We are talking about an on-prem CRM application. Precisely, this is the version it’s on - Microsoft Dynamics 365 Update 2.3, 8.2.3.0008.
I had to setup Server side synchronization on this UAT env. First thing, none of the following works without enabling Data Encryption on the CRM app.
- Server side Sync
- Mailboxes (opening)
- Cannot update user email addresses
- Cannot update mailbox email
Working though this issue, I saw that none of the messages the system shows is quite right. I spent a while getting to the bottom of this. So here are the hurdles I faced to get through setting up Data Encryption on CRM data.
Navigate to Data management
After, click on Data Encryption, you see this.
This looks like there is no Data Encryption set up at all and you need to do it now. Note how the Current Encryption key and Show Encryption Key fields are disabled.
I created a guid and hit Activate. Then this shows up
So I look for the Privilege AD user group. On the server, nowhere I see that there is a corresponding AD account. I confirmed that my account has admin privilege in the app. So, I checked up the user that the CRM service app pool is running on. I logged into CRM app using that Service Account credentials and tried activating. Yay! the Security group user error is gone!
Then this shows up,
I thought encryption was not setup earlier! then what is this about matching key you are telling me about?!
Lots of blogs talk about this message appearing when the application already had encryption set. If yes, then the solution is to use the old key to activate it. Now, without any prior knowledge about the app that I’m working on, i’m not sure! I look up for passwords/ keys and I see that there is an encryption Key that says its for the UAT env. I expect that to work (coz maybe this was a copy)and put it in in the Activate Encryption Key box.
I get the same error,
I found a blog (very old, may or may not work for more recent version) that talks about what to do if you don’t have your previous Encryption key. It says that you would need to delete all the sensitive data in the CRM app. This is supposedly going to allow you to start fresh. Here is the link http://www.crmphilly.com/how-to-unlock-dynamics-crm-data-encryption/
But, you see, this would mean loosing all the users set up in the system. That would be a nightmare to set up again!
Then without much hope, I looked up the PROD instance and checked its Encryption Key. Simply pasted the PROD key in and hit Activate. Voilà! all is good! It appears that the UAT server was setup from a backup of PROD!
Now Encryption is set up!
