Microsoft Dynamics CRM On-Premise Integration of Microsoft Dynamics Marketing - Firewall exceptions
To configure Microsoft Azure to work with Microsoft Dynamics CRM On-Premise, you must have the following services and URL’s released on the internet.
|
For more information on how to configure Microsoft Azure to work with Microsoft Dynamics CRM On-Premise please review: https://technet.microsoft.com/en-us/library/jj993937(v=crm.6).aspx |
The Microsoft Dynamics CRM Asynchronous service and Microsoft Dynamics Marketing Data Integration Service must have access to the Internet through the server’s firewall. Only outbound connections on ports 80 and 443 are required. In the Windows Firewall control panel, 2 outbound connections are required to be enabled for:
- CrmAsyncService.exe application located on the server in the %PROGRAMFILES%\Microsoft Dynamics CRM\Server\bin folder.
- Microsoft.Dynamics.Marketing.DataIntegrationService.exe application located on the server in the %ProgramFiles(x86)%\Microsoft Dynamics Marketing\CRMConnectorService folder.
|
For more information on firewall configuration for Microsoft Dynamics CRM On-Premise please review: https://msdn.microsoft.com/en-us/library/dn683916.aspx |
![clip_image001[1]](https://msdntnarchive.blob.core.windows.net/media/MSDNBlogsFS/prod.evol.blogs.msdn.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/01/24/87/metablogapi/6813.clip_image0011_3788FC5E.png "clip_image001[1]"){kind=small}
The Following URL’s, that the Dynamics CRM Asynchronous and Data Integration Services need to be able to connect, must be exposed to the internet for high ports and TCP, http, https protocols:
URL’s |
Info |
*.accesscontrol.windows.net/* and *.servicebus.windows.net/* |
The connection is used to provide a communication tunnel between both system components in order to allow the dataflow. |
*.login.live.com/* |
The connector must be registered on the Windows Live ID site. |
https://cdp1.public-trust.com/CRL/Omniroot2025.crl under port 80 |
CRM need to ensure that the connection is not being targeted for man-in-the middle attacks. For this security verification a different certificate is used. The certificate originates from the Azure team, it has the Microsoft CA issuer name and must pass the Azure certificate validation. CRM sends a request for revocation checking to the Certificate Revocation List from Baltimore Trust (Microsoft CA is a child of Baltimore Trust). |
Author: Vlad Zaicescu
Contributors: Ken Christensen, Gökhan Yilmaz
Best Regards
EMEA Dynamics CRM Support Team
Share this Blog Article on Twitter
Follow Us on Twitter