Hi, Guys! I am going to show you today how to enable encryption in Microsoft Dynamics CRM. But first let’s have a look why one would want do that:
- you are not able to create queues.
- you are not able to create mailboxes.
In short, all confidential stuff in CRM where you require a user name or password it will be disabled if you have encryption disabled.
if you try to take action mentioned above you will get this error:
“There are encrypted fields in the organization database, but the data encryption feature isn’t activated. Contact your Microsoft Dynamics CRM system administrator to activate data encryption. To activate, go to System Settings > Data Management > Data Encryption…”
According to the error, to enable encryption we need to go into Data Encryption under Data Management. However, we can only enable Data Encryption if Dynamics CRM is using the https protocol, and usually, the reason we’ve done a backup/restore is that we’re setting up a Dev or UAT copy of Prod, which may not need to be https.
This error states that “The HTTPS protocol is required for this type of request. Enable the HTTPS protocol and try again.” However, enabling https may not be ideal, and we still need to be able to use the system.
Fortunately, there is a SQL script we can run on the config database which will allow us to use data encryption without using the https protocol:
You shouldn’t do this on a production instance, but for Dev or UAT instances this is necessary.
Once that’s updated you need to do an IISRESET on the CRM server for the changes to take effect.
If we try opening that Data Encryption window again, we should see that encryption is disabled, and we can create a new key and activate it.
You should be able to get the encryption key from the original CRM system you backed up from. If not, then you can simply create a new encryption key.
When you activate, you might be faced with another error which states “Please select an account that is a member of the PrivUserGroup security group and try again”
A simple solution to this issue would be to use an account with which the CRM instance is installed or add this user to the security group mentioned in the error.