Walkthrough: Configure CRM for integration with Microsoft Azure


Applies To: Dynamics CRM 2016, Dynamics CRM Online

This walkthrough guides you through configuring on-premises or Internet-facing deployments of Microsoft Dynamics CRM 2016 for posting the execution data context to the Microsoft Azure Service Bus when Azure ACS authorization is used.


This walkthrough doesn’t apply to Microsoft Dynamics CRM Online, which is pre-configured for Microsoft Azure. Also, the walkthrough does not apply to on-premises or Internet-facing deployments where Azure SAS authorization is to be used as no special configuration of CRM is required.

Perform the following tasks before continuing with this walkthrough:

  1. Obtain a certificate from an issuing authority or create a self signed certificate for development and testing purposes. You can do this by using the New-SelfSignedCertificate PowerShell command or the IIS Manager tool.

  2. Install the certificate in the Personal\Certificates store of the server running the Microsoft Dynamics CRM asynchronous service. You can do this by using the Certificate snap-in of the Microsoft Management Console (mmc.exe).

  3. Export a public key file in Base64 format from the certificate by using mmc.exe.

  4. Verify that Windows PowerShell is installed on your Microsoft Dynamics CRM server.

The system user account under which the Microsoft Dynamics CRM asynchronous service runs must have read access to your certificate in the certificate store. Either a user account that is identified by the deployment administrator during server setup or NetworkService is used. You can verify the account used by running the Services administrative tool. In the tool, look up the service named “Microsoft Dynamics CRM Asynchronous Processing Service” and see what account that service is running under.

You must grant read access by the above mentioned account to your certificate in the certificate store. You can do this by setting an ACL on the certificate by using the Certificate snap-in of the mmc (Microsoft Management Console) or by typing the following command.

winhttpcertcfg -g -c <certLocation> -s <subjectStr> -a <accountName>

Substitute the correct values, described in the following table, for the <> parameters shown in the command.


The location (path) of the certificate in the certificate store. Use the Certificate snap-in of mmc (Microsoft Management Console) to locate the certificate.


The certificate’s subject value. You can obtain this value by double-clicking the public certificate key file (.cer) file in Windows Explorer. In the Details tab of the Certificate dialog box, look for the value of the Subject field.


The name of the account to grant read access to. For a default Microsoft Dynamics CRM installation, the name of the account is “NetworkService”.

Follow these procedures to configure the Microsoft Dynamics CRM  MSCRM_Config database.

Register the Microsoft Dynamics CRM PowerShell cmdlets

  1. Log on to the administrator account on your Microsoft Dynamics CRM server.

  2. In a Windows PowerShell command window, enter the following command.

    Add-PSSnapin Microsoft.Crm.PowerShell

    This command adds the CRM Windows PowerShell snap-in to the current session. The snap-in is registered during installation and setup of the Microsoft Dynamics CRM server.

Set the Microsoft Dynamics CRM certificate

  1. Enter the following command in the Windows PowerShell window.

    Set-CrmCertificate –CertificateType AppFabricIssuer –Name <issuerName> -StoreName My –StoreLocation LocalMachine -StoreFindType FindBySubjectDistinguishedName –DataFile <certificateFilename>

    In this command, the issuer name <issuerName> can be any name. However, you’ll be using this same issuer name when you configure Microsoft Azure Active Directory Access Control Service (ACS). The -DataFile parameter value is the file name or path of the public certificate file.

  2. List the installed certificates in the MSCRM_CONFIG database. You should see the certificate that you just added.


Microsoft Dynamics CRM 2016 and CRM Online

© 2016 Microsoft. All rights reserved. Copyright

Community Additions