Configure and install Retail hardware station
This article explains how to configure, download, and install the legacy Retail hardware station by using self-service functionality. For more information about sealed self-service installers, see Mass deployment of sealed Commerce self-service components. It also explains how to uninstall Retail hardware station.
Important
- It is critical to note that this component uses a server certificate. Server certificates must be managed for expiration. By default, a certificate expires in one calendar year (365 days).
- The use of self-signed certificates isn't allowed for hardware station installations. Instead, you should use a trusted third-party certificate.
Prerequisites
When configuring hardware station for Dynamics 365 Commerce versions 10.0.42 and later, you must add the following registry entries to support Transport Layer Security (TLS) 1.3:
- TLS 1.3\Server:Enabled=1
- TLS 1.3\Client:Enabled=1
- TLS 1.2\Server:Enabled=1
- TLS 1.2\Client:Enabled=1
- TLS 1.1\Server:Enabled=0
- TLS 1.1\Client:Enabled=0
- TLS 1.0\Server:Enabled=0
- TLS 1.0\Client:Enabled=0
- SSL 3.0\Server:Enabled=0
- SSL 3.0\Client:Enabled=0
- SSL 2.0\Server:Enabled=0
- SSL 2.0\Client:Enabled=0
When configuring hardware station for Commerce versions 10.0.41 and earlier, you must add the following registry entries to support TLS 1.2:
- TLS 1.2\Server:Enabled=1
- TLS 1.2\Client:Enabled=1
- TLS 1.1\Server:Enabled=0
- TLS 1.1\Client:Enabled=0
- TLS 1.0\Server:Enabled=0
- TLS 1.0\Client:Enabled=0
- SSL 3.0\Server:Enabled=0
- SSL 3.0\Client:Enabled=0
- SSL 2.0\Server:Enabled=0
- SSL 2.0\Client:Enabled=0
Note
Any external applications or programs such as antivirus applications should exclude the registry entries listed above and the shared hardware station folder C:\Users\RetailHardwareStationAppPool\AppData\Local\Microsoft Dynamics AX\Retail Hardware Station\
. This ensures that the registry entries and hardware station folders aren't deleted.
Download Retail hardware station by using self-service
Configure a new Retail hardware station
Note
If you're running the February 2016, non-upgraded version of Retail (Initial release), skip step 6.
Use your Azure AD credentials to sign in to the Retail trial.
On the Welcome page, use the menu in the upper left to go to Retail > Channels > Retail stores > All retail stores.
On the All retail stores page, select the retail channel ID of the desired store. The details view for the store appears.
Note
The Houston store is the most thoroughly prepared store in the demo data.
On the Retail store details page, on the Hardware stations FastTab, select Add.
Note
The Retail Server URL that is used for the selected store is read-only. This URL will be important during the installation of Retail hardware station.
In the Hardware station type field, select Shared to indicate that this hardware station is an Internet Information Services (IIS), installed hardware station that will be used by external point of sale (POS) systems.
Note
The value Shared signifies that the installation is a truly shared hardware station installation, and that it works through HTTPS communication. By contrast, the value Dedicated signifies that the hardware station is a part of the Store Commerce app, and that it works through inter-process communication.
Select a hardware station profile.
Enter the host name of the computer that you're installing Retail hardware station on. Additionally, enter the electronic funds transfer (EFT) terminal ID that is associated with that computer for merchant account information.
To utilize the configuration file or initial installation using mass deployment, enter the certificate thumbprint that is to be used during the installation that's detailed in the next section.
Download the Retail hardware station installer
Use your Azure AD credentials to sign in to the Retail headquarters or Retail trial.
On the Welcome page, use the menu in the upper left to go to Retail > Channels > Retail stores > All retail stores.
On the All retail stores page, select the retail channel ID of the desired store. The details view for the store appears.
Note
The Houston store is the most thoroughly prepared store in the demo data.
On the Retail store details page, select the Hardware stations FastTab.
Note
The Retail Server URL that is used for the selected store is read-only. This URL will be important during the installation of Retail hardware station.
Select the hardware station to download, and then select Download.
Note
Browsers might block the download pop-up that is generated. You must select either Allow once or Options for this site > Always allow. Then select Download again.
On the notification bar that appears at the bottom of the Microsoft Edge window, select Save. (The notification bar might appear in a different place in other browsers.)
If needed for mass deployment or command line deployment, repeat the above steps for the configuration file download, which is a button next to the Download button that you previously selected.
Note
- If the configuration file downloaded does not have the same base file name as the installer, either rename the XML configuration file to be the same base name or run the installer using the command line to specify the configuration file.
- Note that the configuration file is not required for the installation of Commerce hardware station.
After the files have been saved, run the installer. (This step might differ depending on your browser.)
Run the installer
Note
Before you run the Retail hardware station installer, make sure that all system requirements are met.
The Retail hardware station installer first extracts the associated files and then begins the installation.
The installer validates that all prerequisites are met. If a sideloading key is required, the installer requests it. This key is found on the Devices page for each device, under General.
Note
- If a system restart is required, the installer informs you of this requirement but can continue the installation.
- Before you can use hardware that is based on the Object Linking and Embedding for Retail Point of Sale (OPOS) standard, the OPOS Common Control Objects must be installed. If they aren't installed, the installer informs you of this requirement but can continue the installation.
Enter the Retail Server URL (for example,
https://MyCompanyNameret.axcloud.dynamics.com/Commerce
), and then select Next.Note
You can find the Retail Server URL at the top of the Hardware stations FastTab on the Retail store details page.
Select a valid Secure Sockets Layer (SSL) certificate to use for HTTPS communication.
Note
- The certificate must use private key storage, and server authentication must be listed in the enhanced key usage property. Additionally, the certificate must be trusted locally, and it can't be expired. It must be stored in the personal certificate store location on the local computer.
- The use of self-signed certificates is not allowed for hardware station installations. Instead, you should use a trusted third-party certificate.
The next page requests the user that should be used for the IIS application pool. By default in version 1611 and later, the installer can automatically create and use a service account. If you're on a domain or require more specific controls, clear the check box, and then enter the user name and password that the application pool should run under.
Enter the HTTPS port to use.
Note
- You can find the HTTPS port in Retail. (See the configuration instructions earlier in this article).
- The installer automatically enters the host name. If, for any reason, you must change the host name for the installation, you can change it here. The host name must be the fully-qualified domain name (FQDN) of the system, and it must be entered in the Host name field for the selected hardware station entry.
The installer installs Retail hardware station and then indicates whether the installation was successful.
When the installation is completed, the Install merchant information tool may start. This installer connects to the environment and installs the merchant account information (such as the EFT ID) for the selected hardware station.
Note
- If the hardware station that was installed won't be used for payment-related work, don't close the Install merchant information window without completing the remaining steps. The hardware station won't work unless this installation is successfully completed.
- For version 10.0.6 and above, the install merchant information tool is no longer used. Instead, the merchant information for the hardware station is set by the POS at the time of logon or when the hardware station is made active. If the retail server is not available when the hardware station is subsequently made active, the last known merchant properties will be used until the connection to the retail server is re-established. If the POS client is not upgraded to version 10.0.6 at the same time the hardware station is upgraded, merchant properties will not be updated until the POS client is upgraded to an equal or later version.
The Install merchant information tool might request Azure AD credentials. Enter the Azure AD credentials of the user who is installing Retail hardware station.
The Retail Server URL is determined through the Retail hardware station installation and is entered automatically. The installer uses this URL to load the list of stores that the user is connected to via the address book.
Select the retail store that the hardware station was installed for.
Select the hardware profile that matches the hardware station that was installed on the current computer.
Verify that the host names and EFT terminal IDs are correct, based on the current computer and the Retail hardware station configuration that has already been completed in Retail. After you've verified this information, select Install.
When you receive a message that states that the merchant account information was installed correctly, exit the installer by selecting the Close button.
Help secure Retail hardware station
Current security standards state that the following options should be set in a production environment:
Note
The hardware station installer automatically makes these registry edits as part of the installation through self-service.
- SSL should be disabled.
- No additional network ports should be open, unless they are required for known, specified reasons.
- Cross-origin resource sharing must be disabled and must specify the allowed origins that are accepted.
- Only trusted certificate authorities should be used to procure certificates that will be used on computers that run Retail hardware station.
- Only Transport Layer Security (TLS) version 1.3 (or the current highest version) should be enabled and used.
Note
By default, SSL and all versions of TLS except TLS 1.3 are disabled starting with Commerce versions 10.0.42 and later. For Commerce versions 10.0.41 and earlier, TLS 1.2 is used instead. To edit or enable these values, follow these steps:
- Select the Windows key + R to open a Run command window.
- In the Open field, enter "Regedit", and then select OK.
- If a User Account Control dialog appears, select Yes.
- In the new Registry Editor window, go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\SecurityProviders\SCHANNEL\Protocols.
The following keys are automatically entered for Commerce versions 10.0.42 and later to allow for TLS 1.3 only:
- TLS 1.3\Server:Enabled=1
- TLS 1.3\Client:Enabled=1
- TLS 1.2\Server:Enabled=1
- TLS 1.2\Client:Enabled=1
- TLS 1.1\Server:Enabled=0
- TLS 1.1\Client:Enabled=0
- TLS 1.0\Server:Enabled=0
- TLS 1.0\Client:Enabled=0
- SSL 3.0\Server:Enabled=0
- SSL 3.0\Client:Enabled=0
- SSL 2.0\Server:Enabled=0
- SSL 2.0\Client:Enabled=0
The following keys are automatically entered for Commerce versions 10.0.41 and earlier to allow for TLS 1.2 only:
- TLS 1.2\Server:Enabled=1
- TLS 1.2\Client:Enabled=1
- TLS 1.1\Server:Enabled=0
- TLS 1.1\Client:Enabled=0
- TLS 1.0\Server:Enabled=0
- TLS 1.0\Client:Enabled=0
- SSL 3.0\Server:Enabled=0
- SSL 3.0\Client:Enabled=0
- SSL 2.0\Server:Enabled=0
- SSL 2.0\Client:Enabled=0
Important
- Most common, lower-security software and services will stop working after all lower-security standards are disabled. To use them again, go to the preceding registry keys, and set the Enabled key from 0 to 1.
- It's critical that you review security guidelines for IIS and Payment Card Industry (PCI) requirements.
Troubleshooting
Store Commerce app can detect the hardware station in its list for selection, but it can't complete the pairing
Solution: Verify the following list of potential failure points:
The computer that is running the Store Commerce app trusts the certificate that is used on the computer that runs Retail hardware station.
- To verify this setup, in a web browser, go to the following URL:
https://<Computer Name>:<Port Number>/HardwareStation/ping
- This URL uses a ping to verify that the computer can be accessed, and the browser indicates whether the certificate is trusted. (For example, in Microsoft Edge, a lock symbol appears in the address bar. When you select this symbol, Microsoft Edge verifies whether the certificate is currently trusted. You can install the certificate on the local computer by viewing the details of the certificate that is shown.)
- To verify this setup, in a web browser, go to the following URL:
On the computer that runs Retail hardware station, the port that will be used by the hardware station is opened in the firewall.
Retail hardware station has properly installed merchant account information through the Install merchant information tool that runs at the end of the Retail hardware station installer.
Store Commerce app can't detect the hardware station in its list for selection
Solution: Any one of the following factors can cause this issue:
- Retail hardware station hasn't been set up correctly in Commerce headquarters. Use the steps earlier in this article to verify that the hardware station profile and the hardware station are correctly entered.
- The jobs haven't been run to update the channel configuration. In this case, run the 1070 job for channel configuration.
- The hardware station isn't accessible from that computer. Verify that the hardware station URL ping test is accessible from a web browser. This URL can be found at the end of the hardware station installer and is in the following form:
https://<Computer Name>:<Port Number>/HardwareStation/ping
Uninstall Retail hardware station
You can use Control Panel in Microsoft Windows to uninstall Retail hardware station.
- Press the Windows logo key, and then, in the search box, type Control Panel. In the list of search results, select Control Panel.
- In Control Panel, select Programs > Uninstall a program. The Programs and Features window opens.
- Select Microsoft Dynamics 365 for Retail hardware station, and then select Uninstall above the list of programs.
- Wait for the uninstaller to finish removing the program.