you may encounter this issue if the time on the server is 2 PM on November 11th but the device is set to 2 PM on November 12th.
You may see events like the following logged multiple times in the trace files:
Dynamics CRM [PAL] | Authentication: Token Expired with Token Timeout value (-255674015) --- Retrieving new Auth Token from shim
Cause: This can occur if certain directories under the Microsoft Dynamics CRM website have Windows Authentication enabled. In order for CRM for tablets to successfully connect to a new deployment of Microsoft Dynamics CRM Server 2013, you must run a Repair of Microsoft Dynamics CRM Server 2013 on the server running IIS where the Web Application Server role is installed after the Internet-Facing Deployment Wizard is successfully completed.
For repair instructions, see the topic “Uninstall, change, or repair Microsoft Dynamics CRM Server 2013” in the Installing Guide section of the Microsoft Dynamics CRM 2013 Implementation Guide.
|To resolve this issue by running Repair, the Microsoft Dynamics CRM deployment must already be configured for claims-based authentication and IFD.|
|When the logon prompt appears, it is an Active Directory logon prompt instead of the sign-in page of your Secure Token Service (STS) such as Active Directory Federation Services (AD FS). The prompt looks like the one shown below:|
After you click or tap Cancel or enter credentials 3 times, you see the correct sign-in prompt.
Cause 1: The customizations (metadata) from your Microsoft Dynamics CRM organization are cached on your device. The app checks for updated metadata after 24 hours or any time you reopen the app. For customization changes to become available immediately, you must completely close and then reopen the app. If new metadata is found, you will be prompted to download it. For more information on how to completely close an app, refer to the help for your operating system or reference one of the articles provided:
Windows 8: http://windows.microsoft.com/en-us/windows-8/how-close-app
Cause 2: You may be seeing a different form than the one you customized. If you have multiple forms for an entity, you will see the first form in the form order that you have access to. This is different than the web application where you see the last form you used and have the ability to change between forms. For more information, refer to the “Multiple Forms” topic in the Customization Guide.
Cause 1: This error can occur if you are missing a certain privilege such as System Application Metadata or User Application Metadata. The error in the traces will help identify the specific privilege that is missing from your security role. Make sure your Microsoft Dynamics CRM security role includes Organization level access to the System Application Metadata privilege and User level access to each of the User Application Metadata privileges (Create, Read, Write, and Delete). These privileges are located on the Customization tab of a security role.
Sample Trace Messages for Cause 1:
“User does not have sufficient privileges for SystemApplicationMetadata entity”
“User does not have sufficient privileges for UserApplicationMetadata entity”
Cause 1: Verify that your Microsoft Dynamics CRM security role includes the Use CRM for Tablets privilege.
Cause 2: This error can occur if you configured CRM for tablets with a certain organization and are now trying to configure against another CRM organization. You must uninstall and reinstall the application to configure to another organization or as another user.
Cause 3: This error can occur if you have a Microsoft Dynamics CRM Online organization and your user has not been assigned a Microsoft Dynamics CRM Online license. If you add a Microsoft Dynamics CRM Online subscription to an existing Microsoft Office 365 tenant, your user may not have a Microsoft Dynamics CRM Online license assigned. If the user has the Global Administrator or Service Administrator role in the Microsoft Online Service Portal, you are able to sign in to the Microsoft Dynamics CRM web application to perform certain administrative actions, but you cannot perform end user tasks, such as creating records (for example, accounts, contacts, and leads) or configuring CRM for tablets. When you sign in to the web application, you may notice that not all areas appear within the navigation (for example, Sales and Marketing are missing):
Access the Users and Groups section within the Microsoft Online Service Portal and verify you have a Microsoft Dynamics CRM Online license assigned to your user record.
Cause 1: The CRM server is down. Verify the server is powered-up and connected to your network.
Cause 2: Your CRM organization is not upgraded to Microsoft Dynamics CRM Online Spring ‘14 or Microsoft Dynamics CRM 2013 Service Pack 1 and your users are using the CRM for Windows 8.1 or the CRM for Android app. You’ll need to upgrade your organization.
Cause 3: The CRM organization is not upgraded to Microsoft Dynamics CRM 2013 or the CRM Online Fall ‘13 Service Update. Prior versions of Microsoft Dynamics CRM are not supported with CRM for tablets.
Sample Trace Message for Cause 1:
“Dynamics CRM [Error] | Connection error: 404”
Cause 4: This error can also occur if you enter an invalid URL. Make sure the same URL you have provided works to access Microsoft Dynamics CRM in your browser on your device.
Sample Trace Messages for Cause 2:
“XMLHttpRequest: Network Error 0x2ee7, Could not complete the operation due to error 00002ee7.”
“Dynamics CRM [Error] | Connection error: 0”
Cause 5: If you are connecting to a Microsoft Dynamics CRM 2013 on-premises organization, this error can occur if the certificate from the Microsoft Dynamics CRM website is not trusted by the device. To avoid this scenario make sure to use a publicly trusted certificate. For more information, see http://support.microsoft.com/kb/2899983/en-us.
Sample Trace Messages for Cause 3:
Windows 8: “XMLHttpRequest: Network Error 0x800c0019, Security certificate required to access this resource is invalid”
iPad: “[ERROR] Loading app failed due to SSL error”
Cause 1: This error can occur when connecting to a Microsoft Dynamics CRM 2013 on-premises organization that is not configured for IFD. For more information, see Configuring Claims-based Authentication for Microsoft Dynamics CRM 2011.
Cause 1: This error can occur if you do not have an internet connection. Verify you are connected to the internet and can access the same URL in your web browser.
Cause 2: Check if you are using a preview build of Windows 8.1. So far this issue has only been reported with the preview version of Windows 8.1.
Cause 1: See the following KB article:
An error occurs in the Microsoft Dynamics CRM app for users in child business units: "Sorry, something went wrong while initializing the app". For more information, see http://support.microsoft.com/kb/2899860/en-us.
Sample Trace Message for Cause 1:
Error Message:System.NullReferenceException: Object reference not set to an instance of an object.
at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
at Microsoft.Crm.Application.WebServices.ApplicationMetadataService.UserRolesChanged(Guid clientUserRoles, DateTime syncTime, ExecutionContext context)
at Microsoft.Crm.Application.WebServices.ApplicationMetadataService.RetrieveUserContext(UserContextRetrieveRequest userContextRetrieveRequest)
Cause 2: This can occur if the download of the metadata failed. The next attempt to connect will fully regenerate the metadata and successfully connect. Microsoft is aware of an issue where metadata may fail to download due to a timeout and plans to address this issue in a future update.
Sample Trace Messages for Cause 2:
“Error occurred during complete refresh of Application/Entity/Attribute metadata”
“XMLHttpRequest: Network Error 0x2ef3, Could not complete the operation due to error 00002ef3.”
Cause 3: This issue can occur if the telephone fields on the Contact or User entity have the format set as text instead of phone. The format may be set this way after you import a solution that was created in Microsoft Dynamics CRM 2011. If the error message in the trace matches the one below and you are using Microsoft Dynamics CRM (on-premises), apply Microsoft Dynamics CRM Update Rollup 1 on the Microsoft Dynamics CRM server to prevent this error. If your organization uses Microsoft Dynamics CRM Online, this update has already been applied.
Sample Trace Message for Cause 3:
Message Dynamics CRM [PAL] | Error Message:System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.Crm.ObjectModel.ApplicationMetadata.Tiles.Builders.EntityFormCommunicationCardBuilder.Build() at Microsoft.Crm.ObjectModel.FormConverter.ConvertFormToJson(EntityMetadata entityMetadata, Dictionary`2 savedQueryIds) at Microsoft.Crm.Application.WebServices.ApplicationMetadata.ApplicationMetadataFormConverter.Convert(ApplicationMetadataSourceObjectModel source) at Microsoft.Crm.Application.WebServices.ApplicationMetadata.ApplicationMetadataSourceRetrieverBase.RegenerateApplicationMetadataRecords(IEnumerable`1 sourceObjectModels, Boolean createOrUpdateInDb) at Microsoft.Crm.Application.WebServices.ApplicationMetadataService.Sync(ApplicationMetadataSyncRequest applicationMetadataSyncRequest)
Cause: This error will occur if one of the supported languages is not enabled in Microsoft Dynamics CRM. For more information on the supported languages, see CRM for tablets: Set up and use and expand What you need to use CRM for tablets and Supported Languages.
If you receive this message for a record which has a non-deleted process assigned to it, you should manually synchronize CRM for tablets with your Microsoft Dynamics CRM data. Close the CRM for tablets app, reopen, and then choose to download the latest customizations. This procedure forces CRM for tablets to check for updated customizations. Recently viewed data while you were connected is cached and synched. Record data like Accounts or Contacts are not synched. You can’t choose which data synchronizes to the device like you can with Microsoft Dynamics CRM for Outlook.
This error may occur for the following scenarios when you are using a Windows 8 device and you have a Microsoft Dynamics CRM Online organization that uses Microsoft Account (formerly named Live ID). This issue does not occur for organizations provisioned through Office 365.
Cause 1: You are automatically authenticated as a different Microsoft account that is not a member of the Microsoft Dynamics CRM organization. This may happen if you sign into your Windows 8 device and your domain account is connected to a Microsoft account. For example: you sign in to your device as <userid>@contoso.com (your domain account) and that account is connected to <userid>@live.com (a Microsoft account). If your connected account (for example, <userid>@live.com) is not a member of the Microsoft Dynamics CRM organization, you will encounter this error. In this scenario, the error occurs after providing your URL, but you are never prompted for credentials. When you connect your domain account to a Microsoft account, that Microsoft account will be used to automatically sign in to apps and services that use Microsoft Account for authentication. If you are using a Windows 8 device, use the steps below to check if your domain account is connected to a Microsoft account. If you are using a Windows RT device, see the Windows RT section below.
Swipe from the right side of the screen to access the charms bar and then click or tap Settings.
Click or tap Change PC settings.
Click or tap Users.
Check to see if under the Your Account section it says “This domain account is connected to <Your Microsoft account>”
If you are using a Windows RT device and need to authenticate as a Microsoft account that is different than the one you use to log on to your device, you must create another account and switch to that account when using the app. For example: you currently sign in to your Windows RT device as <userid>@live.com, but want to access your Microsoft Dynamics CRM organization via the tablet app as <userid>@outlook.com. For more information on how to create a new account on your device, see Create a user account.
Sample Trace Message for Cause 1:
The app couldn’t navigate to https://port.crm.dynamics.com/portal/notification/notification.aspx?lc=1033&organizationid=<OrganizationId> because of this error: FORBIDFRAMING.
Cause 2: This error may occur if you previously authenticated to the app as a different Microsoft account and chose the option “Keep me signed in”. Even after uninstalling and reinstalling the app, the token for the previous credentials is still stored on your device. If you are trying to connect as a different user, you will need to remove the token. To completely clear the app, after you uninstall the app, you must clear the Indexed DB folder (C:\Users\%USERNAME%\AppData\Local\Microsoft\Internet Explorer\Indexed DB). You may have to sign in as a different user and use the command prompt as an administrator to clear the Indexed DB folder. That is because some files in this folder can be held by the Host Process for Windows Tasks. Once the token is successfully removed, you should see the sign-in page after you enter your URL in the app.
The same error as Cause 1 may be found in the traces.
Cause 3: You have not accepted your invitation to the Microsoft Dynamics CRM organization. If you attempt to access the same URL through your browser, you see a notification that you are invited to the organization but need to accept the invitation. Once you accept the invitation, you are able to configure the app successfully.
Sample Trace Message for Cause 3:
The app couldn’t navigate to https://port.crm.dynamics.com/portal/response/Response.aspx?token=KFES-CK5C-NL8R-X1U0&expiration=635211904207200000&cs=Lkya6zs9EeOtJXjjtRc6AeZa5xqt94YAppfqrXFgZa5slinq2iaabTmwfX0AR4HLGvz&cb=invite&cbcxt=invite&wlid=<username>%40live.com&lc=1033 because of this error: FORBIDFRAMING.
For each of the causes listed above you may also see the following event logged in the traces:
“Authentication: Failed - cookie setup”
What are the specific symptoms you encounter? For example, if you encounter an error, what is the exact error message?
Does the issue only occur for users with certain Microsoft Dynamics CRM security roles?
Does the issue only occur on certain devices but works correctly for the same user on another device?
If you attempt to connect to a different Microsoft Dynamics CRM organization that does not include your customizations, does the same issue occur? If the issue only occurs with your customizations, provide a copy of the customizations if possible.
Does the issue still occur after uninstalling the app and reinstalling it?
Please provide traces. See Enable tracing in CRM for tablets.
What type of device (ex. iPad 4th Generation, Microsoft Surface, etc…) are you using and what is the version of the operating system (ex. iOS 6.0, Windows 8, etc…)?
Send comments about this article to Microsoft.
© 2014 Microsoft Corporation. All rights reserved.