Microsoft KB Archive/870577

From BetaArchive Wiki
Knowledge Base


You may experience timeouts or slow performance, you may see that the SecurityDescriptor field values are much longer than 1,000 characters, or you may not be able to work with records that exist in a child business unit in Microsoft CRM 1.2

Article ID: 870577

Article Last Modified on 12/20/2005


APPLIES TO

  • Microsoft CRM 1.2



SYMPTOMS

When you try to access data in Microsoft Business Solutions CRM 1.2, one or more of the following symptoms may occur:

  • You may experience timeouts or slow performance when you try to use a particular view, such as the All Leads view.
  • You may see that the SecurityDescriptor field values of Microsoft CRM records are much longer than 1,000 characters. When the field values are this long, the size of the Microsoft SQL Server database that is used by Microsoft CRM grows significantly.


For more information, see the "Determine the lengths of the SecurityDescriptor field values" section.

Note The SecurityDescriptor field is not visible from the Microsoft CRM client. You can view this field by using SQL Server Enterprise Manager or SQL Query Analyzer.

  • You may not be able to read records or write to records that exist in a child business unit.


CAUSE

Typically, this problem occurs if one or both of the following conditions are true:

  • Changes have been made to the Microsoft CRM security roles.
  • Microsoft CRM business units have been reassigned.

Typically, only Microsoft CRM installations that contain more than 10,000 records experience performance-related symptoms. This problem is also affected by the performance of the computer that is running the Microsoft SQL Server application that hosts the Microsoft CRM databases.

RESOLUTION

Microsoft CRM has a fix for this problem that is part of a cumulative update. The cumulative update information is described in the following Microsoft Knowledge Base article:

904435 Update Rollup 2 is available for Microsoft CRM 1.2


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

This problem can be avoided if your organization does not have to have custom Microsoft CRM security roles. To avoid the problem, use the Microsoft CRM standard roles. This problem can also be avoided if your organization does not have to reassign business units. To avoid the problem, do not change the business unit structure.

A reassigned child business unit has Domain Local Security Groups that have a name of MSCRM Glbl (Role name). Role name is the name of the Microsoft CRM security role. MSCRM Glbl security groups should only exist under the root business unit in the Active Directory directory service for a Microsoft CRM installation.

The root cause of this problem is in every record in the Organization_Name_MSCRM database that contains a value in the SecurityDescriptor column. SecurityDescriptor calculations are based on users' Microsoft CRM security roles and on the Microsoft CRM business units. The Microsoft CRM platform uses SecurityDescriptor fields and the Microsoft CRM Security Service to grant security access to Microsoft CRM records. Because the additional MSCRM Glbl security groups are created, the SecurityDescriptor field grows. If multiple business units are moved so that they have a different parent business unit, the field may grow exponentially.

Determine the lengths of the SecurityDescriptor field values

You can determine the lengths of the SecurityDescriptor field values both before and after you move a business unit. To do this, use SQL Query Analyzer to run the following sample SQL SELECT statement against the Organization_Name_MSCRM database. Organization_Name is the licensed organization name for the Microsoft CRM installation. Run this statement before a business unit is moved, and then run the statement again after the business unit is moved. Then, compare the values to find the difference in the lengths. 

select min(datalength(securitydescriptor)), 
avg(datalength(securitydescriptor)), 
max(datalength(securitydescriptor)) from SystemUserBase

This sample SQL SELECT statement shows the minimum length, the average length, and the maximum length of a SecurityDescriptor field value for all the records in the SystemUserBase table. The SystemUserBase table is used because that table always has at least one record in it.

A typical size for the SecurityDescriptor field is 1,000 characters if your Microsoft CRM installation has only a few Microsoft CRM business units and has no custom Microsoft CRM security roles. If you add Microsoft CRM business units and Microsoft CRM security roles, the size of the SecurityDescriptor field value grows. This change is expected functionality.

Note Making SQL Server updates directly to the Microsoft CRM databases is not supported.

For more information about the terminology that is used to describe Microsoft product updates, see the following articles in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates


887283 Microsoft Business Solutions CRM software hotfix and update package naming standards



Additional query words: reparent re-parent move

Keywords: kbbug kbfix kbqfe kbprb kbmbsmigrate KB870577



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/870577&oldid=207272
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki