Sunday, September 18, 2011

Solved: Exceeded Column Length error when configuring claims authentication when selecting a certificate

While configuring Internet facing deployment Deployment manager throws error and closes. Error is caused when length of SSL certificate name exceeds 128 characters. After searching a lot I ended up with a simple solution.

Please note this is an unsupported way, so please backup MSCRM_CONFIG database before making any changes listed below so that you can restore in case anything goes wrong.

Issue is caused because table Certificates column Name size is 126. We need to increase that from back end to make it work.

Simple Solution:

Execute following script on MSCRM_CONFIG database

  1. ALTER TABLE Certificates ALTER COLUMN Name NVARCHAR(256);
  2. SELECT cast(ConfigurationMetadataXml as xml)
    FROM [MSCRM_CONFIG].[dbo].[ConfigurationMetadata]

  3. Open XML in editor
  4. Search for tag <Table Name="Certificates"> and go to <Column Name="Name">
  5. Modify length to 256 instead of 128 <Length>256</Length>
  6. Make sure to replace all (') quotes with ('') twice quotes to allow update else SQL will throw errors

  7. UPDATE MSCRM_CONFIG.dbo.ConfigurationMetadata
    SET ConfigurationMetadataXml = 'place modified xml contents here'


When running the Claims Authentication Wizard in the Dynamics CRM Deployment Manager to configuring Claims Based Authentication and you select a certificate that has a name longer than 128 characters Deployment Manager crashes.
The error in the Platform trace is:
Crm Exception: Message: Exceeded column length: Column Name, ErrorCode: -2147220970
[2010-11-04 20:17:36.256] Process: mmc |Organization:00000000-0000-0000-0000-000000000000 |Thread: 3(SnapIn/Main-thread.) |Category: Platform.Sql |User: 00000000-0000-0000-0000-000000000000 |Level: Error | CrmCertificateService.Create
Exception creating Certificate, Name=(CN long_certificate_name :Exceeded column length: Column Name)


There is a limit of 128 characters that a certificate name can have if it is the certificate being selected during the Claims Authentication Wizard.

Solution from Microsoft:

Select a certificate that has a name less than 128 characters.