Keep user credentials secure

If your organization uses the E-mail Router to send and receive messages on behalf of users or queues, you should increase security. You can do this either by using the HTTPS protocol or by enabling IPsec.

This issue applies only to users of the on-premises deployment of Microsoft Dynamics CRM 2011.

HTTPS option

In processing e-mail for a user or queue, the E-mail Router requires credentials for the user or queue. Those credentials can be entered in the Microsoft Dynamics CRM Web application in the Set Personal Options dialog box (for users) and in the Queues form (for queues). Alternatively, you can store the credentials in the E-mail Router itself by creating separate profiles for each user or queue. (Storing credentials in the E-mail Router is the only option for Microsoft Dynamics CRM Online.)

Microsoft Dynamics CRM stores these credentials in encrypted form in the database. The E-mail Router uses a key stored in the database to decrypt these credentials. The call that the E-mail Router makes to obtain this key enforces HTTPS. In Microsoft Dynamics CRM 2011, the E-mail Router functions this way by default, which means that you need not take any action to retain this behavior. However, if you do not want to use HTTPS, you must set a particular Windows registry key, as described in the following section.

HTTP option

If you do not want to use HTTPS, you must set a Windows registry key, as follows:

  1. On the Microsoft Dynamics CRM Server, check the value of the registry key DWORD DisableSecureDecryptionKey at the path HKLM\Software\Microsoft\MSCRM. If this registry key is present, set its value to 1. (If the key is not present or set to 0, calls from the E-mail Router to the Microsoft Dynamics CRM Server are made using HTTPS.) Setting the value of this key to 1 (after, if necessary, creating the key as a DWORD) allows the E-mail Router to obtain information from the Microsoft Dynamics CRM database over the HTTP protocol.

  2. If you changed the value of DisableSecureDecryptionKey, do the following on the Microsoft Dynamics CRM Server: Restart Internet Information Services (IIS). To do this, click Start, click Run, type IISRESET, and then click OK.

  3. (Recommended) Enable IPsec for all communications between the Microsoft Dynamics CRM Server and the E-mail Router computer. For more information about enabling IPsec, see IPsec.