Recently, one of our clients decided to move their CRM installation to an internal server. Their team had been using CRM Online, but the reporting limitations (fetchxml) and a few other problems became high priority issues, and so inside the network we went.
Our client’s IT department already had some CRM servers that they used for other teams, so we restored the backup into the environments there. It was not a walk in the park, and I may blog about that another time.
The IT Department had a support engineer look at our code and make some requests around supportability. One of those requests was to log all the errors to the event viewer for their monitoring processes. We thought “Sure! We like making other people’s lives easier” so we took on the task. It went something like this…
- We got the logging code. They were happy to share some logging code they already had working for the other CRM instances – W00T! We love it when we can reuse code.
- We -wrote all our error handling to utilize the new class we had added to our projects. (Note: we use ILMerge to allow us to split our code into multiple libraries and foster re-use of code.)
- We uploaded the code changes to ourlocal VM to test via the PluginRegistrationTool
- We purposely caused an exception, but this is the error message I saw:
Business Process Error: Unexpected exception from plug-in (Execute):<namespaced.Plugin>: System.Security.SecurityException: Request for the permission of type ‘System.Diagnostics.EventLogPermission, System, Version=184.108.40.206, Culture= neutral, PublicKeyToken= b77a5c561934e089’ failed.
We asked the IT team, but they couldn’t tell us what was done differently.
Bing and Google let us down, no one seemed to have run into this before. Really? We can’t be the first ones…
But then we realized this one little fact. With CRM Online, everything is installed into the Sandbox.
Sandbox is required for CRM Online, but it will kill your ability to write to the event log when you go to On-Premise! To get the permissions necessary for writing to the event log, you must run outside the sandbox.
Therefore, we changed how we deployed our plugins, and it worked. Well, we got a different error…a workable error. We just needed to grant the NETWORK SERVICE account permissions to the registry tree so it can read/update. This post has the steps we used. We granted NETWORK SERVICE full permissions to the eventlog folder in the registry, but only read to the Security folder.