Configure the Email Router
Applies To: Dynamics CRM 2013
This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. Content for a specific deployment will be noted.
You can configure Email Router after it is installed. Some of these configuration tasks are mandatory. Others are optional in that you use them to enable the following functionality:
Configuration Task 1: Set up profiles and (optionally) set up deployments, by using the Email Router Configuration Manager. For more information, see "Email Router Configuration Manager" later in this topic.
Configuration Task 2: Microsoft Dynamics CRM users must have their incoming email access type set to Email Router. For more information, see "Set email access type" later in this topic.
Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" later in this topic.
Configuration Task 4: (Optional) As part of configuration, you can set up a forward mailbox. For more information, see "Set up a Forward Mailbox" later in this topic.
In This Topic
Email Router Configuration Manager
Keep user credentials secure
Set email access type
Deploy inbox rules
Set up a forward mailbox
Email Router Configuration Manager
The Email Router Configuration Manager is a tool that you use to configure the Email Router. The Email Router Configuration Manager is installed with the Email Router and can be run after the Email Router Setup is completed.
The Email Router settings configured by using the Email Router Configuration Manager are saved in the Microsoft.Crm.tools.EmailAgent.xml file that is located in the folder where the Email Router is installed.
The Email Router has several options. Before you run the Email Router Configuration Manager, you should determine how you want to configure these options:
Incoming Configuration. The Microsoft Dynamics CRM Email Router supports, Exchange Server 2007, Exchange Server 2010, Exchange Online, or POP3 email systems for incoming email messages.
Outgoing Configuration. Microsoft Dynamics CRM supports only Exchange Online or SMTP email systems for outgoing email messages.
Mailbox Monitoring Type. You can configure the following two mailbox types:
Forward Mailbox. If you select Forward Mailbox when you run the Email Router Configuration Manager, the Email Router uses a single mailbox to process email messages. Then, for each Microsoft Dynamics CRM user or queue that will receive email messages, you must create a rule for the user or queue by running the Rule Deployment Wizard.
Email Router. If email messages can be forwarded as attachments, but your email system does not allow rules, you must configure each user to use the Email Router setting. If you are using Exchange Server, we recommend that you use Forward Mailbox Monitoring.
For more information about Email Router options, see Planning Deployment of Microsoft Dynamics CRM 2013 in the Planning Guide. Also, see the Email Router Configuration Manager Help, which you can open by clicking Help on the Configuration Profiles or the Deployments tab in the Email Router Configuration Manager.
To start the Email Router Configuration Manager, click Start, point to All Programs, point to Microsoft Dynamics CRM Email Router, and then click Microsoft Dynamics CRM Email Router Configuration Manager.
Configuration profiles
You must configure at least one incoming email profile and one outgoing email profile to enable the Email Router to route email to and from your Microsoft Dynamics CRM organization. Depending on the complexity of your organization’s email system, you may have to create multiple incoming and outgoing configuration profiles. For example, if your organization requires incoming Email Router services for multiple email servers, you must create one incoming configuration profile for each email server.
Important
Due to performance throttling when accessing Exchange Online, the Email Router should not be configured to use the on-premises deployments of Microsoft Exchange Server or POP3 accounts when a profile is also configured for Exchange Online. If you must communicate with both Exchange Online and an Exchange Server On-Premises or POP3 email server, you can do so by using multiple instances of the Email Router (you can install only one instance of the Email Router on a computer). Connecting to Exchange Server On-Premises and POP3 email servers by using multiple profiles from the same Email Router instance is supported.
Authentication types
You must specify the type of authentication the Email Router will use for each incoming and outgoing email profile. Depending on the type of email server that you use to process incoming email, select one of the following authentication types:
Windows Authentication. This is the only authentication type available if you use Microsoft Exchange Server for incoming email.
NTLM. This option is available only if you use a POP3-compliant server for incoming email.
Clear Text. This option is available if you use either a POP3-compliant server or Microsoft Exchange Online for incoming email. For Microsoft Exchange Online, this is the only authentication type available.
For Exchange Server, incoming profiles support Windows authentication only. For POP3-compliant servers, incoming profiles support NTLM and clear text authentication.
Tip
You can configure the Email Router to use POP3 protocol with Exchange Server. However, the Exchange Server POP3 service is disabled by default. For information about how to enable POP3, see the Exchange Server documentation.
Important
Clear text authentication transmits unencrypted user names and passwords. If you use clear text authentication, we recommend that you do this only with Secure Sockets Layer (SSL). Select the Use SSL and set the Network Port field (on the Advanced tab) to a value that is appropriate for your environment. (If you specify Exchange Online, the Use SSL option is not available because you can connect to Exchange Online only over an https connection.) Verify your POP3 server requirements with your email administrator.
Note
Anonymous SMTP is only valid for internal, non-Internet-facing SMTP servers. Many SMTP servers do not support Anonymous authentication. To ensure uninterrupted email flow from the Email Router, verify your SMTP server requirements with your email administrator.
Access credentials
Depending on how you set the other configuration profile options, the following options are available for specifying the user name and password that the Email Router will use to access each mailbox that the profile serves.
Important
If you use access credentials that are valid for the email server but not for a particular mailbox, a "401 access denied" error is generated when you test access.
Incoming profiles support the following access credentials:
Local System Account. This option requires a machine trust between the computer where the Email Router is running and the computer where Microsoft Exchange Server is running. For incoming profiles, this option is available only for Exchange Server (not for Exchange Online or other POP3 compliant email servers).
User specified. This option is available only in the on-premises version of the product. This option is available for all email server types, protocols, and authentication types.
This option requires that each user enter a user name and password in the Set Personal Options dialog box (available in the Workplace section of the Microsoft Dynamics CRM web client). This enables the Email Router to monitor mailboxes by using each user's access credentials. When a user changes a domain password -- for example, when it expires -- the user must update the password in Microsoft Dynamics CRM so that the Email Router can continue to monitor the mailbox. This option is available for Exchange Server, Exchange Online and other POP3 compliant email servers.
Other specified. Select this option if you want the Email Router to authenticate by using the credentials of a specified user. This option is available for all email server types, protocols, and authentication types. The specified user must have full access to all the mailboxes that the incoming profile will serve. To specify multiple sets of access credentials, you must create a separate configuration profile for each specified user.
Outgoing profiles support the following access credentials. For more information, see the Email Router Configuration Manager Help.
Local System Account. Select this option if you select SMTP as the email server type and you want to authenticate by using the local system account of the computer where the Email Router is running. This option requires a machine trust between the computer where the Email Router is running and the computer where the Exchange Server is running. For more information, see “Securing Exchange Server and Outlook” in Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013 in the Planning Guide. If you select this option, either the Email Router must be installed on the same server as the Microsoft Dynamics CRM Server 2013, or the Email Router computer name must have been entered during Microsoft Dynamics CRM Server Setup. This option is available only when you select SMTP as the email server type, and Windows Authentication or Anonymous as the authentication type.
User Specified.
This option is available in the on-premises and Service Provider editions of Microsoft Dynamics CRM, and when you are using Exchange Online as the Exchange Server Type.
Select this option if you want the Email Router to authenticate by using an individual user account or a mailbox.
Other Specified. This option enables the administrator to configure the Email Router to send email messages on each user's behalf by using the access credentials of a specified user account. The specified user must have full access to all the mailboxes that the incoming profile will serve. To specify multiple sets of access credentials, you must create a separate configuration profile for each specified user. This option is not available if you select SMTP as the email server type and Anonymous as the authentication type.
User Type. If you select Exchange Online as the email server type and Other Specified as the access credentials, you must select either Administrator or User as the user type. Select Administrator if you want to use a single set of credentials to process multiple mailboxes, or if you want to provide a different set of email credentials to process individual mailboxes.
Access Type. If you select Exchange Online as the email server type, Other Specified as the access credentials, and Administrator as the user type, you must select either Delegate Access or Send as as the access type.
Delegate Access causes email to be sent as "Send on behalf of" messages.
Send as causes email to be sent as "Send As" messages.
Deployments
You can link a configuration profile of the Email Router to Microsoft Dynamics CRM Online. It is not mandatory, but doing so provides the benefit of assigning the configuration profile to users for whom no other profile is assigned.
You must select the type of Microsoft Dynamics CRM system that the Email Router will connect to. The following options are available:
My company. Select this option if Microsoft Dynamics CRM is deployed at your company.
An online service provider. Select this option if the deployment that the Email Router will connect to is an online service provider deployment of Microsoft Dynamics CRM.
Microsoft Dynamics CRM Online. Select this option to connect the Email Router to a Microsoft Dynamics CRM Online organization.
Microsoft Dynamics CRM server
Type the URL of theMicrosoft Dynamics CRM Server 2013.
If you are connecting to an on-premises version at your company, the format is similar to http://myCRMServer:5555/OrganizationUniqueName.
If you are connecting to a service provider deployment, contact your service provider to obtain the correct URL. For more information, see the documentation for service providers that is available from the Microsoft Download Center.
If you are connecting to Microsoft Dynamics CRM Online and your organization uses Microsoft account, enter:
- https://dev.crm.dynamics.com/\<OrganizationName> where OrganizationName is a placeholder for the actual ID of your organization.
If you are connecting to Microsoft Dynamics CRM Online and your organization uses Microsoft Office 365, enter:
- https://disco.crm.dynamics.com/\<OrganizationName> where OrganizationName is a placeholder for the actual ID of your organization.
Important
Make sure that the URL of the Microsoft Dynamics CRM deployment is spelled correctly. The OrganizationUniqueName part of the URL must be spelled exactly as it appears in the Microsoft Dynamics CRM server. To determine the OrganizationUniqueName, start the Microsoft Dynamics CRM web application as a user who has the System Customizer role. Click Settings, and then click Customizations. On the Customization page, click Developer Resources. The OrganizationUniqueName is displayed below the Organization Unique Name label.
One deployment type at a time
There are two types of deployments. One type includes deployments to Microsoft Dynamics CRM Online only. The other type includes deployments to either My company or An online service provider. If you define multiple deployments for the Email Router, they must all be of the same type. That is, after you have created a deployment that uses one deployment type, any other deployments that you create must be of the same type. (To create a deployment of the other type, you must first delete all of the deployments that currently exist.)
Obtaining user email credentials from Microsoft Dynamics CRM
In certain circumstances, the Email Router must obtain user credentials from Microsoft Dynamics CRM. However, Microsoft Dynamics CRM stores user names and passwords only when HTTPS has been selected as the protocol that the Email Router will use to access Microsoft Dynamics CRM. You can change this behavior so that Microsoft Dynamics CRM can store and distribute user names and passwords to the Email Router over HTTP. For more information, see “HTTP Option” in “Keep user credentials secure” later in this topic.
Access credentials
You must specify the access credentials that the Email Router will use to log on toMicrosoft Dynamics CRM Server 2013.
To use the Local System Account (available only if you select My company as the deployment type), either the Email Router must be installed on the same computer as the Microsoft Dynamics CRM Server 2013, or the computer where the Email Router is installed must be a member of the Active Directory PrivUserGroup security group.
Tip
For an on-premises deployment ofMicrosoft Dynamics CRM 2013, the computer will already be added to the PrivUserGroup security group if you specified the Email Router computer during Microsoft Dynamics CRM Server 2013 Setup.
Configuring email routing for multiple configurations and deployments
You can add or edit an Email Router configuration, which contains a single incoming and outgoing method that routes email to the email server. In the configuration, you must specify the following:
A name of the configuration profile, for display and reference.
The direction of the configuration profile: incoming or outgoing.
The email transport type, such as Exchange or POP3 for incoming, and SMTP for outgoing.
You can also add or edit Email Router deployments. An Email Router deployment contains a URL to a Microsoft Dynamics CRM Server 2013computer, one incoming configuration, and one outgoing configuration. In an Email Router deployment object, you specify the following components:
A URL to the Microsoft Dynamics CRM Server 2013 computer (required).
A default incoming configuration (optional).
A default outgoing configuration (optional).
To specify additional operational settings for a new or existing configuration profile, click Advanced on the Email Router Configuration Manager dialog box.
For more information, see the Email Router Configuration Manager Help.
Keep user credentials secure
If your organization uses the Email Router to send and receive messages on behalf of users or queues, you should increase security. You can do this either by using the HTTPS protocol or by enabling IPsec.
Note
This issue applies only to users of the on-premises deployment of Microsoft Dynamics CRM 2013.
HTTPS option
In processing email for a user or queue, the Email Router requires credentials for the user or queue. Those credentials can be entered in the Microsoft Dynamics CRM web application in the Set Personal Options dialog box (for users) and in the Queues form (for queues). Microsoft Dynamics CRM stores these credentials in encrypted form in the Microsoft Dynamics CRM database. The Email Router uses a key stored in the Microsoft Dynamics CRM database to decrypt these credentials. The call that the Email Router makes to obtain this key enforces HTTPS. In Microsoft Dynamics CRM 2013, the Email Router functions this way by default, which means that you need not take any action to retain this behavior. However, if you do not want to use HTTPS, you must set a particular Windows registry key, as described in the following section.
HTTP option
If you do not want to use HTTPS, you must set a Windows registry key, as follows:
On the Microsoft Dynamics CRM Server 2013, check the value of the registry key DisableSecureDecryptionKey at the path HKLM\Software\Microsoft\MSCRM. If this registry key is present, set its value to 1. (If the key is not present or set to 0, calls from the Email Router to the Microsoft Dynamics CRM Server 2013 are made using HTTPS.) Setting the value of this key to 1 allows the Email Router to obtain information from the Microsoft Dynamics CRM database over the HTTP protocol.
If you changed the value of DisableSecureDecryptionKey, do the following on the Microsoft Dynamics CRM Server 2013: Restart Internet Information Services (IIS). To do this, click Start, click Run, type IISRESET, and then click OK.
(Recommended) Enable IPsec for all communications between the Microsoft Dynamics CRM Server 2013 and the Email Router computer. For more information about enabling IPsec, see IPSec.
Managing certificates to use the email router with HTTPS
If you are running Microsoft Dynamics CRM on HTTPS and one or more certificates is not signed by a certification authority, do the following on the computer on which the Email Router is installed:
For the Microsoft Dynamics CRM certificate
If the Email Router Service is configured to use the "LocalSystem" account, import the Microsoft Dynamics CRM certificate into the trusted store of the local machine account of the computer on which the Email Router is installed.
If the Email Router Service is configured to use any other specific user account, import the Microsoft Dynamics CRM certificate into the trusted store of that user's account on the computer on which the Email Router is installed.
For any Exchange Server certificates:
If the Email Router Service is configured to use the "LocalSystem" account, import the Exchange Server certificate into the trusted store of the local machine account of the computer on which the Email Router is installed.
If the Email Router Service is configured to use any other specific user account, import the Exchange Server certificate into the trusted store of that user's account on the computer on which the Email Router is installed.
Set email access type
Before a user can send and receive email messages that will be tracked in Microsoft Dynamics CRM, you must change the email access type that is set for that user, as described in the following procedure.
To set the email access type
Make sure you have the System Administrator security role or equivalent permissions in Microsoft Dynamics CRM.
Check your security role
Follow the steps in View your user profile..
Don’t have the correct permissions? Contact your system administrator.
Follow the steps for the app you’re using.
If using the CRM web application
- Click or tap Settings > Administration > Users.
If using CRM for Outlook
- Click or tap Settings > Administration > Users.
Find the user whose settings you want to edit. You may need to navigate to a different page.
Click the name of the user, or select the user and then click Edit. The User form opens. You can edit the messaging options in the Email Access Configuration section.
Warning
By default, Microsoft Dynamics CRM sets both the incoming email access type and the outgoing email access type to "CRM for Outlook."
For each user of the Microsoft Dynamics CRM web application whose mail will be routed by the Email Router, you must change the incoming type to Email Router or to Forward Mailbox, and the outgoing type to Email Router.
Set the email router to work with Microsoft Dynamics CRM Online
Start the Email Router Configuration Manager.
Click the Deployments tab.
Click New to create a new deployment.
Make sure that the Deployment option is set to Microsoft Dynamics CRM Online. If the Microsoft Dynamics CRM Online option is not available, delete the existing deployments as explained in the following note:
Note
There are two types of deployments. One type includes deployments to Microsoft Dynamics CRM Online only. The other type includes deployments to either My company or An online service provider. If you define multiple deployments for the Email Router, they must all be of the same type. That is, after you have created a deployment that uses one deployment type, any other deployments that you create must be of the same type. (To create a deployment of the other type, you must first delete all of the deployments that currently exist.)
Enter the rest of the information required to define the deployment and then click OK to finish.
Deploy inbox rules
An important part of routing email messages to your Microsoft Dynamics CRM system is the placement of an Microsoft Exchange Server inbox rule in the inbox of each Microsoft Dynamics CRM user or queue. This rule sends a copy of each message that is received by a Microsoft Dynamics CRM user to the Microsoft Dynamics CRM system mailbox. From the Microsoft Dynamics CRM system mailbox, the Email Router retrieves the messages and creates an email activity in Microsoft Dynamics CRM.
To deploy these Microsoft Dynamics CRM user inbox rules, use the Rule Deployment Wizard, which can be run at any time to add or change the inbox rules for your Microsoft Dynamics CRM users.
Important
The Rule Deployment Wizard can deploy rules only to Exchange Server mailboxes. You cannot use the Rule Deployment Wizard to deploy rules to POP3 email servers.
Note
For information about installing the Rule Deployment Wizard, see Install Email Router and Rule Deployment Wizard in this guide.
If you chose to install this wizard as part of the Email Router installation, you can access this wizard by doing the following:
On the computer where you have installed the Rule Deployment Wizard, click Start, point to All Programs, point to Microsoft Dynamics CRM Email Router, and then click Rule Deployment Wizard.
The Rule Deployment Wizard does not have to be run on a computer with an instance of Exchange Server. To run the Rule Deployment Wizard, you must:
Be logged on as a Microsoft Dynamics CRM user with a security role. (Users can be in restricted access mode).
Be a local administrator on the computer where the wizard is running.
Have Exchange Server administrative permissions.
To deploy rules to the mailbox of a Microsoft Dynamics CRM user, the person running the Rule Deployment Wizard must have Exchange Server administrative permissions for the mailbox. Use the Exchange System Manager and the Exchange Server delegation wizard to designate Exchange Server administrators. Or, make sure that the person running the Rule Deployment Wizard has full permissions on the Exchange Server mailbox store or storage group in which the users' mailboxes are located.
Create the rule manually in Outlook
For POP3 email servers that support email system rules where an email message can be forwarded as an attachment, you can create the rule manually.
Note
Before you can specify a forward mailbox in a rule, you must create a mailbox and designate it as a forward mailbox. For more information, see “Specify a Forward Mailbox” in the Email Router Configuration Manager Help.
In Microsoft Office Outlook, click File > Manage Rules & Alerts.
In the Rules and Alerts dialog box, on the E-mail Rules tab, click New Rule
Under Step 1: Select a template select Apply rule on messages I receive and click Next.
Under Step 1: Select condition(s) select where my name is in the To or CC box and click Next.
Under Step 1: Select action(s) select forward it to people or public group as an attachment.
Under Step 2: Edit the rule description click people or public group, in the Rule Address window, enter the forward mailbox, click Go, select it from the address book, click To, and then click OK.
Click Finish.
Click the new rule to activate it and make sure it is running against the correct Inbox that is displayed in Apply changes to this folder.
If you want to run this rule on messages that are already in the Inbox, click Run Rules Now from the Rules and Alerts window.
Set up a forward mailbox
The forward mailbox is used as a collection box for email messages that are transferred from each Microsoft Dynamics CRM user’s mailbox by a server-side rule. The forward mailbox must be dedicated to the Email Router system, and should not be used as a working mailbox by an individual user.
Before you specify a forward mailbox, you must create or use an existing Exchange Server or POP3 mailbox that can be dedicated to processing email messages that are tracked by Microsoft Dynamics CRM. After you specify the forward mailbox, you can run the Rule Deployment Wizard to deploy the rules that will be used to forward email messages to the forward mailbox.
Note
If you specify a POP3 mailbox as the forward mailbox, you must manually deploy the rules. The Rule Deployment Wizard cannot deploy rules to a POP3 email server. For information about how to deploy rules manually, see “Create the rule manually” above.
Specify or modify a forward mailbox
Make sure that you have a mailbox to dedicate as the forward mailbox. If you do not, see your messaging server documentation for information about how to create a mailbox. If you select Exchange Server as the incoming email server type, you must log on to the mailbox by using an email client such as Microsoft Office Outlook or Outlook Web Access (OWA) at least once to complete the creation of the mailbox.
Click the Users, Queues, and Forward Mailboxes tab, and then click Load Data.
When the list appears, click the Forward Mailboxes tab, and then click New. To change an existing forward mailbox, click Modify.
In the Forward Mailbox dialog box, complete the following boxes, and then click OK:
Name. Type a name for the forward mailbox. This will be used to display in the Email Router Configuration Manager and the Rule Deployment Wizard.
Email Address. Type the email address for the forward mailbox, such as [email protected].
Incoming Configuration Profile. Select the incoming configuration profile to associate with the forward mailbox. You can have multiple forward mailboxes that use different incoming configuration profiles.
Note
To delete email messages in the forward mailbox after they have been processed by the Email Router, select the Delete messages in forward mailbox after processing option.
Click Publish.
Stop the Microsoft CRM Email Router service. To do this, on the Start menu, type services.msc, and then press ENTER; or click Run, type services.msc, and then press ENTER. Right-click the Microsoft CRM Email Router service, and then click Stop.
Restart the Microsoft CRM Email Router service. To do this, in the services list, right-click Microsoft CRM Email Router, and then click Start.
Click OK, and then close the Services application.
Complete the forward mailbox
If you will use a forward mailbox to route email messages, in Active Directory directory service, you must create the user and mailbox that will be used for the Email Router forward mailbox.
Important
You must log on to the forward mailbox at least one time before the Email Router can use it to process email messages.
See Also
Install Email Router and Rule Deployment Wizard
Install Email Router on multiple computers