Compartilhar via


Microsoft Dynamics CRM On-Premise Integration of Microsoft Dynamics Marketing - Firewall exceptions

 

To configure Microsoft Azure to work with Microsoft Dynamics CRM On-Premise, you must have the following services and URL’s released on the internet.

clip_image001 More:

For more information on how to configure Microsoft Azure to work with Microsoft Dynamics CRM On-Premise please review: https://technet.microsoft.com/en-us/library/jj993937(v=crm.6).aspx

The Microsoft Dynamics CRM Asynchronous service and Microsoft Dynamics Marketing Data Integration Service must have access to the Internet through the server’s firewall. Only outbound connections on ports 80 and 443 are required. In the Windows Firewall control panel, 2 outbound connections are required to be enabled for:

  • CrmAsyncService.exe application located on the server in the %PROGRAMFILES%\Microsoft Dynamics CRM\Server\bin folder.
  • Microsoft.Dynamics.Marketing.DataIntegrationService.exe application located on the server in the %ProgramFiles(x86)%\Microsoft Dynamics Marketing\CRMConnectorService folder.

clip_image001[1] More:

For more information on firewall configuration for Microsoft Dynamics CRM On-Premise please review: https://msdn.microsoft.com/en-us/library/dn683916.aspx

The Following URL’s, that the Dynamics CRM Asynchronous and Data Integration Services need to be able to connect, must be exposed to the internet for high ports and TCP, http, https protocols:

URL’s

Info

*.accesscontrol.windows.net/* and *.servicebus.windows.net/*

The connection is used to provide a communication tunnel between both system components in order to allow the dataflow.

*.login.live.com/*

The connector must be registered on the Windows Live ID site.

https://cdp1.public-trust.com/CRL/Omniroot2025.crl under port 80

CRM need to ensure that the connection is not being targeted for man-in-the middle attacks. For this security verification a different certificate is used. The certificate originates from the Azure team, it has the Microsoft CA issuer name and must pass the Azure certificate validation. CRM sends a request for revocation checking to the Certificate Revocation List from Baltimore Trust (Microsoft CA is a child of Baltimore Trust).

Author: Vlad Zaicescu

Contributors: Ken Christensen, Gökhan Yilmaz

 

Best Regards

EMEA Dynamics CRM Support Team

Share this Blog Article on Twitter

Tweet

Follow Us on Twitter

Follow @MSDynCRMSupport

Comments