Walkthrough: Configure CRM for integration with Microsoft Azure
Applies To: Dynamics CRM 2015
This walkthrough guides you through configuring on-premises or Internet-facing deployments of Microsoft Dynamics CRM 2015 for posting the execution data context to the Microsoft Azure Service Bus. This walkthrough doesn’t apply to Microsoft Dynamics CRM Online, which is pre-configured for Microsoft Azure.
Perform the following tasks before continuing with this walkthrough:
Obtain a certificate from an issuing authority.
Install the certificate in the certificate store of the server running the Microsoft Dynamics CRM asynchronous service.
Generate a public key file in Base64 format from the certificate. More information: 79e49782-edd1-41ef-b110-2c2ed0771058#bkmk_obtain.
Verify that Windows PowerShell is installed on your Microsoft Dynamics CRM server.
Configure certificate read access
The system user account under which the Microsoft Dynamics CRM asynchronous service runs must have read access to your certificate in the certificate store. Either a user account that is identified by the deployment administrator during server setup or NetworkService is used. You can verify the account used by running the Services administrative tool. In the tool, look up the service named “Microsoft Dynamics CRM Asynchronous Processing Service” and see what account that service is running under.
You must grant read access by the above mentioned account to your certificate in the certificate store. You can do this by setting an ACL on the certificate by using the certificate snap-in of the mmc (Microsoft Management Console) or by typing the following command.
winhttpcertcfg -g -c <certLocation> -s <subjectStr> -a <accountName>
Substitute the correct values, described in the following table, for the <> parameters shown in the command.
<certLocation> |
The location (path) of the certificate in the certificate store. Use the Certificate snap-in of mmc (Microsoft Management Console) to locate the certificate. |
<subjectStr> |
The certificate’s subject value. You can obtain this value by double-clicking the public certificate key file (.cer) file in Windows Explorer. In the Details tab of the Certificate dialog box, look for the value of the Subject field. |
<accountName> |
The name of the account to grant read access to. For a default Microsoft Dynamics CRM installation, the name of the account is “NetworkService”. |
Configure the MSCRM_Config database
Follow these procedures to configure the Microsoft Dynamics CRM MSCRM_Config database.
Register the Microsoft Dynamics CRM PowerShell cmdlets
Log on to the administrator account on your Microsoft Dynamics CRM server.
In a Windows PowerShell command window, enter the following command.
Add-PSSnapin Microsoft.Crm.PowerShell
This command adds the CRM Windows PowerShell snap-in to the current session. The snap-in is registered during installation and setup of the Microsoft Dynamics CRM server.
Set the Microsoft Dynamics CRM certificate
Enter the following command in the Windows PowerShell window.
Set-CrmCertificate –CertificateType AppFabricIssuer –Name <issuerName> -StoreName My –StoreLocation LocalMachine -StoreFindType FindBySubjectDistinguishedName –DataFile <certificateFilename>
In this command, the issuer name <issuerName> can be any name. However, you’ll be using this same issuer name when you configure Microsoft Azure Active Directory Access Control Service (ACS). The -DataFile parameter value is the file name or path of the public certificate file.
List the installed certificates in the MSCRM_CONFIG database. You should see the certificate that you just added.
Get-CrmCertificate
See Also
Administer the deployment using Windows PowerShell
WinHttpCertCfg.exe, a Certificate Configuration Tool
Azure extensions for Microsoft Dynamics CRM
Walkthrough: Configure Microsoft Azure ACS for integration with Microsoft Dynamics CRM 2015
© 2016 Microsoft. All rights reserved. Copyright