Before I start writing the details, first let me tell you why this blog. After all this is so nicely explained in the following link – https://technet.microsoft.com/en-us/library/mt171421.aspx
Well, the above link contains all the steps you need to set-up server-server integration between Dynamics On-Prem and Sharepoint online. But still from my personal experience I find that customers find it great difficult to set this up. This is mainly because they get some error while executing a step or because some pre-requisites are not there and they are not mentioned in the technet link as well.
The main intention of this post is to rectify all those errors, identify all the dependencies and work your way to glory.
So let’s identify the dependencies first.
Dependency 1 : Dynamics should be ADFS configured and accessible over the internet.
I am not going over the topic again on how to do it. Greatly explained here – https://technet.microsoft.com/en-us/library/dn609803.aspx and in so many other blogs.
Dependency 2: Microsoft Dynamics 365 Hybrid Connector should be configured.
Believe me, from my personal experience I find many clueless about this. Well you no longer need to. You just need to verify here if Dynamics 365 Hybrid connector subscription is available and commissioned.
To do this:
- Login to https://portal.office.com using the Office 365 admin credentials for your SP online tenant.
- Open the Office 365 admin screen
- Go to Billing –> Purchase Services
- Expand the section Dynamics 365 Suite. Usually its expanded. If not expand it.
- Search for the word “Hybrid”. You should get it. If not, you need to add the connector. Below are the steps on how you can do it.
- Use the URL – https://portal.office.com/Signup/Signup.aspx?OfferId=2d11d538-945d-48c6-b609-a5ce54ce7b18&pc=76ac7a4d-8346-4419-959c-d3896e89b3c9. Select Add it to my existing account.
- Once you hit the URL, it asks for some address information. enter the same and click on Next
- Below is the screen you get. As of now its free but the way it shows up I believe it will be chargeable some time soon
- Enter you credit card number and then click on Place Order. Don’t worry, you won’t be charged for this. You are all set and done.
Dependency 3: Connect to Microsoft Online through PowerShell.
Now this can become tricky. The technet documentation says – You need to have Azure Active Directory powershell modules. And the link redirects you to a page where it asks you to install the module using Powershell command prompt – Install-Module MsOnline
The moment you do this step, you get an error like the one below.
install-module : The term ‘install-module’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path
is correct and try again.
At line:1 char:1
+ install-module MSOnline +
+ CategoryInfo : ObjectNotFound: (install-modele:String) , CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Well to successfully accomplish this, you need to complete both the required steps.
- Microsoft Online Services Sign-In Assistant for IT Professionals Beta – select the appropriate download. It may ask you to restart the machine for the changes to take effect. Please do the same.
- Now also if you run the install-module command, it would fail. The reason is install-module command is available from Powershell v5.0 and above. So you need to update your powershell as well. To do this, download the necessary installer depending on your server/ 64 or 32 bit machine, from the below Url.
Again machine restart is required.
Now open powershell as administrator and then try to install the module MSOnline. It will now download the same from Nuget.
Requirement 4: X.509 Digital certificate
Well this is the simplest but again it can give you some errors which would be difficult to find out. The first question is – which certificate do I need to use.
Well, the easiest answer is, you can use – “An x509 digital certificate issued by a trusted certificate authority that will be used to authenticate between Dynamics 365 (on-premises) and SharePoint Online. If you are evaluating server-based authentication, you can use a self-signed certificate.”
So we can basically re-use your CRM certificate or ADFS certificate. All you should take care is while exporting the certificate, it should be exported along the private key.
* Export all extended properties should be checked.
You will be asked to provide a password. Keep this password as you will need this later.
Once the file is exported, import it in the personal store of the machine where deployment manager is installed.
The technet article asks you to execute the below command.
$CertificateScriptWithCommand = “.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\CRMAsyncService -storeFindType FindBySubjectDistinguishedName”
The service account is important here in the above statement. Whatever service name you provide here, that should have access to the private key of the certificate. To do that, you need to provide permission to the private key from the certificate console.
Click on Manage Private Keys and give the service account user full permission on the certificate.
After completing all the above steps, while connecting to your CRM, you may receive the 401 - Un-authorized error in Powershell. For this follow the below steps.
Open registry editor
- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
Re-open powershell. It should work.
The commands I am not repeating from the technet article since they work just fine.
Hope this helps!