Walkthrough: Configure Dynamics 365 for integration with Microsoft Azure
Updated: November 29, 2016
Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online
This walkthrough guides you through configuring on-premises or Internet-facing deployments of Microsoft Dynamics 365 for posting the execution data context to the Microsoft Azure Service Bus when Azure ACS authorization is used.
This walkthrough doesn’t apply to Microsoft Dynamics 365 (online), which is pre-configured for Microsoft Azure. Also, the walkthrough does not apply to on-premises or Internet-facing deployments where Azure SAS authorization is to be used as no special configuration of Dynamics 365 is required.
Perform the following tasks before continuing with this walkthrough:
Obtain a certificate from an issuing authority or create a self signed certificate for development and testing purposes. You can do this by using the New-SelfSignedCertificate PowerShell command or the IIS Manager tool.
Install the certificate in the Personal\Certificates store of the server running the Microsoft Dynamics 365 asynchronous service. You can do this by using the Certificatesnap-in of the Microsoft Management Console (mmc.exe).
Export a public key file in Base64 format from the certificate by using mmc.exe.
Verify that Windows PowerShell is installed on your Microsoft Dynamics 365 server.
The system user account under which the Microsoft Dynamics 365 asynchronous service runs must have read access to your certificate in the certificate store. Either a user account that is identified by the deployment administrator during server setup or NetworkService is used. You can verify the account used by running the Services administrative tool. In the tool, look up the service named “Microsoft Dynamics 365Asynchronous Processing Service” and see what account that service is running under.
You must grant read access by the above mentioned account to your certificate in the certificate store. You can do this by setting an ACL on the certificate by using the Certificate snap-in of the mmc (Microsoft Management Console) or by typing the following command.
Substitute the correct values, described in the following table, for the <> parameters shown in the command.
The location (path) of the certificate in the certificate store. Use the Certificate snap-in of mmc (Microsoft Management Console) to locate the certificate.
The certificate’s subject value. You can obtain this value by double-clicking the public certificate key file (.cer) file in Windows Explorer. In the Details tab of the Certificate dialog box, look for the value of the Subject field.
The name of the account to grant read access to. For a default Microsoft Dynamics 365 installation, the name of the account is “NetworkService”.
Follow these procedures to configure the Microsoft Dynamics 365MSCRM_Config database.
Register the Microsoft Dynamics 365 PowerShell cmdlets
Log on to the administrator account on your Microsoft Dynamics 365 server.
In a Windows PowerShell command window, enter the following command.
This command adds the Dynamics 365Windows PowerShell snap-in to the current session. The snap-in is registered during installation and setup of the Microsoft Dynamics 365 server.
Set the Microsoft Dynamics 365 certificate
Enter the following command in the Windows PowerShell window.
Set-CrmCertificate –CertificateType AppFabricIssuer –Name <issuerName> -StoreName My –StoreLocation LocalMachine -StoreFindType FindBySubjectDistinguishedName –DataFile <certificateFilename>
In this command, the issuer name <issuerName> can be any name. However, you’ll be using this same issuer name when you configure Microsoft Azure Active Directory Access Control Service (ACS). The -DataFile parameter value is the file name or path of the public certificate file.
Microsoft Dynamics 365
© 2016 Microsoft. All rights reserved. Copyright