Walkthrough: Configure CRM for integration with Microsoft Azure

  • Article

 

Applies To: Dynamics CRM 2013

This walkthrough guides you through configuring on-premises or Internet-facing deployments of Microsoft Dynamics CRM 2013 for posting the execution data context to the Microsoft Azure Service Bus. This walkthrough doesn’t apply to Microsoft Dynamics CRM Online, which is pre-configured for Microsoft Azure.

Perform the following tasks before continuing with this walkthrough:

  1. Obtain a certificate from an issuing authority.

  2. Install the certificate in the certificate store of the server running the Microsoft Dynamics CRM asynchronous service.

  3. Generate a public key file in Base64 format from the certificate. More information:  Get a public certificate.

  4. Verify that Windows PowerShell is installed on your Microsoft Dynamics CRM server.

Configure certificate read access

The system user account under which the Microsoft Dynamics CRM asynchronous service runs must have read access to your certificate in the certificate store. Either a user account that is identified by the deployment administrator during server setup or NetworkService is used. You can verify the account used by running the Services administrative tool. In the tool, look up the service named “Microsoft Dynamics CRM Asynchronous Processing Service” and see what account that service is running under.

You must grant read access by the above mentioned account to your certificate in the certificate store. You can do this by setting an ACL on the certificate by using the certificate snap-in of the mmc (Microsoft Management Console) or by typing the following command.

winhttpcertcfg -g -c <certLocation> -s <subjectStr> -a <accountName>

Substitute the correct values, described in the following table, for the <> parameters shown in the command.

<certLocation>

The location (path) of the certificate in the certificate store. Use the Certificate snap-in of mmc (Microsoft Management Console) to locate the certificate.

<subjectStr>

The certificate’s subject value. You can obtain this value by double-clicking the public certificate key file (.cer) file in Windows Explorer. In the Details tab of the Certificate dialog box, look for the value of the Subject field.

<accountName>

The name of the account to grant read access to. For a default Microsoft Dynamics CRM installation, the name of the account is “NetworkService”.

Configure the MSCRM_Config database

Follow these procedures to configure the Microsoft Dynamics CRM  MSCRM_Config database.

Register the Microsoft Dynamics CRM PowerShell cmdlets

  1. Log on to the administrator account on your Microsoft Dynamics CRM server.

  2. In a Windows PowerShell command window, enter the following command.

    Add-PSSnapin Microsoft.Crm.PowerShell

    This command adds the CRM Windows PowerShell snap-in to the current session. The snap-in is registered during installation and setup of the Microsoft Dynamics CRM server.

Set the Microsoft Dynamics CRM certificate

  1. Enter the following command in the Windows PowerShell window.

    Set-CrmCertificate –CertificateType AppFabricIssuer –Name <issuerName> -StoreName My –StoreLocation LocalMachine -StoreFindType FindBySubjectDistinguishedName –DataFile <certificateFilename>

    In this command, the issuer name <issuerName> can be any name. However, you’ll be using this same issuer name when you configure Microsoft Azure Access Control Service (ACS). The -DataFile parameter value is the file name or path of the public certificate file.

  2. List the installed certificates in the MSCRM_CONFIG database. You should see the certificate that you just added.

    Get-CrmCertificate

See Also

Administer the deployment using Windows PowerShell
WinHttpCertCfg.exe, a Certificate Configuration Tool
Azure extensions for Microsoft Dynamics CRM 2013
Walkthrough: Configure Microsoft Azure ACS for integration with Microsoft Dynamics CRM 2013