Microsoft Dynamics CRM 2013 for Outlook - Stifter

Microsoft Dynamics CRM 2013 Planning Guide
Version 6.0
This document is provided "as-is". Information and views expressed in this document, including
URL and other Internet Web site references, may change without notice.
Some examples depicted herein are provided for illustration only and are fictitious. No real
association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any
Microsoft product. You may copy and use this document for your internal, reference purposes.
© 2013 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveX, Azure, BizTalk, JScript, Microsoft Dynamics, Outlook,
SharePoint, SQL Server, Visual Basic, Visual Studio, Windows, Windows Server, and Windows
Vista are trademarks of the Microsoft group of companies. All other trademarks are property of
their respective owners.
Contents
Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online .......... 13
In This Section ............................................................................................................................ 13
Related Sections ......................................................................................................................... 13
Send us your comments about this document ............................................................................. 13
Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online ......................................................................................................................................... 14
Resources for planning Microsoft Dynamics CRM ..................................................................... 14
Microsoft Dynamics SureStep ................................................................................................ 14
Manage your Microsoft Dynamics CRM Online subscription ................................................. 15
See Also ...................................................................................................................................... 15
Microsoft Dynamics CRM editions and licensing .......................................................................... 15
Editions and licensing for on-premises deployments ................................................................ 15
Licensing ................................................................................................................................. 15
Client Access License Types .................................................................................................... 16
Microsoft Dynamics CRM Online licensing ................................................................................ 16
See Also ...................................................................................................................................... 16
What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online ................. 16
In This Topic ............................................................................................................................... 17
What’s changed in this release? ................................................................................................ 17
New in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online ................. 17
New Microsoft Dynamics CRM Online features ........................................................................ 17
Expanded licensing plans ........................................................................................................ 17
New Microsoft Dynamics CRM 2013 (on-premises) features.................................................... 17
Volume Shadow Service (VSS) support................................................................................... 18
Server-side synchronization ................................................................................................... 18
Microsoft Dynamics CRM 2013 Best Practices Analyzer ........................................................ 18
Defer the base and extension table merge as part of upgrade .............................................. 18
See Also ...................................................................................................................................... 18
Microsoft Dynamics CRM 2013 system requirements and required technologies....................... 19
In This Section ......................................................................................................................... 20
See Also ...................................................................................................................................... 21
Microsoft Dynamics CRM Server 2013 hardware requirements .................................................. 21
See Also ...................................................................................................................................... 22
Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013 .......... 22
See Also ...................................................................................................................................... 22
Software requirements for Microsoft Dynamics CRM Server 2013 .............................................. 23
In This Topic ............................................................................................................................... 23
Windows Server operating system ............................................................................................ 23
Supported Windows Server 2012 editions ............................................................................. 24
Supported Windows Server 2008 editions ............................................................................. 24
Server virtualization ................................................................................................................... 24
Active Directory modes .............................................................................................................. 25
Internet Information Services (IIS) ............................................................................................. 25
SQL Server editions .................................................................................................................... 26
Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD
requirements .......................................................................................................................... 26
SQL Server Reporting Services ................................................................................................... 28
Software component prerequisites ........................................................................................... 29
Verify prerequisites .................................................................................................................... 30
See Also ...................................................................................................................................... 31
Microsoft Dynamics CRM 2013 Reporting Extensions requirements ........................................... 31
In this topic................................................................................................................................. 31
Microsoft Dynamics CRM Reporting Extensions general requirements ................................ 31
Microsoft Dynamics CRM Reporting Authoring Extension General Requirements ............... 32
See Also ...................................................................................................................................... 32
SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013
.................................................................................................................................................... 33
Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint .............................. 33
See Also ...................................................................................................................................... 34
Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013 ......... 34
See Also ...................................................................................................................................... 34
Microsoft Dynamics CRM 2013 Email Router hardware requirements ........................................ 34
See Also ...................................................................................................................................... 35
Microsoft Dynamics CRM 2013 Email Router software requirements ......................................... 35
In This Topic ............................................................................................................................... 37
Exchange Server ......................................................................................................................... 37
Messaging and transport protocols ........................................................................................... 37
Exchange Online......................................................................................................................... 38
Additional Email Router software requirements ....................................................................... 38
See Also ...................................................................................................................................... 38
Microsoft Dynamics CRM 2013 for Outlook hardware requirements .......................................... 39
See Also ...................................................................................................................................... 40
Microsoft Dynamics CRM 2013 for Outlook software requirements ........................................... 40
In this topic................................................................................................................................. 40
Microsoft Dynamics CRM for Outlook software feature prerequisites ..................................... 41
Additional Microsoft Dynamics CRM for Outlook software requirements ............................ 42
Running Microsoft Dynamics CRM for Outlook on computers that have multiple versions of
Outlook installed ................................................................................................................. 43
See Also ...................................................................................................................................... 43
Web application requirements for Microsoft Dynamics CRM 2013 web application requirements
.................................................................................................................................................... 43
In This Topic ............................................................................................................................... 43
Microsoft Dynamics CRM web application hardware requirements......................................... 43
Supported versions of Internet Explorer ................................................................................... 44
Supported operating systems when you use Internet Explorer ............................................. 44
Supported versions of Internet Explorer ................................................................................ 45
Supported non-Internet Explorer web browsers ....................................................................... 45
Supported versions of Microsoft Office ..................................................................................... 46
Printing reports .......................................................................................................................... 46
See Also ...................................................................................................................................... 46
Tablet support for Microsoft Dynamics CRM 2013 and CRM Online ............................................ 46
In This Topic ............................................................................................................................... 47
Windows 8 ................................................................................................................................. 47
Microsoft Dynamics CRM for Windows 8 minimum requirements ....................................... 47
Apple iPad .................................................................................................................................. 48
Microsoft Dynamics CRM for iPad minimum requirements .................................................. 48
Google Nexus ............................................................................................................................. 48
See Also ...................................................................................................................................... 49
Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
.................................................................................................................................................... 49
In This Topic ............................................................................................................................... 49
CRM phone apps ........................................................................................................................ 49
CRM for iPhones ..................................................................................................................... 49
CRM for Android ..................................................................................................................... 49
CRM for Windows Phone 8..................................................................................................... 50
BlackBerry ............................................................................................................................... 50
CRM for phones ......................................................................................................................... 50
See Also ...................................................................................................................................... 51
64-bit supported configurations for Microsoft Dynamics CRM 2013 ........................................... 51
See Also ...................................................................................................................................... 51
Microsoft Dynamics CRM 2013 language support ........................................................................ 52
In This Topic ............................................................................................................................... 52
Microsoft Dynamics CRM Server language requirements...................................................... 52
Microsoft Dynamics CRM Server language examples ............................................................ 53
CRM phone app language support ......................................................................................... 54
See Also ...................................................................................................................................... 56
Planning Deployment of Microsoft Dynamics CRM 2013 ............................................................. 56
In This Section ............................................................................................................................ 57
Related Sections ......................................................................................................................... 57
Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM
2013 ........................................................................................................................................... 57
See Also ...................................................................................................................................... 58
Hardware requirements ................................................................................................................ 58
See Also ...................................................................................................................................... 59
Software requirements ................................................................................................................. 59
See Also ...................................................................................................................................... 59
Active Directory and network requirements for Microsoft Dynamics CRM 2013 ........................ 59
Federation and claims-based authentication support ............................................................... 60
Active Directory Federation Services ......................................................................................... 60
Digital Certificates ...................................................................................................................... 60
IPv6 Support ............................................................................................................................... 61
See Also ...................................................................................................................................... 62
SQL Server installation and configuration ..................................................................................... 62
In This Section ............................................................................................................................ 63
Related Sections ......................................................................................................................... 63
SQL Server requirements and recommendations for Microsoft Dynamics CRM .......................... 63
See Also ...................................................................................................................................... 65
SQL Server deployment ................................................................................................................. 65
In This Topic ............................................................................................................................... 66
SQL Server deployment considerations ..................................................................................... 66
Language locale collation and sort order................................................................................... 67
Disk configurations and file locations ........................................................................................ 67
SQL Server program file location ............................................................................................... 68
SQL Server data file location ...................................................................................................... 68
Specifying file paths ................................................................................................................ 70
Default-instance file path for program and data files ............................................................ 70
Microsoft Dynamics CRM database renaming considerations .................................................. 70
Organization database names ................................................................................................ 71
Organization database renaming ........................................................................................... 71
SQL Server transparent data encryption.................................................................................... 72
See Also ...................................................................................................................................... 72
Additional resources for SQL Server.............................................................................................. 72
See Also ...................................................................................................................................... 72
Planning requirements for Microsoft SQL Server Reporting Services........................................... 73
Microsoft Dynamics CRM Reporting Extensions requirements ................................................. 74
See Also ...................................................................................................................................... 75
Planning email integration ............................................................................................................ 75
See Also ...................................................................................................................................... 75
Microsoft Dynamics CRM Email Router ........................................................................................ 76
Email systems ............................................................................................................................. 77
Network topology and email traffic ........................................................................................... 77
Avoid mailbox storage problems ............................................................................................ 78
See Also ...................................................................................................................................... 78
E-mail message filtering and correlation....................................................................................... 78
Microsoft Dynamics CRM 2013 tracking tokens ........................................................................ 79
Tracking token structure......................................................................................................... 80
Smart matching .......................................................................................................................... 81
See Also ...................................................................................................................................... 81
Forward mailbox vs. individual mailboxes .................................................................................... 82
Forward mailbox monitoring ..................................................................................................... 83
See Also ...................................................................................................................................... 83
Microsoft Dynamics CRM user options ......................................................................................... 83
Incoming e-mail messaging options........................................................................................... 83
Outgoing e-mail messaging options........................................................................................... 84
See Also ...................................................................................................................................... 84
Additional resources for Exchange Server .................................................................................... 84
See Also ...................................................................................................................................... 85
Operating system and platform technology security considerations for Microsoft Dynamics CRM
2013 ........................................................................................................................................... 85
In This Topic ............................................................................................................................... 85
Securing Windows Server .......................................................................................................... 85
Windows error reporting ........................................................................................................ 86
Virus, malware, and identity protection................................................................................. 86
Update management .............................................................................................................. 87
Securing SQL Server ................................................................................................................... 87
Securing Exchange Server and Outlook ..................................................................................... 88
Securing mobile devices............................................................................................................. 89
See Also ...................................................................................................................................... 89
Security considerations for Microsoft Dynamics CRM 2013 ......................................................... 89
In This Topic ............................................................................................................................... 89
Minimum permissions required for Microsoft Dynamics CRM Setup and services .................. 89
Microsoft Dynamics CRM Server Setup .................................................................................. 90
Services and CRMAppPool IIS application pool identity permissions .................................... 90
Microsoft Dynamics CRM Sandbox Processing Service....................................................... 91
Microsoft Dynamics CRM Asynchronous Processing Service and Microsoft Dynamics CRM
Asynchronous Processing Service (maintenance) services .............................................. 91
Microsoft Dynamics CRM Monitoring Service .................................................................... 91
Microsoft Dynamics CRM VSS Writer service ..................................................................... 92
Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity) ... 92
Application Service (CRMAppPool IIS Application Pool identity) ........................................ 93
IIS Application Pool identities running under Kernel-Mode authentication and SPNs ....... 93
What kind of service account should I choose? ......................................................................... 93
Microsoft Dynamics CRM installation files ................................................................................ 94
See Also ...................................................................................................................................... 94
Security best practices for Microsoft Dynamics CRM ................................................................... 95
Service principal name management in Microsoft Dynamics CRM 2013 .................................. 95
See Also ...................................................................................................................................... 96
Administration best practices for on-premises deployments of Microsoft Dynamics CRM ......... 97
See Also ...................................................................................................................................... 97
Network ports for Microsoft Dynamics CRM ................................................................................ 98
In This Topic ............................................................................................................................... 98
Network ports for the Microsoft Dynamics CRM web application ............................................ 98
Network ports for the Asynchronous Service, Web Application Server, and Sandbox Processing
Service server roles ............................................................................................................... 100
Network ports for the Deployment Web Service server role .................................................. 100
Network ports that are used by the SQL Server that runs the SQL Server and Microsoft
Dynamics CRM Reporting Extensions server roles ............................................................... 101
See Also .................................................................................................................................... 102
Known risks and vulnerabilities ................................................................................................... 102
In This Topic ............................................................................................................................. 102
Risks when users connect to CRM over an unsecured network .............................................. 103
Security recommendations on server role deployments......................................................... 103
Anonymous authentication ..................................................................................................... 103
Isolate the HelpServer role for Internet-facing deployments.................................................. 104
Claims-based authentication issues and limitations ................................................................ 104
Verify that the identity provider uses a strong password policy.......................................... 104
AD FS federation server sessions are valid up to 8 hours even for deactivated or deleted
users .................................................................................................................................. 104
Secure the ................................................................................................................................ 105
Outbound Internet calls from custom code executed by the Sandbox Processing Service are
enabled ................................................................................................................................. 105
Secure server-to-server communication ................................................................................. 106
DNS rebinding attacks .............................................................................................................. 106
See Also .................................................................................................................................... 107
Microsoft Dynamics CRM standards compliance and certification ............................................ 107
Security standards compliance ................................................................................................ 107
FIPS 140-2 compliance .......................................................................................................... 107
Certification.............................................................................................................................. 107
See Also .................................................................................................................................... 107
Microsoft Dynamics CRM 2013 supported configurations ......................................................... 108
Active Directory requirements................................................................................................. 108
Single-server deployment ........................................................................................................ 109
See Also .................................................................................................................................... 110
Microsoft Dynamics CRM multiple-server deployment .............................................................. 110
Install server roles by running Microsoft Dynamics CRM Server Setup .................................. 110
Install server roles by running Microsoft Dynamics CRM Server 2013 at the command
prompt............................................................................................................................... 110
Microsoft Dynamics CRM Server 2013 placement .................................................................. 111
SQL Server and Active Directory domain controller placement .............................................. 111
See Also .................................................................................................................................... 111
Microsoft Dynamics CRM 2013 server roles ............................................................................... 111
In This Topic ............................................................................................................................. 112
Available group server roles .................................................................................................... 112
Available individual server roles .............................................................................................. 114
Scope definition ....................................................................................................................... 117
Installation method definition ................................................................................................. 118
Microsoft Dynamics CRM Server role requirements ............................................................... 118
See Also .................................................................................................................................... 121
Support for Microsoft Dynamics CRM multiple-server topologies ............................................. 121
In This Topic ............................................................................................................................. 121
Six-server topology .................................................................................................................. 121
Multi-forest and multi-domain with Internet access Active Directory topology..................... 123
See Also .................................................................................................................................... 125
Upgrading from Microsoft Dynamics CRM 2011......................................................................... 125
In This Topic ............................................................................................................................. 126
Recommended upgrade steps ................................................................................................. 126
Microsoft Dynamics CRM Server upgrade options .................................................................. 127
Microsoft Dynamics CRM 2011 Server versions supported for upgrade................................. 128
Microsoft Dynamics CRM 2011 for Outlook versions supported for upgrade ........................ 128
Microsoft Dynamics CRM software and components not supported for in-place upgrade.... 128
Upgrade product key ............................................................................................................... 129
User permissions and privileges .............................................................................................. 129
Sharing a SQL Server ................................................................................................................ 130
Tips for a successful upgrade ................................................................................................... 130
Maximum number of attributes exceeded .......................................................................... 130
Remove custom database objects ........................................................................................ 130
Remove the ignorechecks registry subkey ........................................................................... 130
If you are upgrading from Microsoft Dynamics CRM 2011 Update Rollup 6, indexes will be
added during upgrade ....................................................................................................... 131
Consider rescheduling base and extension table merge ...................................................... 131
Next steps ................................................................................................................................ 131
See Also .................................................................................................................................... 131
Before you upgrade: issues and considerations.......................................................................... 131
In This Topic ............................................................................................................................. 132
What has changed in supported products and technologies? ................................................ 132
End of support for outdated programmability features .......................................................... 132
Delete connections to enable use of access teams ................................................................. 132
Changes to duplicate detection ............................................................................................... 133
Microsoft Lync presence not supported in some areas........................................................... 133
Update your customizations for the new user interface ......................................................... 133
See Also .................................................................................................................................... 133
Upgrade the Microsoft Dynamics CRM Deployment .................................................................. 133
In This Topic ............................................................................................................................. 134
The upgrade process ................................................................................................................ 134
Prepare to upgrade .................................................................................................................. 135
Establish the test environment ................................................................................................ 138
Upgrade and validate the test environment............................................................................ 139
What to do when you cannot successfully upgrade or migrate? ............................................ 140
Upgrade Microsoft Dynamics CRM for Outlook .......................................................................... 140
In This Topic ............................................................................................................................. 140
Microsoft Dynamics CRM for Outlook upgrade requirements ................................................ 140
Cross-architecture upgrade of Microsoft Dynamics CRM for Outlook .................................... 142
Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM 2013
Server .................................................................................................................................... 142
See Also .................................................................................................................................... 143
Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics ............................... 143
In This Section .......................................................................................................................... 143
See Also .................................................................................................................................... 143
Advanced deployment options for Microsoft Dynamics CRM Server 2013 ................................ 143
Update Setup files by using a local package ............................................................................ 143
Add or remove server roles ..................................................................................................... 144
Use Windows Powershell to perform deployment tasks ........................................................ 144
See Also .................................................................................................................................... 144
Configure a Microsoft Dynamics CRM Internet-facing deployment ........................................... 144
In This Topic ............................................................................................................................. 145
About claims-based authentication ......................................................................................... 145
Internet-facing server best practices ....................................................................................... 146
Implement a strong password policy ................................................................................... 146
Internet connection firewall ................................................................................................. 146
Proxy/firewall server ............................................................................................................ 146
Configure IFD............................................................................................................................ 146
Step 1: Configure Microsoft Dynamics CRM Server 2013 for Internet access ..................... 146
Step 2: Configure Microsoft Dynamics CRM for Outlook to connect to the Microsoft
Dynamics CRM Server 2013 by using the Internet............................................................ 147
See Also .................................................................................................................................... 147
Key management in Microsoft Dynamics CRM ........................................................................... 147
In This Topic ............................................................................................................................. 147
Key types .................................................................................................................................. 147
Key regeneration and renewal ................................................................................................. 148
Key-management logging ........................................................................................................ 148
Key storage............................................................................................................................... 148
How to encrypt Microsoft Dynamics CRM keys ....................................................................... 148
See Also .................................................................................................................................... 149
Multi-organization deployment .................................................................................................. 149
See Also .................................................................................................................................... 149
Accessibility in Microsoft Dynamics CRM.................................................................................... 149
Accessibility features in browsers ............................................................................................ 150
See Also .................................................................................................................................... 150
Planning Guide for Microsoft Dynamics CRM 2013
and Microsoft Dynamics CRM Online
IT Pros and CRM administrators can use the resources and topics in this guide to help them plan
an on-premises deployment of Microsoft Dynamics CRM 2013 and to help in planning to use
Microsoft Dynamics CRM Online.
In This Section
Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Microsoft Dynamics CRM editions and licensing
What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Microsoft Dynamics CRM 2013 system requirements and required technologies
Planning Deployment of Microsoft Dynamics CRM 2013
Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics
Related Sections
Installing Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Administration Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Operating Guide for Microsoft Dynamics CRM 2013 (on-premises)
Customization Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Report Writers Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Send us your comments about this document
If you have a question or comment about this document, click to send an e-mail message to the
Microsoft Dynamics CRM content team.
If your question is about Microsoft Dynamics CRM products, and not about the content of this
book, search the Microsoft Help and Support Center or the Microsoft Knowledge Base.
13
Planning Your Deployment of Microsoft Dynamics
CRM 2013 and Microsoft Dynamics CRM Online
For larger organizations, planning Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM
Online, like any enterprise-wide software, is a significant task. This guide is written for the team
of people responsible for planning Microsoft Dynamics CRM, and provides information and tools
that are needed to design a successful implementation. In smaller organizations, several roles
may be filled by one person. In larger organizations, each role may be divided among several
people. These roles include the following:
 Business managers. Responsible for determining how your business will use Microsoft
Dynamics CRM. This includes mapping your processes to Microsoft Dynamics CRM, deciding
on default values, and identifying any required customizations.
 Customization technical staff. Responsible for implementing the planned customizations.
 Network technical staff. Responsible for determining how Microsoft Dynamics CRM will be
deployed on the network and how users will access the system.
 Project manager. Responsible for managing an enterprise-wide implementation project.
Organizations that implement Microsoft Dynamics CRM software may use the services of an
independent software vendor (ISV) or value-added reseller, a consultant, or other organization
that is partnered with Microsoft and will help you with implementing and maintaining your
Microsoft Dynamics CRM installation. Because of this assumption, there may be references in
this guide to these "partners" who are expected to provide services to you.
Resources for planning Microsoft Dynamics CRM
These resources are available to help you plan a deployment of Microsoft Dynamics CRM 2013
or Microsoft Dynamics CRM Online.
Microsoft Dynamics SureStep
Microsoft Dynamics Sure Step is a full customer lifecycle methodology for all Microsoft
Dynamics solutions, providing the Microsoft ecosystem with comprehensive sales through
delivery guidance, project management discipline alignment and field-driven best practices.
Microsoft Dynamics Sure Step is designed for Microsoft Dynamics Partners to successfully and
reliably complete customer projects on time and on budget. More information: Microsoft
Dynamics CRM Sure Step Guide
14
Manage your Microsoft Dynamics CRM Online subscription
If you’re an administrator who needs to plan and implement Microsoft Dynamics CRM Online in
your organization, the Manage your Microsoft Dynamics CRM Online subscription is designed for you.
The guide also helps other users to ramp up with Microsoft Dynamics CRM Online.
See Also
Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Microsoft Dynamics CRM editions and licensing
Microsoft Dynamics CRM editions and licensing
Microsoft Dynamics CRM offers licensing options that cover implementations for small, to midlevel, to even very large organizations.
Editions and licensing for on-premises deployments
 Microsoft Dynamics CRM Server 2013. There is no user limit for this edition. Additional
features include support for multiple organizations, multiple server instances, and separate
role-based service installation. Role-based services let you increase performance by
installing component services on different computers. Users of the Professional edition can
be granted full access to all features and customization areas.
 Microsoft Dynamics CRM Workgroup Server 2013. This edition is limited to five, or fewer,
users. This version is limited to a single organization and a single computer that is running
Microsoft Dynamics CRM 2013. Users of the Basic edition have the same access as the
Essential edition, plus they can be granted access to accounts, contacts, cases, leads,
reporting, personal dashboards, and visualizations.
Licensing
A Microsoft Dynamics CRM deployment operates by using a single product key. However, each
Microsoft Dynamics CRM Server in a Microsoft Dynamics CRM 2013 deployment requires a
server license. Only the Microsoft Dynamics CRM Server 2013 edition is licensed for multiple
Microsoft Dynamics CRM 2013 servers or server roles in a deployment. Microsoft Dynamics
CRM Workgroup Server 2013 edition is limited to running on a single server in a deployment.
You can view and upgrade a license in Deployment Manager. Deployment Manager is a
Microsoft Management Console (MMC) snap-in that system administrators can use to manage
organizations, servers, and licenses for deployments of Microsoft Dynamics CRM.
15
Client Access License Types
You can view and modify client access license types for each user in the Users area of the
Settings area in the Microsoft Dynamics CRM web client. For more information about Microsoft
Dynamics CRM 2013 licensing, see How to buy Microsoft Dynamics.
You can view and upgrade a license in Deployment Manager. Deployment Manager is a
Microsoft Management Console (MMC) snap-in that deployment administrators can use to
manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM.
Microsoft Dynamics CRM Online licensing
With Microsoft Dynamics CRM Online, you get powerful CRM capabilities and features delivered
as a cloud service from Microsoft, providing instant-on, anywhere access, and predictable payas-you-go pricing. Licensing plans for Microsoft Dynamics CRM Online determine the amount of
features and functionality users need and is licensed using a subscription.
 Microsoft Dynamics CRM Online Essential. Users who have the Essential subscription can
be granted access to the system entities, custom entities, activities, Activity Feeds, and
access by using the Microsoft Dynamics CRM SDK.
 Microsoft Dynamics CRM Online Basic. Users who have the Basic subscription have the
same access as the Essential USL plus can be granted access to accounts, contacts, cases,
leads, reporting, personal dashboards and visualizations.
 Microsoft Dynamics CRM Online Professional. Users of who have the Professional
subscription can be granted full access to all features and customization areas of Microsoft
Dynamics CRM.
For more information, see Microsoft Dynamics CRM Online Licensing Guidelines.
See Also
Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
What's new in Microsoft Dynamics CRM 2013 and
Microsoft Dynamics CRM Online
Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online include several new
features that offer flexibility, scalability, and ease of use.
16
In This Topic
What’s changed in this release?
New in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
New Microsoft Dynamics CRM Online features
New Microsoft Dynamics CRM 2013 (on-premises) features
What’s changed in this release?
In support of the latest technologies and in compliance with the Microsoft Support Lifecycle,
obsolete platform products and technologies will no longer be supported in Microsoft Dynamics
CRM 2013. More information: What’s changing in the next major release
New in both Microsoft Dynamics CRM 2013 and
Microsoft Dynamics CRM Online
Some new features included with Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online are the following:
 Improved user interface. Much of the user interface has been improved to provide better
touch support, drive efficiencies, and minimize the number of window popups.
 Database encryption. Organization database encryption is enabled for a set of default entity
attributes that contain sensitive information, such as user names and email passwords. This
feature can help organizations meet FIPS 140-2 compliance. Encryption keys can be viewed
and changed in Microsoft Dynamics CRM. More information: Data Encryption
New Microsoft Dynamics CRM Online features
This section lists the new features available with the Microsoft Dynamics CRM Online Fall ‘13
release.
Expanded licensing plans
Microsoft Dynamics CRM Online brings to the online customers a new multi-tiered licensing
model that has already been successfully used by the on-premises customers. More
information: Microsoft Dynamics CRM editions and licensing
New Microsoft Dynamics CRM 2013 (on-premises)
features
This section lists new features available with Microsoft Dynamics CRM 2013 (on-premises).
17
Volume Shadow Service (VSS) support
The Volume Shadow Service (VSS) Writer service provides support for Data Protection Manager
to simplify data backup and recovery. More information: Microsoft Dynamics CRM 2013 VSS
Writer
Server-side synchronization
Server-side synchronization provides server-to-server synchronization of email messages, tasks,
contacts, and appointments between Microsoft Dynamics CRM 2013 and Microsoft Exchange
Server or POP3/SMTP email systems. To use this functionality you don’t have to install and
maintain a separate application. More information: Introducing Server-Side Synchronization
Microsoft Dynamics CRM 2013 Best Practices Analyzer
The Microsoft Dynamics CRM 2013 Best Practices Analyzer is a diagnostic tool that gathers
information from installed Microsoft Dynamics CRM 2013 server roles and builds a report of
best practices and recommended solutions based on the existing deployment. More
information: Microsoft Dynamics CRM 2013 Best Practices Analyzer (BPA)
Defer the base and extension table merge as part of upgrade
As part of the upgrade from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013, all
organization databases will have the entitynameBase and entitynameExtensionBase tables
merged into a single entitynameBase table. Reducing the number of tables in the organization
database can improve overall performance of transactional operations in CRM.
However, for enterprise customers with organization databases having large and complex
customizations or solutions, the table merge may take several hours to complete. You can
perform the merge as a separate operation to reduce application downtime caused by the
upgrade. More information: Run the Base and Extension table merge as a separate operation
See Also
Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Microsoft Dynamics CRM editions and licensing
Microsoft Dynamics CRM 2013 system requirements and required technologies
What's new for administrators in Microsoft Dynamics CRM 2013 and CRM Online
What's new for customization
18
Microsoft Dynamics CRM 2013 system
requirements and required technologies
Microsoft Dynamics CRM Online reduces the system requirements of traditional on-premises
deployments by operating all the infrastructure and platform essentials in the cloud. At a glance,
the minimum software requirements for users and administrators of Microsoft Dynamics CRM
Online includes the following:
 Windows operating system when you use CRM for Outlook. Apple Mac, when running Apple
Safari, supported tablet, or mobile device.
 Supported web browser, such as later versions of Internet Explorer or the latest versions of
Apple Safari, Google Chrome and Mozilla Firefox.
 Microsoft Office Outlook (optional).
Microsoft Dynamics CRM 2013 on-premises versions have a much larger requirement for both
hardware and software than Microsoft Dynamics CRM Online. Microsoft Dynamics CRM 2013
on-premises versions require the software listed previously plus the following software:
 Microsoft Windows Server
 A Microsoft Windows Server Active Directory infrastructure
 An Internet Information Services (IIS) website
 Microsoft SQL Server 2008 or Microsoft SQL Server 2012
 Microsoft SQL Server 2008 Reporting Services or Microsoft SQL Server 2012 Reporting
Services
 Microsoft Exchange Server or access to a POP3-compliant email server (optional)
 SharePoint Server (required for document management)
 Claims-based security token service (required for Internet-facing deployments)
 Windows operating system when you use CRM for Outlook. Apple Mac, when running Apple
Safari, supported tablet, or mobile device.
 Supported web browser, such as later versions of Internet Explorer or the latest versions of
Apple Safari, Google Chrome and Mozilla Firefox.
 Microsoft Office Outlook (optional).
Note
For detailed hardare and software requirements or specific product versions and service
pack levels that are supported, see the links in “In this Section” later in this topic.
19
Important
Typically, Microsoft Dynamics CRM applications support the latest version and service
pack (SP) for all required components, such as Windows Server, Microsoft SQL Server,
and Microsoft Office. However, to fully support the latest version of a required
component, you should apply the latest update for Microsoft Dynamics CRM. For
information about the latest update, see Microsoft Dynamics CRM 2013 updates and
hotfixes.
For the compatibility status of the required or optional components that are updated,
see Microsoft Dynamics CRM Compatibility List.
Microsoft Dynamics CRM 2013 matches the support policy for all dependent products
and technologies, such as Microsoft Office or Microsoft Exchange Server. For example,
mainstream support for Microsoft Office 2010 ends 10/13/2015; therefore mainstream
support for CRM for Outlook running on Microsoft Office 2010 also ends on that date.
For more information, see Select a Product for Lifecycle Information.
Before you install Microsoft Dynamics CRM 2013, review the following topics, which provide
detailed information about the products and technologies that are required or optional for
Microsoft Dynamics CRM 2013.
In This Section
Microsoft Dynamics CRM Server 2013 hardware requirements
Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013
Software requirements for Microsoft Dynamics CRM Server 2013
Microsoft Dynamics CRM 2013 Reporting Extensions requirements
SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013
Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 Email Router hardware requirements
Microsoft Dynamics CRM 2013 Email Router software requirements
Microsoft Dynamics CRM 2013 for Outlook hardware requirements
Microsoft Dynamics CRM 2013 for Outlook software requirements
Web application requirements for Microsoft Dynamics CRM 2013 web application requirements
64-bit supported configurations for Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 language support
20
See Also
What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Planning Deployment of Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM Server 2013 hardware
requirements
The following table lists the minimum and recommended hardware requirements for Microsoft
Dynamics CRM Server 2013 running in a Full Server configuration. These requirements assume
that additional components such as Microsoft SQL Server, Microsoft SQL Server Reporting
Services, SharePoint, or Microsoft Exchange Server aren’t installed or running on the system.
Component
*Minimum
*Recommended
Processor
x64 architecture or compatible
dual-core 1.5 GHz processor
Quad-core x64 architecture 2
GHz CPU or higher such as AMD
Opteron or Intel Xeon systems
Memory
2-GB RAM
8-GB RAM or more
Hard disk
10 GB of available hard disk
space
40 GB or more of available hard
disk space
Note
Computers with more
than 16GB of RAM will
require more disk space
for paging, hibernation,
and dump files.
Note
Computers with more
than 16GB of RAM will
require more disk space
for paging, hibernation,
and dump files.
* Actual requirements and product functionality may vary based on your system configuration
and operating system.
Running Microsoft Dynamics CRM on a computer that has less than the recommended
requirements may result in inadequate performance.
The minimum and recommended requirements are based on 320-user load simulation tests.
21
See Also
Microsoft Dynamics CRM 2013 system requirements and required technologies
Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013
Microsoft SQL Server hardware requirements for
Microsoft Dynamics CRM Server 2013
Microsoft SQL Server database engine and Microsoft SQL Server Reporting Services are required
to install and run on-premises versions of Microsoft Dynamics CRM 2013. The following table
lists the minimum and recommended hardware requirements for Microsoft SQL Server. These
requirements assume that additional components such as Microsoft Dynamics CRM 2013,
Microsoft SQL Server Reporting Services, SharePoint, or Microsoft Exchange Server aren’t
installed or running on the system.
Component
*Minimum
*Recommended
Processor
x64 architecture or
compatible dual-core 1.5 GHz
processor
Quad-core x64 architecture 2
GHz CPU or higher such as AMD
Opteron or Intel Xeon systems
Memory
4-GB RAM
16-GB RAM or more
Hard disk
SAS RAID 5 or RAID 10 hard
disk array
SAS RAID 5 or RAID 10 hard disk
array
* Actual requirements and product functionality may vary based on your system configuration
and operating system.
Maintaining Microsoft Dynamics CRM databases on a computer that has less than the
recommended requirements may result in inadequate performance.
The minimum and recommended requirements are based on 320-user load simulation tests.
See Also
Microsoft Dynamics CRM Server 2013 hardware requirements
Software requirements for Microsoft Dynamics CRM Server 2013
22
Software requirements for Microsoft Dynamics
CRM Server 2013
This section lists the software and application requirements for Microsoft Dynamics CRM Server
2013.
In This Topic
Windows Server operating system
Supported Windows Server 2012 editions
Supported Windows Server 2008 editions
Server virtualization
Active Directory modes
Internet Information Services (IIS)
SQL Server editions
Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirements
SQL Server Reporting Services
Software component prerequisites
Verify prerequisites
Windows Server operating system
Microsoft Dynamics CRM Server 2013 can be installed only on Windows Server 2008 or
Windows Server 2012 64-bit-based computers. The specific versions and editions of Windows
Server that are supported for installing and running Microsoft Dynamics CRM Server 2013 are
listed in the following sections.
Important
 The Windows Server 2003 family of operating systems aren’t supported for installing and
running Microsoft Dynamics CRM Server 2013.
 Microsoft Windows Small Business Server editions aren’t supported for installing and
running Microsoft Dynamics CRM Server 2013.
23
Supported Windows Server 2012 editions
The following editions of the Windows Server 2012 operating system are supported for installing
and running Microsoft Dynamics CRM Server 2013:
 Windows Server 2012 Datacenter
 Windows Server 2012 Standard
Important
Windows Server 2012 R2 is currently not supported with this release of Microsoft
Dynamics CRM Server 2013.
Supported Windows Server 2008 editions
The following editions of the Windows Server 2008 operating system are supported for installing
and running Microsoft Dynamics CRM Server 2013:
 Windows Server 2008 Standard SP2 (x64 versions) or Windows Server 2008 Standard R2 SP1
 Windows Server 2008 Enterprise SP2 (x64 versions) or Windows Server 2008 Enterprise R2
SP1
 Windows Server 2008 Datacenter SP2 (x64 versions) or Windows Server 2008 Datacenter R2
SP1
 Windows Web Server 2008 SP2 (x64 versions) or Windows Web Server 2008 R2 SP1
Important
 Windows Server 2008 installed by using the Server Core installation option is not supported
for installing and running Microsoft Dynamics CRM 2013 Server.
 Windows Server 2008 for Itanium-based systems isn’t supported for installing and running
Microsoft Dynamics CRM Server 2013.
Server virtualization
Microsoft Dynamics CRM servers can be deployed in a virtualized environment by using
Windows Server 2008 or Windows Server 2012 with Hyper-V or virtualization solutions from
vendors who participate in the Microsoft Windows Server Virtualization Validation Program
(SVVP). You must understand the limitations and best practices of server virtualization before
you try to virtualize your installation of Microsoft Dynamics CRM. For information about HyperV, see the Microsoft Virtualization website.
24
Active Directory modes
The computer that Microsoft Dynamics CRM Server 2013 is running on must be a member in a
domain that is running in one of the following Active Directory directory service forest and
domain functional levels:
 Windows Server 2003 Interim
 Windows Server 2003 Native
 Windows Server 2008 Interim
 Windows Server 2008 Native
 Windows Server 2012
For more information about Active Directory domain and forest functional levels, see the Active
Directory Domains and Trusts Microsoft Management Console (MMC) snap-in Help.
Important
 The computer that Microsoft Dynamics CRM is running on shouldn’t function as an Active
Directory domain controller.
 When you use the Add Users Wizard, only users from trusted domains in the current forest
will be displayed. Users from trusted external forests aren’t supported and don’t appear in
the wizard.
 Installing Microsoft Dynamics CRM 2013 Server in an LDAP directory that is running in Active
Directory Application Mode (ADAM) is not supported.
Internet Information Services (IIS)
Microsoft Dynamics CRM Server 2013 supports Internet Information Services (IIS) versions 7,
7.5, and 8.0.
We recommend that you install and run IIS in Native Mode before you install Microsoft
Dynamics CRM Server 2013. However, if IIS is not installed and it is required for a Microsoft
Dynamics CRM server role, Microsoft Dynamics CRM Server Setup will install it.
Important
Microsoft Dynamics CRM can’t use a website that has more than one http or https
binding. Although IIS supports multiple http and https bindings, there is a limitation in
using additional bindings with Windows Communication Foundation (WCF). WCF is
required when you use CRM for Outlook. Before you install or upgrade, you must
remove the additional bindings from the Web site used for Microsoft Dynamics CRM or
select a different Web site.
25
SQL Server editions
Any one of the following Microsoft SQL Server editions is required and must be installed on
Windows Server 2008 (x64 SP2 or R2) versions or Windows Server 2012 64-bit-based computers,
running, and available for Microsoft Dynamics CRM:
 Microsoft SQL Server 2008, Standard Edition, x64 SP3 or R2 SP2
 Microsoft SQL Server 2008, Enterprise Edition, x64 SP3 or R2 SP2
 Microsoft SQL Server 2008 Datacenter x64 SP3 or R2 SP2
 Microsoft SQL Server 2008 Developer x64 SP3 or R2 SP2 (for non-production environments
only)
 Microsoft SQL Server 2012, Enterprise, 64-bit SP1
 Microsoft SQL Server 2012, Business Intelligence, 64-bit SP1
 Microsoft SQL Server 2012, Standard, 64-bit SP1
Important
 32-bit versions of Microsoft SQL Server 2008 or Microsoft SQL Server 2012 database engine
are not supported for this version of Microsoft Dynamics CRM.
 Microsoft SQL Server 2008 Workgroup, Web, Compact, or Microsoft SQL Server 2008
Express Edition editions are not supported for use with Microsoft Dynamics CRM 2013
Server.
 Microsoft SQL Server 2000 and Microsoft SQL Server 2005 editions and are not supported
for this version of Microsoft Dynamics CRM.
 Running 64-bit Microsoft SQL Server 2008 versions for Itanium (IA-64) systems in
conjunction with Microsoft Dynamics CRM will receive commercially reasonable support.
Commercially reasonable support is defined as all reasonable support efforts by Microsoft
Support that do not require Microsoft Dynamics CRM code fixes. Microsoft Dynamics CRM
2013 supports a named instance of Microsoft SQL Server for configuration and organization
databases.
Accessing Microsoft Dynamics CRM from the Internet Claims-based authentication and IFD requirements
The following items are required or recommended for Internet-facing deployment (IFD). This
topic assumes you will be using Active Directory Federation Services (AD FS) as the security
token service (STS). For more information about configuring Microsoft Dynamics CRM for
claims-based authentication, download the Claims-based Authentication White Paper from the
Microsoft Download Center.
26
Important
Exposing the Microsoft Dynamics CRM website to the Internet is not supported unless
claims-based authentication is used and Microsoft Dynamics CRM is configured for IFD.
Similarly, Outlook Anywhere (RPC over HTTP) is not supported as a solution to connect
CRM for Outlook to an on-premises deployment of Microsoft Dynamics CRM 2013 over
the Internet. The on-premises deployment of Microsoft Dynamics CRM 2013 must be
configured for IFD as described in the topic Configure a Microsoft Dynamics CRM Internetfacing deployment.
In order for Microsoft Dynamics CRM for tablets to successfully connect to a new
deployment of Microsoft Dynamics CRM Server 2013, you must run a Repair of
Microsoft Dynamics CRM Server 2013 on the server running IIS where the Web
Application Server role is installed after the Internet-Facing Deployment Configuration
Wizard is successfully completed. For repair instructions, see Uninstall, change, or
repair Microsoft Dynamics CRM Server 2013.
 The computer where Microsoft Dynamics CRM 2013 Server is installed must have access to
a security token service (STS) service, such as Active Directory Federation Services (AD FS)
federation server. Microsoft Dynamics CRM 2013 Server supports Active Directory
Federation Services (AD FS) 2.0, 2.1, and 2.2 versions.
 Note the following conditions for the Web components before you configure IFD:
 If you are installing Microsoft Dynamics CRM in a single server configuration, be aware
that Active Directory Federation Services 2.0 installs on the Default Web Site. Therefore,
you must create a new Web site for Microsoft Dynamics CRM.
 When you run the Internet-Facing Deployment Configuration Wizard, Microsoft
Dynamics CRM 2013 Server must be running on a Web site that is configured to use
Secure Sockets Layer (SSL). Microsoft Dynamics CRM Server Setup will not configure the
Web site for SSL.
 We recommend that the Web site where the Microsoft Dynamics CRM 2013 Web
application will be installed has the “Require SSL” setting enabled in IIS.
 The Web site should have a single binding. Multiple IIS bindings, such as a Web site with
an HTTPS and an HTTP binding or two HTTPS or two HTTP bindings, are not supported
for running Microsoft Dynamics CRM.
 Access to the Active Directory Federation Services (AD FS) federation metadata file from
the computer where the Configure Claims-Based Authentication Wizard is run. Note the
following:
 The federation metadata endpoint must use the Web services trust model (WSTrust) 1.3 standard. Endpoints that use a previous standard, such as the WS-Trust
2005 standard, are not supported. In Active Directory Federation Services 2.0, all
WS-Trust 1.3 endpoints contain /trust/13/ in the URL path.
27
 Encryption certificates. The following encryption certificates are required. You can use
the same encryption certificate for both purposes, such as when you use a wildcard
certificate:
Important
If you use a certificate that is created by using a custom certificate request, the
template that was used must be the Legacy key template. Custom certificate
requests created by using the CNG key template are incompatible with
Microsoft Dynamics CRM. For more information about custom certificate
request templates, see Create a Custom Certificate Request.
 Claims encryption. claims-based authentication requires identities to provide an
encryption certificate for authentication. This certificate should be trusted by the
computer where you are installing Microsoft Dynamics CRM 2013 Server so it must
be located in the local Personal store where the Configure Claims-Based
Authentication Wizard is running.
 SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host
names similar to org.contoso.com, auth.contoso.com, and dev.contoso.com. To
satisfy this requirement you can use a single wildcard certificate (*.contoso.com), a
certificate that supports Subject Alternative Names, or individual certificates for
each name. Individual certificates for each host name are only valid if you use
different servers for each Web server role. Multiple IIS bindings, such as a Web site
with two HTTPS or two HTTP bindings, is not supported for running Microsoft
Dynamics CRM. For more information about the options that are available to you,
contact your certification authority service company or your certification authority
administrator.
 The CRMAppPool account of each Microsoft Dynamics CRM website must have read
permission to the private key of the encryption certificate specified when configuring
claims-based authentication. You can use the Certificates snap-in to edit permissions for the
encryption certificate found in the Personal store of the local computer account.
SQL Server Reporting Services
Specific Microsoft SQL Server Reporting Services editions are used for reporting functionality.
Any one of the following Microsoft SQL Server editions is required and must be installed on
Windows Server 2008 (x64 SP2 or R2) versions or Windows Server 2012 64-bit-based computers,
running and available for Microsoft Dynamics CRM:
 Microsoft SQL Server 2008, Standard Edition, x64 SP3 or R2 SP2
 Microsoft SQL Server 2008, Enterprise Edition, x64 SP3 or R2 SP2
 Microsoft SQL Server 2008 Datacenter x64 SP3 or R2 SP2
28
 Microsoft SQL Server 2008 Developer x64 SP3 or R2 SP2 (for non-production environments
only)
 Microsoft SQL Server 2012, Enterprise, 64-bit SP1
 Microsoft SQL Server 2012, Business Intelligence, 64-bit SP1
 Microsoft SQL Server 2012, Standard, 64-bit SP1
Important
 32-bit versions of Microsoft SQL Server 2008 or Microsoft SQL Server 2012 Reporting
Services are not supported for this version of Microsoft Dynamics CRM.
 Microsoft SQL Server 2008 Workgroup, Web, Compact, or Microsoft SQL Server 2008
Express Edition editions are not supported for use with Microsoft Dynamics CRM 2013
Server.
 Running 64-bit Microsoft SQL Server 2008 versions for Itanium (IA-64) systems in
conjunction with Microsoft Dynamics CRM will receive commercially reasonable support.
Commercially reasonable support is defined as all reasonable support efforts by Microsoft
Support that do not require Microsoft Dynamics CRM code fixes.
 Microsoft SQL Server 2008 Workgroup is not supported for running the Microsoft Dynamics
CRM Reporting Extensions. This is because Microsoft SQL Server 2008 Workgroup does not
support custom data extensions. Therefore, features such as creating, running, or
scheduling Fetch-based or SQL-based reports will not work.
 Using a Microsoft SQL Server 2012 Reporting Services server running in SharePoint mode is
not supported with Microsoft Dynamics CRM. For more information about Microsoft SQL
Server 2012 Reporting Services SharePoint mode, see Install Reporting Services SharePoint
Mode as a Single Server Farm.
Software component prerequisites
The following SQL Server components must be installed and running on the computer that is
running SQL Server before you install Microsoft Dynamics CRM 2013 Server:
 SQL word breakers
This is only required for some Microsoft Dynamics CRM language editions. For more
information about word breaker versions for languages supported by SQL Server see Word
Breakers and Stemmers.
 SQL Server Agent service
 SQL Server full-text indexing
The following components must be installed and running on the computer where Microsoft
Dynamics CRM 2013 Server will be installed:
29
 Services
 Indexing Service
To install this service, see the Windows Server documentation.
 IIS Admin
 World Wide Web Publishing
 Windows Data Access Components (MDAC) 6.0 (This is the default version of MDAC with
Windows Server 2008.)
 Microsoft ASP.NET (Must be registered, but does not have to be running.)
Verify prerequisites
Before you install Microsoft Dynamics CRM 2013 Server, you should understand the following:
 Microsoft SQL Server can be, but is not required to be, installed on the same computer as
Microsoft Dynamics CRM 2013 Server.
 If Microsoft Dynamics CRM 2013 Server and Microsoft SQL Server are installed on different
computers, both computers must be in the same Active Directory directory service domain.
 Microsoft SQL Server can be installed by using either Windows Authentication or mixedmode authentication. (Windows Authentication is recommended for increased security and
Microsoft Dynamics CRM will use only Windows Authentication).
 The service account that SQL Server uses to log on to the network must be either a domain
user account (recommended) or one of the built-in system accounts supported by SQL
Server (Network Service, Local Service, or Local System). Installation of Microsoft Dynamics
CRM will fail if the SQL Server service account is the local administrator.. Installation of
Microsoft Dynamics CRM will fail if the SQL Server service account is the local administrator.
 The SQL Server service must be started and can be configured to automatically start when
the computer is started.
 The Microsoft SQL Server Reporting Services service must be started and configured to
automatically start when the computer is started.
 The SQL Server Agent service must be started. This service can be configured to
automatically start when the computer is started.
 Although it is optional, we recommend that you accept the SQL Server default settings for
Collation Designator, Sort Order, and SQL Collation. Microsoft Dynamics CRM supports both
case-sensitive and case-insensitive sort orders.
 Microsoft Dynamics CRM Server Setup requires at least one network protocol to be enabled
to authenticate by using SQL Server. By default, TCP/IP protocol is enabled when you install
SQL Server. You can view network protocols in SQL Server Configuration Manager.
30
See Also
Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013
Microsoft Dynamics CRM 2013 Reporting Extensions requirements
Microsoft Dynamics CRM 2013 Reporting
Extensions requirements
Microsoft Dynamics CRM Reporting Extensions is not required to run Microsoft Dynamics CRM
2013. However, to create, use, or schedule reports in Microsoft Dynamics CRM, you must install
Microsoft Dynamics CRM Reporting Extensions. Additionally, to create an organization or import
an organization, such as when you migrate from Microsoft Dynamics CRM 2011 to Microsoft
Dynamics CRM 2013 by using Deployment Manager, you must install Microsoft Dynamics CRM
Reporting Extensions.
In this topic
Microsoft Dynamics CRM Reporting Extensions general requirements
Microsoft Dynamics CRM Reporting Authoring Extension General Requirements
Microsoft Dynamics CRM Reporting Extensions are data processing extensions that are installed
on the Microsoft SQL Server Reporting Services server. The Microsoft Dynamics CRM Reporting
Extensions accept the authentication information from the Microsoft Dynamics CRM Server
2013 and passes it to the Microsoft SQL Server Reporting Services server.
Microsoft Dynamics CRM Reporting Extensions Setup includes two data processing extensions:
Fetch data processing extension and SQL data processing extension. These extensions are
installed by default during Microsoft Dynamics CRM Reporting Extensions Setup.
 The Fetch data processing extension is required to create, run, and schedule Fetch-based
reports.
 The SQL data processing extension is required to run and schedule the default (out-of-box)
or SQL-based custom reports in Microsoft Dynamics CRM 2013.
Microsoft Dynamics CRM Reporting Extensions general requirements
The Microsoft Dynamics CRM Reporting Extensions component has the following general
requirements:
31
 You must complete Microsoft Dynamics CRM Server Setup before you run Microsoft
Dynamics CRM Reporting Extensions Setup.
 You can install and run Microsoft Dynamics CRM Reporting Extensions on only one instance
of Microsoft SQL Server Reporting Services on a computer.
 Separate deployments of Microsoft Dynamics CRM cannot share one Microsoft SQL Server
Reporting Services server. However, a single deployment of Microsoft Dynamics CRM that
has multiple organizations can use the same Microsoft SQL Server Reporting Services server.
 You must run the Microsoft Dynamics CRM Reporting Extensions Setup on a computer that
has Microsoft SQL Server 2008 Reporting Services, Microsoft SQL Server 2008 R2 Reporting
Services or Microsoft SQL Server 2012 Reporting Services installed.
 For smaller data sets and fewer users, you can use a single-server deployment or a multipleserver deployment. With larger datasets or more users, performance decreases quickly
when complex reports are run. Use a multi-server deployment with one computer that is
running SQL Server for Microsoft Dynamics CRM, and another server for Microsoft SQL
Server Reporting Services.
Microsoft Dynamics CRM Reporting Authoring Extension General
Requirements
The Microsoft Dynamics CRM Report Authoring Extension has the following general
requirements:
 Make sure that you install the Microsoft Dynamics CRM Report Authoring Extension on the
same computer that has Business Intelligence Development Studio installed.
 If your organization uses Microsoft Office 365, make sure that the computer on which the
Microsoft Dynamics CRM Report Authoring Extension is installed also has the Microsoft
Online Services Sign-in Assistant (MSOSIA) installed on it. Organizations in the Online Service
Delivery Platform have dependency on MSOSIA. If Microsoft Online Services Sign-in
Assistant is already installed, check the registry key SOFTWARE\Microsoft\MSOIdentityCRL
and make sure that the TargetDir registry key in MSOIdentityCRL contains msoidcli.dll.
Additional Microsoft Dynamics CRM Report Authoring Extension software requirements
If the following components are missing, they will be installed by Microsoft Dynamics CRM
Report Authoring Extension Setup:
 Visual Studio 2008 Service Pack 2
 Business Intelligence Development Studio
See Also
Software requirements for Microsoft Dynamics CRM Server 2013
SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013
32
SharePoint Document Management software
requirements for Microsoft Dynamics CRM 2013
If you want to use Microsoft SharePoint document management functionality in Microsoft
Dynamics CRM Server 2013, you have to have one of the following SharePoint editions installed
and running:
 Microsoft SharePoint 2013
 Microsoft SharePoint 2010 SP1 (all editions)
You also have to have at least one site collection configured and available for Microsoft
Dynamics CRM.
To enable the document management functionality, use the Settings area in the CRM web
application.
The user who accesses SharePoint from CRM must have appropriate permissions on the
SharePoint site collection where the document management components are installed. For
more information about how to grant membership on a site collection, see the SharePoint Help.
Microsoft Dynamics CRM 2011 List Component for
Microsoft SharePoint
To use a list view to display documents in Microsoft SharePoint 2010 or Microsoft SharePoint
2013, you have to install the Microsoft Dynamics CRM List Component.
If you don’t install the list component, Microsoft SharePoint 2010 displays the data in a
windowless inline floating frame (IFrame). Microsoft SharePoint 2013 displays an error message
in Internet Explorer. In Google Chrome, Mozilla Firefox, or Apple Safari web browsers, no data or
error message are displayed.
Important
There are two versions of the Microsoft Dynamics CRM List Component:
 Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint Server 2013. This
version doesn’t work with SharePoint 2010.
 Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint Server 2010. This
version doesn’t work with SharePoint 2013.
You can’t use Internet Explorer 7 with Microsoft Dynamics CRM (on-premises)
document management deployments that use SharePoint 2013. For more information,
see Plan browser support in SharePoint 2013.
33
See Also
Microsoft Dynamics CRM 2013 Reporting Extensions requirements
Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013
Lync and Office Communications Server integration
with Microsoft Dynamics CRM 2013
If your organization uses Microsoft Lync or Microsoft Office Communications Server 2007, you
may be able to take advantage of some of the features they offer, like sending instant messages
or checking user availability, from within Microsoft Dynamics CRM or CRM for Outlook. Your
organization must have one of the following products or subscriptions:
 Lync Online
 Microsoft Lync Server 2013
 Microsoft Lync Server 2010
 Microsoft Office Communications Server 2007 and Microsoft Office Communications Server
2007 R2
See Also
SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 Email Router hardware requirements
Microsoft Dynamics CRM 2013 Email Router
hardware requirements
This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft
Dynamics CRM 2013. The following table lists the minimum and recommended hardware
requirements for Microsoft Dynamics CRM 2013 Email Router.
Component
*Minimum
*Recommended
Processor (32-bit)
750-MHz CPU or comparable
Multi-core 1.8-GHz CPU or
higher
34
Component
*Minimum
*Recommended
Processor (64-bit)
x64 architecture or
Multi-core x64 architecture
compatible 1.5 GHz processor 2GHz CPU or higher such as
AMD Opteron or Intel Xeon
systems
Memory
1-GB RAM
2-GB RAM or more
Hard disk
100 MB of available hard disk
space
100 MB of available hard disk
space
*Actual requirements and product functionality may vary based on your system configuration
and operating system.
Running Microsoft Dynamics CRM Email Router on a computer that has less than the
recommended requirements may result in inadequate performance.
See Also
Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 Email Router software requirements
Microsoft Dynamics CRM 2013 Email Router
software requirements
Applies to: Microsoft Dynamics CRM 2013 Email Router and Microsoft Dynamics CRM Online
This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft
Dynamics CRM 2013. It lists the software and application software requirements for Microsoft
Dynamics CRM 2013 Email Router.
Microsoft Dynamics CRM Email Router Setup consists of two main components: the Email
Router and the Rule Deployment Wizard. The Email Router component installs the Email Router
service and Email Router Configuration Manager. You use the Email Router Configuration
Manager to configure the Email Router. The Rule Deployment Wizard component deploys the
rules that enables received email messages to be tracked.
Important
35
Unless specified otherwise, within the Microsoft Dynamics CRM 2013 Support Lifecycle
policy, Microsoft Dynamics CRM applications support the latest version and service pack
(SP) for all required components, such as Windows Server, SQL Server, Microsoft Office,
Internet Explorer, and Exchange Server. However, to fully support the latest version of a
required component you should apply the latest update for Microsoft Dynamics CRM.
You can install the Email Router and Rule Deployment Wizard on any computer that is running
one of the following operating systems, and that has network access to both Microsoft
Dynamics CRM and the email server:
 Windows 7 32-bit and 64-bit editions
 Windows Server 2008 (x64 versions) or Windows Server 2008 R2
 Windows Server 2012 (see requirements below)
Important
 After Microsoft Dynamics CRM Server Setup is finished, apply the latest update rollup, if
any.
 Running Microsoft Dynamics CRM Email Router and Email Router Configuration Manager
(32-bit) is not supported on a Windows Server 64-bit operating system, in Windows-OnWindows (WOW) mode. Install and run the 64-bit version of the Microsoft Dynamics CRM
Email Router.
Rule Deployment Wizard Requires MAPI
The Rule Deployment Wizard requires the Microsoft Exchange Server Messaging API (MAPI)
client runtime libraries. To install the MAPI client runtime libraries, see Microsoft Exchange Server
MAPI Client and Collaboration Data Objects 1.2.1 .
Important
Installing and running the Rule Deployment Wizard on a computer that has Microsoft
Office Outlook installed is not supported. Both applications use a different version of
MAPI that are incompatible.
Note
MAPI versions 6.5.8147 (or later) are supported by Microsoft Exchange Server 2010.
If you already have a version of the MAPI download installed, you must uninstall it
before installing the new version.
If you are installing the Rule Deployment Wizard on a system that uses Microsoft Exchange
Server 2010 as its email server, you must also have installed Update Rollup 2 (or later) of
Microsoft Exchange Server 2010. For more information, see Update Rollup 2 for Exchange Server
2010 (KB979611).
36
In This Topic
Exchange Server
Messaging and transport protocols
Exchange Online
Additional Email Router software requirements
Exchange Server
Microsoft Exchange Server is only required if you want to use the Email Router to connect to an
Exchange Server email messaging system. To do this, you can install the Email Router on any of
the supported Windows or Windows Server operating systems that have a connection to the
Exchange Server. The Email Router supports the following versions of Exchange Server:
 Exchange Server 2007 Standard Edition
 Exchange Server 2007 Enterprise Edition
 Exchange Server 2010 Standard Edition
 Exchange Server 2010 Enterprise Edition
 Microsoft Exchange Online
Important
Exchange 2000 Server editions aren’t supported when using these versions of Microsoft
Dynamics CRM Email Router and Rule Deployment Wizard.
If missing, Microsoft Dynamics CRM Email Router Setup installs the Microsoft .NET
Framework 4 on the computer where you install the Email Router.
The Rule Deployment Wizard component must be installed on a computer that is
running any of the supported Windows or Windows Server operating systems and that
has the MAPI client runtime libraries installed.
Download the MAPI client runtime libraries from the Microsoft Download Center.
Messaging and transport protocols
Microsoft Dynamics CRM Email Router supports a variety of email messaging and transport
options.
POP3
POP3-compliant email systems are supported for incoming email message routing.
37
Important
When you use the Forward Mailbox option on the User form, the POP3 email server
must provide support where an email message can be sent as an attachment to another
email message.
If you configure the Microsoft Dynamics CRM Email Router to connect to a POP3-compliant
email server, the server must support RFC 1939.
Transport protocols
Both SMTP and Exchange Online with Exchange Web Services (EWS) are messaging transport
protocols that are supported for outgoing email message routing.
If you configure the Microsoft Dynamics CRM Email Router to use an SMTP-compliant transport
service, the server must support RFC 2821 and RFC 2822.
Exchange Online
Microsoft Exchange Online is a hosted enterprise messaging service from Microsoft. It provides
the robust capabilities of Microsoft Exchange Server as a cloud-based service. To learn more, see
Exchange Online.
Additional Email Router software requirements
If the following components are missing, they will be installed by Microsoft Dynamics CRM Email
Router Setup:
 Microsoft .NET Framework 4
 Microsoft Visual C++ Redistributable
 Microsoft Application Error Reporting
 Windows Identity Framework (WIF)
 Windows Live ID Sign-in Assistant 6.5
 Microsoft Online Services Sign-in Assistant (Required for Microsoft Dynamics CRM Online
when you subscribe through Microsoft Office 365.)
See Also
Microsoft Dynamics CRM 2013 Email Router hardware requirements
Microsoft Dynamics CRM 2013 for Outlook hardware requirements
38
Microsoft Dynamics CRM 2013 for Outlook
hardware requirements
The following table lists the minimum recommended hardware requirements when you run
Microsoft Dynamics CRM 2013 for Microsoft Office Outlook in either online only or go offline
enabled modes.
Component
Online only mode
Go Offline enabled mode
Processor
2.9 gigahertz (GHz) or faster
x86- or x64-bit dual core
processor with SSE2
instruction set
3.3 gigahertz (GHz) or faster
x86- or x64-bit dual core
processor with SSE2
instruction set
Memory
2-GB RAM or more
4-GB RAM or more
Hard disk
1.5 GB of available hard disk
space
2 GB of available hard disk
space
7200 RPM or more
Display
Super VGA with a resolution
of 1024 x 768
Super VGA with a resolution
higher than 1024 x 768
Note
Actual requirements and product functionality may vary based on your system
configuration and operating system.
Running Microsoft Dynamics CRM on a computer that has less than the minimum
recommended requirements may result in inadequate performance. For the best
performance, we recommend running 64-bit versions of Microsoft Windows, Microsoft
Office, and CRM for Outlook.
Network requirements
Microsoft Dynamics CRM is designed to work best over networks that have the following
elements:
 Bandwidth greater than 50 kbps
 Latency under 150 ms
These values are recommendations and don’t guarantee satisfactory performance.
39
Note
Successful network installation of CRM for Outlook requires a reliable and highthroughput network. Otherwise, installation might fail. The recommended minimum
available bandwidth of the network connection is 300 Kbps.
See Also
Microsoft Dynamics CRM 2013 Email Router software requirements
Microsoft Dynamics CRM 2013 for Outlook software requirements
Microsoft Dynamics CRM 2013 system requirements and required technologies
Microsoft Dynamics CRM 2013 for Outlook
software requirements
CRM for Outlook works the way that you do by providing a seamless combination of Microsoft
Dynamics CRM features in the familiar Microsoft Outlook environment. This section lists
software and software requirements for CRM for Outlook and Microsoft Dynamics CRM for
Microsoft Office Outlook with Offline Access.
Any one of the following operating systems is required:
 Windows 8 (64-bit and 32-bit versions)
 Windows 7 (64-bit and 32-bit versions)
 Windows Vista SP2 (6-bit and 32-bit versions)
 Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 when running as
a Remote Desktop Services application.
Important
Windows XP editions are not supported for installing and running CRM 2013 for
Outlook.
Windows Server 2003 editions are not supported for installing and running CRM 2013
for Outlook as a Remote Desktop Services application.
In this topic
Microsoft Dynamics CRM for Outlook software feature prerequisites
Additional Microsoft Dynamics CRM for Outlook software requirements
40
Running Microsoft Dynamics CRM for Outlook on computers that have multiple versions of Outlook
installed
Microsoft Dynamics CRM for Outlook software feature
prerequisites
The following software must be installed and running on the computer before you run Microsoft
Dynamics CRM for Outlook Setup:
Web Browser. One of the following:
 Supported versions of Internet Explorer
 Supported non-Internet Explorer web browsers
Important
Internet Explorer 7 or earlier versions are not supported for use with Microsoft
Dynamics CRM 2013 for Microsoft Office Outlook.
Microsoft Office. One of the following:
 Microsoft Office 2013
 Microsoft Office 2010
 Microsoft Office 2007
Important
Outlook 2003 versions are not supported for installing and running CRM 2013 for
Outlook.
To install and run the 64-bit version of CRM for Outlook, a 64-bit version of Microsoft
Office is required.
Before you run the Configuration Wizard to configure CRM for Outlook, a Microsoft
Office Outlook profile must exist for the user. Therefore, Microsoft Outlook must be run
at least once to create the user's Microsoft Outlook profile.
Both the web application and CRM for Outlook require JavaScript enabled for certain
features, such as Activity Feeds, dashboard areas, and the display of certain panes or
menus. Although the web application displays error messages when JavaScript is
disabled, CRM for Outlook doesn’t. To verify if JavaScript is enabled in Internet Explorer
9, start Internet Explorer, on the Tools menu click or tap Internet options. On the
Security tab, click or tap Internet, and then click or tap Custom level. In the Security
Settings dialog box under Scripting, Active scripting must be set to Enable.
41
The Indexing Service (now known as the Windows Search Service, or WSS) is required by
users who will set up and use CRM for Outlook and its Help file in offline mode.
Microsoft Dynamics CRM. One of the following editions of Microsoft Dynamics CRM must be
available so that CRM for Outlook can connect to it:
 On-premises editions of Microsoft Dynamics CRM Server 2013
 Microsoft Dynamics CRM Online
Additional Microsoft Dynamics CRM for Outlook software requirements
If needed, the following software will be installed by Microsoft Dynamics CRM for Outlook
Setup:
 Microsoft SQL Server 2008 Express Edition SP1 or *Microsoft SQL Server 2012 Express
Edition
Note
Installed for Microsoft Dynamics CRM for Outlook with Offline Access only.
*Although, Microsoft SQL Server 2012 Express Edition is supported, Microsoft SQL
Server 2008 Express Edition SP1 will be installed during Setup.
 Microsoft .NET Framework 4.
 Microsoft Windows Installer 4.5.
 MSXML 4.0.
 Microsoft Visual C++ Redistributable.
 Microsoft Report Viewer 2010.
 Microsoft Application Error Reporting.
 Windows Identity Framework (WIF).
 Windows Azure AppFabric SDK V1.0.
 Windows Live ID Sign-in Assistant 6.5.
 Microsoft Online Services Sign-in Assistant 2.1.
 Microsoft SQL Server Native Client.
 Microsoft SQL Server Compact 4.0.
 Reporting Services Microsoft ActiveX control. If not installed on the computer, the user will
be prompted to install the software at first attempt to print a report. This installer package
is named RSClientPrint.cab and can found on the Microsoft SQL Server Reporting Services
42
server at <drive>:\Program files\Microsoft SQL Server\<MSSQL>\Reporting
Services\ReportServer\bin.
Running Microsoft Dynamics CRM for Outlook on computers that have
multiple versions of Outlook installed
If you run more than one version of Microsoft Office Outlook on your computer, CRM for
Outlook will only run in the latest version of Outlook. This behavior is true even if you were
previously running Outlook in the earlier version of Microsoft Office. For example, if you run
Outlook in Microsoft Outlook 2010 and then install Microsoft Outlook 2013 keeping Microsoft
Outlook 2010, CRM for Outlook will only run in Microsoft Outlook 2013. If you uninstall
Microsoft Outlook 2013, CRM for Outlook will switch to running in Microsoft Outlook 2010
again.
See Also
Microsoft Dynamics CRM 2013 for Outlook hardware requirements
Web application requirements for Microsoft Dynamics CRM 2013 web application requirements
Web application requirements for Microsoft
Dynamics CRM 2013 web application requirements
This section lists the hardware and software requirements for the Microsoft Dynamics CRM
2013 and Microsoft Dynamics CRM Online web and mobile device client applications.
In This Topic
Microsoft Dynamics CRM web application hardware requirements
Supported versions of Internet Explorer
Supported non-Internet Explorer web browsers
Supported versions of Microsoft Office
Printing reports
Microsoft Dynamics CRM web application hardware
requirements
The following table lists the minimum and recommended hardware requirements for the
Microsoft Dynamics CRM web application.
43
Component
Minimum
Recommended
Processor
2.9 gigahertz (GHz) or faster
x86- or x64-bit dual core
processor with SSE2
instruction set
3.3 gigahertz (GHz) or faster 64bit dual core processor with
SSE2 instruction set and 3 MB
or more L3 cache
Memory
2-GB RAM
4-GB RAM or more
Display
Super VGA with a resolution
of 1024 x 768
Super VGA with a resolution of
1024 x 768
Running Microsoft Dynamics CRM on a computer that has less than the recommended
requirements may result in inadequate performance.
Network requirements
Microsoft Dynamics CRM is designed to work best over networks that have the following
elements:
 Bandwidth greater than 400 kbps
 Latency under 150 ms
Notice that these values are recommendations and don’t guarantee satisfactory performance.
Supported versions of Internet Explorer
The following two sections list the supported operating systems and versions for the Microsoft
Dynamics CRM web application when you run Internet Explorer.
Supported operating systems when you use Internet Explorer
The following operating systems are supported for the Microsoft Dynamics CRM web
application:
 Windows 8 and Windows RT supported when you use Internet Explorer 10
 Windows 7 (all versions)
 Windows Vista (all versions)
Important
44
Windows 8.1 has not been tested and isn’t fully supported with this release of Microsoft
Dynamics CRM 2013 and Microsoft Dynamics CRM Online.
Supported versions of Internet Explorer
The Microsoft Dynamics CRM web application can run in any of the following Internet Explorer
versions:
 *Internet Explorer 10
 Internet Explorer 9
 Internet Explorer 8
*Internet Explorer 10 that has the new Windows UI optimized for touch devices is only
supported for use with the areas of Microsoft Dynamics CRM that have the modern user
interface. For more information about Internet Explorer 10 browser experience modes, see
Internet Explorer 10 on Windows 8.
Important
Internet Explorer 7 isn’t supported with Microsoft Dynamics CRM 2013 on-premises
versions or Microsoft Dynamics CRM Online.
Using plug-ins or other third-party extensions in your browser can increase load times
on pages with lists of data.
Supported non-Internet Explorer web browsers
The Microsoft Dynamics CRM web application can run in any of the following web browsers
running on the specified operating systems.
 Mozilla Firefox (latest publicly released version) running on Windows 8, Windows 7, or
Windows Vista
 Google Chrome (latest publicly released version) running on Windows 8, Windows 7,
Windows Vista, or Nexus 10 tablet
 Apple Safari (latest publicly released version) running on 10.8 (Mountain Lion)
To find the latest release for these web browsers, visit the software manufacturer’s website.
Important
Using plug-ins or other third-party extensions in your browser can increase load times
on pages with lists of data.
45
Supported versions of Microsoft Office
To use Microsoft Dynamics CRM with Microsoft Office integration features, such as Export to
Excel and Mail Merge, you must have one of the following Microsoft Office versions on the
computer that is running the Microsoft Dynamics CRM web application:
 Microsoft Office 2013
 Microsoft Office 2010
 Microsoft Office 2007
Important
Microsoft Office 2003 versions aren’t supported for use with Microsoft Dynamics CRM
2013.
Printing reports
The Reporting Services Microsoft ActiveX control is required to print reports. If a user tries to
print a report, but the control isn’t installed, the user will be prompted to install it. The installer
package is named RSClientPrint.cab and can found on the Microsoft SQL Server Reporting
Services server at <drive>:\Program files\Microsoft SQL Server\<MSSQL>\Reporting
Services\ReportServer\bin.
See Also
Microsoft Dynamics CRM 2011 for Outlook software requirements
64-bit supported configurations
Microsoft Dynamics CRM 2011 System Requirements and Required Components
Tablet support for Microsoft Dynamics CRM 2013
and CRM Online
You can access Microsoft Dynamics CRM data from tablet devices in different ways. Apps for
Windows 8 and Apple iPad tablets are available to run Microsoft Dynamics CRM 2013 and
Microsoft Dynamics CRM Online. Alternatively, CRM can be accessed using the device’s
preferred browser for those devices described here. Tablets not specifically mentioned here can
typically use Microsoft Dynamics CRM for phones.
Note
46
For on-premises deployments of Microsoft Dynamics CRM 2013, the apps for Windows
8 and Apple iPad require an Internet-facing deployment that uses claims-based
authentication.
The Microsoft Dynamics CRM for Windows 8 app is compatible with devices that run
Windows 8, such as Microsoft Surface. The Microsoft Dynamics CRM for iPad app is
compatible with iPad 3. These apps aren’t compatible with other mobile devices such as
smartphones (Windows Phone , iPhone, or Android-based), or other tablet devices, such
as Android-based tablets. More information: Set up CRM for tablets.
In This Topic
Windows 8
Apple iPad
Google Nexus
Windows 8
You can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online on Windows 8
using either the Microsoft Dynamics CRM for Windows 8 app, or by using a supported web
browser. For more information about web browser support, see Web application requirements for
Microsoft Dynamics CRM 2013 web application requirements.
CRM for Windows 8 is designed for PCs and tablets that run Windows 8 using the immersive
modern application. However, it isn’t a Windows desktop application and won’t run in Windows
8 desktop mode.
Download Microsoft Dynamics CRM for Windows 8 from the Windows 8 Marketplace.
Microsoft Dynamics CRM for Windows 8 minimum requirements
Operating System
*Windows 8
*Windows RT
Processor
Windows 8 tablets and PCs: 1.8 gigahertz (GHz)
or faster with support for PAE, NX, and SSE2
Windows RT tablets: ARM-based Dual Core 1.3
GHz or higher
RAM
Windows 8 tablets and PCs: 4 GB or more
47
Windows RT tablets: 2 GB or more
Storage
32 GB (64 GB recommended)
Resolution
1366 x 768 resolution with capacitive touch
screen
*Not supported in desktop mode.
Important
Windows 8.1 hasn’t been tested and isn’t fully supported with this release of Microsoft
Dynamics CRM.
Apple iPad
You can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online on an iPad
using either the Microsoft Dynamics CRM for iPad app that is designed for iOS iPad tablets, or in
the latest version of the Apple Safari on iPad web browser.
Download Microsoft Dynamics CRM for iPad from the Apple Store.
Microsoft Dynamics CRM for iPad minimum requirements
Device
iPad 3 with Retina display
Operating System
iOS 6
Earlier iOS versions and other iPad models, such as the iPad mini, aren’t supported. For those
devices, use Microsoft Dynamics CRM for Phones.
Google Nexus
You can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online in the latest
Google Chrome web browser on a Google Nexus 10 tablet running Android 4.2.2.
Important
Android versions later than 4.2.2 on tablet devices other than Nexus 10 will attempt to
run the full CRM web application. However, this configuration is currently not
supported. For those devices, see Microsoft Dynamics CRM for Phones in this topic.
48
See Also
Web application requirements for Microsoft Dynamics CRM 2013 web application requirements
Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Microsoft Dynamics CRM 2013 system requirements and required technologies
Mobile phone support for Microsoft Dynamics CRM
2013 and Microsoft Dynamics CRM Online
Access data from Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM Online with your
mobile phone using one of the following methods.
 Microsoft Dynamics CRM phone apps. Download the app for your phone.
 Microsoft Dynamics CRM for phones. Use your phone’s preferred web browser.
In This Topic
CRM phone apps
CRM for phones
CRM phone apps
Several apps are available for popular mobile phones. The following smartphone operating
systems are supported with Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online. More information: Set up CRM for phones.
CRM for iPhones
iOS version
Example device
iOS 6
iPhone 5
For a list of the supported languages available for this app, see CRM phone app language support.
CRM for Android
49
Android version
Example device
4.1 and 4.2 (Jelly Bean)
Galaxy S3
4.0 (Ice Cream Sandwich)
Galaxy S3
For a list of the supported languages available for this app, see CRM phone app language support.
CRM for Windows Phone 8
Windows Phone version
Example device
Windows Phone 8.0
HTC Windows Phone 8X, Nokia Lumia,
Samsung ATIV
BlackBerry
BlackBerry devices don’t have an app specific for the device but are supported for running
Microsoft Dynamics CRM by using the BlackBerrymobile browser. The following tables lists the
devices supported to run Microsoft Dynamics CRM in the BlackBerry mobile browser.
BlackBerry version
Example device
10
BlackBerry Z10
7
BlackBerry Torch 9860, BlackBerry Curve 9370
6
BlackBerry Bold 9780, BlackBerry Bold 9900
Many other smartphone operating system versions not mentioned here can use CRM for phones
mode.
CRM for phones
In most cases, devices not listed earlier in this topic can use Microsoft Dynamics CRM for phones
mode, which runs in your smartphone’s web browser.
50
CRM for phones comes installed with Microsoft Dynamics CRM Server 2013 and is available with
Microsoft Dynamics CRM Online. CRM for phones offers great device flexibility because it runs
on any web browser that supports common standards, which are HTML 4.0 and JavaScript.
More information: Use CRM for phones
See Also
Tablet support for Microsoft Dynamics CRM 2013 and CRM Online
64-bit supported configurations for Microsoft Dynamics CRM 2013
64-bit supported configurations for Microsoft
Dynamics CRM 2013
Installing and running Microsoft Dynamics CRM 2013 and connecting to database, reporting
services, and email components running on other 32-bit computers is generally supported. For
example:
 Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, or Exchange Server 2013
editions, which are available only for 64-bit systems, are supported, and can run 64-bit, or
32-bit, editions of the Microsoft Dynamics CRM Email Router.
 CRM for Outlook includes a 64-bit version that can be installed on any of the supported 64bit Windows operating systems.
 The 32-bit version of CRM for Outlook can be installed and run on a 64-bit Windows
operating system but the version of Microsoft Outlook must be 32-bit.
Important
32-bit versions of Microsoft SQL Server database engine or Microsoft SQL Server
reporting services aren’t supported with Microsoft Dynamics CRM 2013. You can’t use a
computer that is running a Microsoft SQL Server 32-bit edition as the database server or
reporting services server for Microsoft Dynamics CRM Server 2013. For more
information about the supported versions of Microsoft SQL Server, see SQL Server
editions and SQL Server Reporting Services.
See Also
Web application requirements for Microsoft Dynamics CRM 2013 web application requirements
Microsoft Dynamics CRM 2013 language support
51
Microsoft Dynamics CRM 2013 language support
This section describes the supported configurations for different language versions of a
Microsoft Dynamics CRM 2013 system. This section doesn’t include information about Microsoft
Dynamics CRM Language Pack support, but instead explains the supported configurations for
the base-language versions. For more information about Microsoft Dynamics CRM Language
Pack, see Install and deploy a Language Pack.
In This Topic
Microsoft Dynamics CRM Server language requirements
Microsoft Dynamics CRM Server language examples
CRM phone app language support
Microsoft Dynamics CRM Server language requirements
The following requirements must be met when you run Microsoft Dynamics CRM with
applications such as SQL Server. Note that all available CRM languages are supported.
Microsoft Dynamics CRM product
Requirement
Microsoft Dynamics CRM Server 2013
The base language of Windows Server, SQL
Server, Microsoft .NET Framework, MDAC, and
MSXML must be either the same language as
Microsoft Dynamics CRM Server 2013 or
English. If an application isn’t available in a
certain language, the English version can be
used.
Microsoft Dynamics CRM for Microsoft Office
Outlook
The base language of Windows Server,
Microsoft SQL Server 2008 Express Edition,
Internet Explorer, Microsoft Office, Microsoft
.NET Framework, MDAC, and MSXML don’t
have to be the same language as CRM for
Outlook.
Each client stack in a single deployment can be
in a different language.
Microsoft Dynamics CRM Server 2013 and
The base language version of Microsoft
Dynamics CRM Server 2013 must match that of
52
Microsoft Dynamics CRM product
Requirement
Microsoft Dynamics CRM for Outlook
CRM for Outlook.
For example, there can’t be some users who
run the German version of CRM for Outlook
while other users run the English version. For
this scenario, we recommend provisioning the
appropriate Microsoft Dynamics CRM
Language Pack.
For example, you could have the following configuration having German as their base language:
 Microsoft Dynamics CRM Server 2013
 Windows Server 2008
 Microsoft SQL Server 2008
 Microsoft Exchange Server 2010
 MSXML
 .NET Framework
As another example, you could have Microsoft Dynamics CRM Server 2013 with Swedish as its
base language and it could be configured with the following applications that have English as
their base language:
 Windows Server 2008
 Microsoft SQL Server 2008
 Microsoft Exchange Server 2010
 MSXML
 .NET Framework
Microsoft Dynamics CRM Server language examples
The following table describes an example of a supported language configuration for Microsoft
Dynamics CRM Server 2013 where all language editions match.
Program
Language
Windows Server 2008
German
53
Program
Language
Microsoft SQL Server 2008
German
Microsoft Exchange Server 2010
German
MSXML
German
.NET Framework
German
Microsoft Dynamics CRM Server 2013
German
The following table describes an example of a supported language configuration for Microsoft
Dynamics CRM Server 2013 where not all language editions match.
Program
Language
Windows Server 2008
English
Microsoft SQL Server 2008
English
Microsoft Exchange Server 2010
English
MSXML
English
.NET Framework
English
Microsoft Dynamics CRM Server 2013
Swedish
CRM phone app language support
The CRM phone apps are available in the following languages.
CRM for Windows 8 Phones
 English
 French
 Italian
 German
 Spanish
54
 Portuguese (Portugal)
 Portuguese(Brazil)
 Chinese (Simplified)
 Chinese (Traditional)
 Czech
 Danish
 Dutch
 Finnish
 Greek
 Hungarian
 Japanese
 Korean
 Norwegian
 Polish
 Russian
 Swedish
CRM for iPhone
 English
 French
 Italian
 German
 Spanish
 Portuguese (Portugal)
 Chinese Simplified
 Chinese Traditional
 Japanese
CRM for Android
 English
 French
55
 German
 Italian
 Spanish
 Portuguese (Portugal)
 Chinese Simplified
 Chinese Traditional
 Japanese
Note
BlackBerry devices don’t have a CRM app and are only supported for running Microsoft
Dynamics CRM by using the BlackBerry mobile browser.
See Also
64-bit supported configurations for Microsoft Dynamics CRM 2013
Planning Deployment of Microsoft Dynamics CRM 2013
Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Planning Deployment of Microsoft Dynamics CRM
2013
The deployment architecture you will use depends on your business needs. This section
provides guidelines for planning a Microsoft Dynamics CRM deployment on four representative
computer system architectures: a single-computer server deployment based on Windows Small
Business Server, a two-server deployment, a five-server deployment, and a multiple-server
deployment involving a minimum of six servers. These deployments are discussed in detail in
Microsoft Dynamics CRM 2013 supported configurations in this guide.
Use this section as a reference if you have no existing Windows Server infrastructure, and you
are planning a new Microsoft Dynamics CRM deployment.
If most or all the Windows Server infrastructure already exists, we recommend that you read
this section to make sure that your current infrastructure meets the prerequisites for a
successful Microsoft Dynamics CRM deployment.
56
In This Section
Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013
Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013
Security considerations for Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 supported configurations
Upgrading from Microsoft Dynamics CRM 2011
Related Sections
Microsoft Dynamics CRM 2013 system requirements and required technologies
Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics
Prerequisites and considerations for planning your
deployment of Microsoft Dynamics CRM 2013
This section contains lists of what you must have before you install Microsoft Dynamics CRM,
such as needed hardware and software. Use this section for preparing your network and to
make sure that all requirements are satisfied before you run Microsoft Dynamics CRM Server
Setup.
In this section, the following topics are discussed:
 Hardware and software requirements. A brief overview of the computer hardware and
software requirements, and where you can find more information about the requirements.
 Active Directory considerations. Supported Active Directory forest and domain modes.
 SQL Server and SQL Server Reporting Services installation and configuration. A summary of
how Microsoft SQL Server and Microsoft SQL Server Reporting Services must be deployed
and configured to install Microsoft Dynamics CRM.
 Planning Exchange Server or POP3. A summary of how Exchange Server or a POP3compliant e-mail server must be deployed to install and use the Email Router to send and
receive Microsoft Dynamics CRM e-mail messages.
 Security considerations. Information about how you can make the Microsoft Dynamics CRM
system more secure.
 Supported configurations. Information about the supported network, domain, and server
configurations for Microsoft Dynamics CRM.
57
 Upgrading from a previous version of Microsoft Dynamics CRM. How Microsoft Dynamics
CRM upgrades your current system and what happens to items such as existing reports and
customizations.
See Also
Hardware requirements
Software requirements
Active Directory and network requirements for Microsoft Dynamics CRM 2013
SQL Server installation and configuration
Planning email integration
Security considerations for Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 supported configurations
Hardware requirements
Depending on how you plan to deploy the system, as a single-server solution, a multiple-server
solution, or a clustered solution, the computer hardware that Microsoft Dynamics CRM and
components will run on is important for acceptable application performance.
There are many factors that you must consider that can affect the hardware requirements. They
include the following:
 Number of users the Microsoft Dynamics CRM implementation will support and the way the
application will be used, such as for intensive reporting.
 Number of servers and how they are configured.
 Microsoft SQL Server performance and availability.
 Integration of Microsoft Dynamics CRM with the Microsoft Exchange Server or POP3 e-mail
servers.
 Integration with SharePoint Server.
 Performance of your servers and the local area network (LAN).
 Whether users will be connecting from untrusted domains and forests or from the Internet.
For a list of the suggested hardware requirements, see these topics.
Microsoft Dynamics CRM Server 2013 hardware requirements
Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013
58
Microsoft Dynamics CRM 2013 Email Router hardware requirements
Microsoft Dynamics CRM 2013 for Outlook hardware requirements
See Also
Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013
Software requirements
Software requirements
Before you install an on-premises deployment of Microsoft Dynamics CRM 2013, there are
several operating system, application, and software features that must be installed, configured,
and running either on the computer where Microsoft Dynamics CRM Server is running or on
another computer on your network. Some of these operating system and software components
include Windows Server, Microsoft SQL Server, Microsoft SQL Server Reporting Services, and
.NET Framework.
For a complete list of the software requirements, see Microsoft Dynamics CRM 2013 system
requirements and required technologies in this guide.
See Also
Hardware requirements
Active Directory and network requirements for Microsoft Dynamics CRM 2013
Active Directory and network requirements for
Microsoft Dynamics CRM 2013
Active Directory Domain Services (AD DS) is a feature of the Windows Server operating systems.
AD DS provides a directory and security structure for network applications such as Microsoft
Dynamics CRM.
As with most applications that rely on a directory service, Microsoft Dynamics CRM has
dependencies that are important for operation, such as use of AD DS to store user and group
information and to create application security.
Microsoft Dynamics CRM should only be installed on a Windows Server that is a domain
member or, if you are installing on Windows Small Business Server, a domain controller. The
59
domain where the server is located must be running in one of the following Active Directory
modes:
 Windows Server 2003 Native
 Windows Server 2003 Interim
 Windows Server 2008 Modes
 Windows Server 2012 Modes
 For more information about Active Directory domain and forest modes, see:
 How to raise Active Directory domain and forest functional levels
 Active Directory (Windows Server 2008 R2)
Important
Windows 2000 Server forest and domain modes are not supported with Microsoft
Dynamics CRM 2013.
Federation and claims-based authentication support
When you configure Microsoft Dynamics CRM for Internet-facing access it requires federated
services that support claims-based authentication. We recommend Active Directory Federation
Services (AD FS) in Windows Server 2008 or Windows Server 2012.
Active Directory Federation Services
Active Directory Federation Services (AD FS) is a highly secure, highly extensible, and Internetscalable identity access solution that allows organizations to authenticate users from partner
organizations. Using AD FS in Microsoft Windows Server, you can simply and very securely grant
external users access to your organization’s domain resources. AD FS can also simplify
integration between untrusted resources and domain resources within your own organization.
AD FS is available as a server role in Windows Server 2012 and Windows Server 2008 R2. In
earlier versions of Windows Server 2008, AD FS can be downloaded and installed (see the Active
Directory Federation Services 2.0 RTW download link in the table).
Digital Certificates
Active Directory Federation Services (AD FS) requires two types of digital certificates:
 Claims encryption. claims-based authentication requires identities to provide an encryption
certificate for authentication. This certificate should be trusted by the computer where you
are installing Microsoft Dynamics CRM Server 2013 so it must be located in the local
Personal store where the Configure Claims-Based Authentication Wizard is running.
60
 SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host names
similar to org.contoso.com, auth.contoso.com, and dev.contoso.com. To satisfy this
requirement you can use a single wildcard certificate (*.contoso.com), a certificate that
supports subject alternative names, or individual certificates for each name. Individual
certificates for each host name are only valid if you use different servers for each web server
role. Multiple IIS bindings, such as a website with two HTTPS or two HTTP bindings, isn’t
supported for running Microsoft Dynamics CRM. For more information about the options
that are available to you, contact your certification authority service company or your
certification authority administrator.
To meet these requirements, your organization should have a public key infrastructure or a
contract with a digital certificate provider such as VeriSign, GoDaddy, or Comodo.
For more information about Active Directory, see the resources in the following table.
Topic
Link
Active Directory Domain Services
Active Directory Domain Services for Windows
Server 2008 R2
Understanding AD DS Design
Understanding AD DS Design
Designing the Site Topology for Windows
Server 2008 AD DS
Designing the Site Topology
Domain Controller Role Deploment
FSMO placement and optimization on Active
Directory domain controllers
Active Directory Federation Services (AD FS)
AD FS Deployment Guide
Access & Information Protection
Active Directory Federation Services 2.0AD FS
2.0 RTW Download
Active Directory Federation Services 2.0 RTW
Digital certificates overview
Certificates
IPv6 Support
Microsoft Dynamics CRM 2013 works with IPv6 either alone or together with IPv4 within
environments that have networks where IPv6 is supported.
61
See Also
Software requirements
SQL Server installation and configuration
SQL Server installation and configuration
To plan your use of Microsoft SQL Server with Microsoft Dynamics CRM Server, you must
understand how Microsoft Dynamics CRM uses SQL Server, and what Microsoft Dynamics CRM
Server Setup does and does not do:
 Microsoft Dynamics CRM Server requires SQL Server 64-bit versions for storing the
databases that contain Microsoft Dynamics CRM data and metadata. For specific details, see
SQL Server editions in this guide.
 Reports in Microsoft Dynamics CRM depend on Microsoft SQL Server Reporting Services, a
feature in SQL Server. Reporting Services includes two server components that are used to
store, display, and manage reports: Report Server and Report Manager. A third component,
Report Designer, is used to customize reports and write new reports. The Report Designer
component is available with Microsoft Visual Studio and is typically installed on a
workstation, instead of on the computer that is running SQL Server.
 Microsoft Dynamics CRM Server Setup does not install SQL Server database engine or
Microsoft SQL Server Reporting Services.
There are many configurations possible based on your expected usage of Microsoft Dynamics
CRM. For information about the licensing implications when you install Microsoft SQL Server
Reporting Services on a separate computer, see SQL Server 2008 R2 Licensing.
 Although we do not recommend it, you can install SQL Server on the same computer as
Microsoft Dynamics CRM Server 2013. For better performance, install and run SQL Server on
a separate dedicated computer. For better performance and improved availability, install
and run SQL Server on separate multiple dedicated computers in a clustered configuration.
For more information, see Set configuration and organization databases for SQL Server
2012 AlwaysOn failover.
 Similarly, we recommend that you install Microsoft Dynamics CRM Reporting Extensions on
a separate SQL Server that is running Microsoft SQL Server Reporting Services. However, if
needed you can install Microsoft Dynamics CRM Reporting Extensions on a SQL Server that
is running Microsoft SQL Server Reporting Services but also stores the Microsoft Dynamics
CRM databases.
Notice that, when you run the database engine and Reporting Services on separate SQL
Servers, the versions of SQL Server do not have to match. For example, the SQL Server
database engine where the Microsoft Dynamics CRM databases are stored can be Microsoft
62
SQL Server 2008 R2 and the Reporting Services server where the Microsoft Dynamics CRM
Reporting Extensions are installed can be Microsoft SQL Server 2012.
 Although, in a multiple organization deployment of Microsoft Dynamics CRM, you can
specify different Reporting Services servers or server instances when you create or edit an
organization, only one instance of Reporting Services is supported for all organizations in the
deployment. For better load balancing of reports, we recommend configuring Report Server
in a Network Load Balancing (NLB) cluster. For more information, see Configure a Report
Server on a Network Load Balancing Cluster.
 Multiple Microsoft Dynamics CRM front-end servers that run in a network load balancing
cluster can use the same computer that is running SQL Server. For more information, see
Install Microsoft Dynamics CRM Server 2013 on multiple computers.
In This Section
SQL Server requirements and recommendations for Microsoft Dynamics CRM
SQL Server deployment
Additional resources for SQL Server
Related Sections
Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013
Planning requirements for Microsoft SQL Server Reporting Services
SQL Server requirements and recommendations for
Microsoft Dynamics CRM
These requirements apply to new and existing installations of SQL Server:
 Microsoft Dynamics CRM requires an instance of Microsoft SQL Server Reporting Services be
installed, running, and available. All installations of the supported SQL Server editions can be
used as the reporting server. However, the Reporting Services edition must match the SQL
Server edition.
 Microsoft Dynamics CRM 2013 isn’t supported on Microsoft SQL Server 2000, Microsoft SQL
Server 2005, or 32-bit versions of Microsoft SQL Server 2008 and Microsoft SQL Server 2012.
 Microsoft Dynamics CRM Server 2013 is not supported with SQL Server that is running on
Windows Server 2003 or Windows 2000 Server.
 When Microsoft Dynamics CRM Server 2013 and SQL Server are installed on different
computers, they must be in the same Active Directory domain.
63
 Microsoft Dynamics CRM Server Setup and Microsoft Dynamics CRM 2013 Deployment
Manager support the default instance or a named instance of SQL Server.
 Although you can install SQL Server by using either Windows Authentication or mixed-mode
authentication, Windows Authentication is a prerequisite for Microsoft Dynamics CRM.
 The service account that SQL Server uses to log on to the network must be either a domain
user account (recommended) or the Network Service account (you can’t use a local user
account on the server). Using a low-privilege account strategy is recommended to help
avoid compromising the security of the server.
 The SQL Server service must be started. This service should be configured to automatically
start when the computer is started.
 SQL Server Agent must be started. This service should be configured to automatically start
when the computer is started.
 SQL Server Full-Text Search must be installed and started. This service should be configured
to automatically start when the computer is started.
 Microsoft Dynamics CRM Server Setup requires a network library to authenticate SQL
Server. By default, TCP/IP network libraries are enabled when you install Microsoft SQL
Server. SQL Server can use both TCP/IP or Named Pipes for authentication. However, the
computer that is running SQL Server must be configured for at least one of the two network
libraries.
 We recommend that the computer that is running SQL Server be located on the same local
area network (LAN) as the computer that is running the Microsoft Dynamics CRM Server
2013 Back End Server roles. For a description of the server roles, see Microsoft Dynamics CRM
2013 server roles.
 The computer that is running SQL Server must be configured to have sufficient disk space,
memory, and processing power to support the Microsoft Dynamics CRM environment. For
more information, see Microsoft Dynamics CRM Server 2013 hardware requirements in this
guide.
 Although it’s optional, consider accepting the SQL Server default settings for Collation
Designator, Sort Order, and SQL Collation. Microsoft Dynamics CRM supports the following
collation orders:
 Case-sensitive
 Case-insensitive
 Accent-sensitive
 Accent-insensitive
 Binary sort order (such as Latin1_General_100_BIN)
Note
64
Microsoft Dynamics CRM sets the collation order at the database level. This setting
might differ from that set at the SQL Server level.
 Review all SQL Server installation options and be prepared to make the needed selections
when you run Setup. For more information, see Installation for SQL Server 2012.
 If you plan to install SQL Server in a location other than the default file location, see File
Locations for Default and Named Instances of SQL Server.
You should also consider where the Microsoft Dynamics CRM databases are located on the
server, and the hard-disk configuration that will support them.
Note
To achieve the best combination of disk fault tolerance and performance, consider
the many specifications for redundant array of independent disks (RAID) available
from hardware vendors. Format the disks where the SQL Server database files
reside for the fault-tolerance requirements of the application and performance
parameters for the I/O activity occurring on that partition.
 If you are using an operating system with regional settings other than English (United
States), or if you are customizing character-set or sort-order settings, review topics on
collation settings. For more information, see International Considerations for SQL Server.
See Also
SQL Server installation and configuration
SQL Server deployment
SQL Server deployment
If your organization uses Microsoft SQL Server for applications other than Microsoft Dynamics
CRM, performance may degrade as resources are consumed by other applications. If you use a
computer that is running SQL Server that is used for other applications, you must carefully
analyze the effect that Microsoft Dynamics CRM will have on the existing installation of SQL
Server. For information about monitoring SQL Server, see Performance Monitoring and Tuning HowTo Topics.
For best results, we recommend that you install the Microsoft Dynamics CRM databases on a
computer that is running SQL Server and that will support only Microsoft Dynamics CRM and no
other databases or database applications.
65
In This Topic
SQL Server deployment considerations
Language locale collation and sort order
Disk configurations and file locations
SQL Server program file location
SQL Server data file location
Microsoft Dynamics CRM database renaming considerations
SQL Server transparent data encryption
SQL Server deployment considerations
Microsoft Dynamics CRM is a database-intensive application. Before you deploy Microsoft
Dynamics CRM to an instance of SQL Server, you should consider the following requirements
and database configurations:
 Modification of system tables. The SQL Server system tables should not be modified before
you install Microsoft Dynamics CRM Server 2013. Some database applications may modify
the SQL Server system tables. If this occurs, problems with Microsoft Dynamics CRM and
data may result.
 Indexing. Full-text indexing must be installed. This is required for Microsoft Dynamics CRM
knowledge-base functionality.
 Compatibility level. During an upgrade or a new installation, Microsoft Dynamics CRM
Server Setup sets the database compatibility level to 100, which is the compatibility level of
Microsoft SQL Server 2008.
 Autogrowth. By default, Microsoft Dynamics CRM organization database files are created to
have an autogrowth setting of 256 megabytes. Earlier versions of Microsoft Dynamics CRM
used the default setting of 1 megabyte autogrowth. If you perform intensive database
transactions, such as large data imports, consider increasing the autogrowth value to
improve performance. For information about how to change the autogrowth setting for a
database, see the SQL Server Management Studio Help.
 Max server memory. We recommend that, if you run SQL Server on a computer that is also
running other applications, that the SQL Server max server memory be set to no more than
one half of the installed RAM. By default, max server memory is set to 2147483647
megabytes in Microsoft SQL Server 2008 and Microsoft SQL Server 2012, which has
demonstrated resource issues with SQL Server during intensive use of Microsoft Dynamics
CRM. More information: Server Memory Options
 Max degree of parallelism. We recommend if you experience poor SQL Server performance,
which can occur due to complex index statements, that the SQL Server max degree of
66
parallelism be set to 1 to help improve overall application performance on multiprocessor
systems. More information: max degree of parallelism Option
 RCSI. Running Microsoft Dynamics CRM that uses a SQL Server configured for read
committed snapshot isolation (RCSI) will receive commercially reasonable support.
Commercially reasonable support is defined as all reasonable support efforts by Microsoft
Customer Support Services that do not require Microsoft Dynamics CRM code fixes.
Language locale collation and sort order
Installing SQL Server in a language other than English (U.S.) may require changing the Collation
designator. The following table indicates the Collation designator to use for some of the
available languages.
Windows Locale
Locale Identifier
(LCID)
Collation Designator
Code Page
Danish
0X406
Danish_Norwegian
1252
Dutch (Standard)
0X413
Latin1_General
1252
English (United States) 0X409
Latin1_General
1252
French (France)
0X40C
French
1252
German (Germany)
0X407
Latin1_General
1252
Italian
0X410
Latin1_General
1252
Portuguese (Brazil)
0X416
Latin1_General
1252
Spanish (Traditional
Sort)
0XC0A
Modern_Spanish
1252
Disk configurations and file locations
For the default instance of SQL Server, the default directory for both program and data files is
\Program Files\Microsoft SQL Server\MSSQL<ver>.MSSQLSERVER\MSSQL\, where <ver> is the
major version of SQL Server, such as 10 for Microsoft SQL Server 2008 or 11 for Microsoft SQL
Server 2012. You can specify a file path other than the default for both program and data files.
Note
67
The default locations for program and data files are not necessarily the best locations.
For the best combination of disk fault tolerance and performance, consider the RAID
specifications available from hardware vendors. You can create the Microsoft Dynamics
CRM databases on your partitions, especially for these files, and specify the existing
databases when you run Microsoft Dynamics CRM Server Setup. The databases created
by Microsoft Dynamics CRM are noted in the specified data file location. For more
information, see SQL Server data file location later in this topic.
By default, Shared Tools are installed in \Program Files\Microsoft SQL Server\100\Tools on the
system drive. This folder contains the default and named files shared by all instances of SQL
Server. Tools include the T-SQL command line utility and the OSQL SQL query tool.
Microsoft SQL Server Setup also installs files in the Windows system directory. The system file
location cannot be changed.
SQL Server program file location
The SQL Server program files are located in \Program Files\Microsoft SQL
Server\MSSQL<ver>.MSSQLSERVER\MSSQL\Binn.
The binary file location is in the root directory where Setup creates the folders that contain
program files and other files that typically do not change this path as you use SQL Server.
Although these files are not read-only, the folders do not contain data, logs, back-up files, or
replication data. Therefore, the space requirements for these files should increase only
marginally as SQL Server is used, and over time as updates are applied.
Important
Program files cannot be installed on a removable disk drive.
SQL Server data file location
Each SQL Server database consists of one or more database files and one or more transaction
log files. Microsoft Dynamics CRM creates at least two databases:
 MSCRM_CONFIG. This database contains Microsoft Dynamics CRM metadata, such as
configuration and location information that is specific to each organization database.
 OrganizationName_MSCRM. This is the organization database where Microsoft Dynamics
CRM data is stored, such as all records and activities. Microsoft Dynamics CRM Server 2013
supports multiple organizations so that you can have multiple-organization databases.
Microsoft Dynamics CRM also relies on the SQL Server system databases to store Microsoft
Dynamics CRM configuration information. These databases include the master and msdb
databases. The database files that accompany a database contain all its data and properties.
Transaction log files contain a record of the write activity in the database, such as when a row is
68
added, changed, or removed. Transaction log files are binary and cannot be used for auditing
database activity.
The transaction log is used for recovery, if a failure occurs, and to roll back (undo) transactions
(writes) that cannot be finished. You may also periodically back up the transaction log as a way
to perform an incremental backup while users are working in the application, with very low
effect on available server resources.
To have the best chance of recovery if there is a disk failure, and the best performance for the
application, put the database files and transaction log files on separate sets of physical disks.
The location that you specify for a file does not have to be the original location for data files
specified during Microsoft SQL Server Setup. You can select an alternative location for the
database and transaction log files any time that you create or change the database. For more
information, see the note about disk fault tolerance and performance in Disk configurations and
file locations earlier in this topic.
If the partition that contains a database file has failed and the database has become unusable,
but the partition that contains the transaction log is still available, you can back up the
transaction log for that database. This can be the last backup in your back-up set. When you
restore, this transaction log backup, made after the failure, will be the last restored backup. If all
transaction log backups in the back-up set are restored successfully, you will have restored all
the committed (100 percent successful) transactions up to the moment of the failure. This limits
the data loss.
When the database files and transaction log files are on separate sets of disks, performance is
optimized. Transaction log files can be write-intensive during periods when a lot of data is being
added, changed, or removed from the application.
For example, you have a server wherein drive C is the system partition (the drive where the
Windows and program file folders are located).The Windows pagefile is also located on drive C.
Drives D and E are RAID-5 partitions on separate sets of physical disks. Select the partitioning
scheme for the database files that will give you the combination of performance and disk fault
tolerance that you want. Drive D contains only data files for one or more databases, and drive E
contains only log files for one or more databases. If you verify that performance will decrease
because one database will have much more hard disk activity than other databases, you should
put them all on separate sets of disks. If you estimate that data will significantly grow over time,
make sure drive D has at least 100 gigabytes (GB) available for the database files. Because the
log files will be truncated every time that a transaction-log backup is performed, make sure
drive E has at least 10 GB available. Specify the location of the database file to be on drive D and
the transaction log file to be on drive E when you create the database.
Note
69
It is best to dedicate a partition to SQL Server data files. We recommend that you do not
put a data file on the same partition as a Windows pagefile because of the degree of
fragmentation that will occur.
By default, the directory where all database files and transaction log files are located is
\Program Files\SQL Server\MSSQL<ver>.MSSQLSERVER\MSSQL\Data. When you run Microsoft
SQL Server Setup, you can specify a different location as the default location for data files. The
data file location is the root directory where Microsoft SQL Server Setup creates the folders that
contain database and log files, in addition to directories for the System log, back-up, and
replication data. Microsoft SQL Server Setup creates database and log files for the master,
model, tempdb, and msdb databases. If you are selecting different locations for each file in the
application, you do not have to change the default setting.
Note
Data files cannot be installed on a file system that uses compression.
Specifying file paths
Because you can install multiple instances of SQL Server on one computer, an instance name is
used in addition to the user-specified location for program and data files. For tools and other
shared files, instance names are not required.
Default-instance file path for program and data files
For the default instance of SQL Server, the default SQL Server directory name (MSSQL.10) is
used as the default instance name, with the directory that you specify.
For example, if you specify the SQL Server default instance to be installed on D:\MySqlDir, the
file paths are as follows:
D:\MySqlDir\MSSQL<ver>.MSSQLSERVER\MSSQL\Binn (for program files)
D:\MySqlDir\MSSQL<ver>.MSSQLSERVER\MSSQL\Data (for data files)
Note
The program and data file locations can be changed, depending on the drive
configuration of the computer that is running SQL Server.
Microsoft Dynamics CRM database renaming
considerations
As described earlier, a Microsoft Dynamics CRM deployment contains the following databases:
 A single MSCRM_CONFIG database
70
 One or more (for multi-tenant deployments) OrganizationName_MSCRM databases
The configuration database, MSCRM_CONFIG, cannot be renamed. If the MSCRM_CONFIG
database is renamed, the Microsoft Dynamics CRM system will not function correctly.
Organization databases, OrganizationName_MSCRM, can be renamed by following the
guidelines and considerations described here.
Organization database names
Microsoft Dynamics CRM organization databases use both a display and a unique name.
 Display name. This is the name that appears in the Microsoft Dynamics CRM application,
such as the upper-right corner of the main application screen. The display name can contain
spaces and be up to 250 characters long.
 Unique name. This is the name that is used to create the URL to connect to the application
and is appended with _MSCRM. It is also the physical name of the database as it appears in
SQL Server applications, such as Microsoft SQL Server Management Studio. This name
cannot contain spaces and cannot be more than 30 characters long.
Organization database renaming
The display name may be changed by using the Edit Organization Wizard in Deployment
Manager. The basic steps are to disable the organization, and then run the Edit Organization
Wizard. For more information, see the Deployment Manager Help.
Although we do not recommend it, you can change the name of an organization’s unique
database name (OrganizationName_MSCRM). To change the database unique name, follow
these steps:
Warning
Renaming the unique database name for an organization has not been fully tested by
Microsoft and may cause unexpected results. We cannot guarantee that problems
caused by performing this procedure can be resolved. Rename the organization
database unique name at your own risk.
Important
Before you start the following procedure, take a full back up of the organization
database that you want to rename.
The following steps require you to already have a functioning organization database that was
created by Microsoft Dynamics CRM Server Setup or imported by a supported Microsoft
Dynamics CRM method.
71
1. Restore the backup of the organization database to your SQL Server that uses the name that
you want and that is supported by SQL Server.
2. Import the renamed organization database to your existing Microsoft Dynamics CRM
deployment by using the Import Organization Wizard in Deployment Manager.
3. During the import, enter into the organization database a display name and unique name
that are unrelated to the original database name.
4. Follow the instructions on your screen to complete the import.
5. Ensure that Microsoft Dynamics CRM users have the new URL that will be created as a result
of the organization rename.
SQL Server transparent data encryption
The Microsoft SQL Server Transparent Data Encryption feature is supported for use with
Microsoft Dynamics CRM. However, based on test results conducted internally, using this
feature can cause a decrease in overall performance of approximately 10% when run against a
compressed database with the same workload.
See Also
SQL Server requirements and recommendations for Microsoft Dynamics CRM
Additional resources for SQL Server
Additional resources for SQL Server
For more information about how to plan for and install SQL Server, see the following resources:
Microsoft SQL Server Web site
SQL Server Books Online
Microsoft SQL Server Solution Center
See Also
SQL Server deployment
Planning requirements for Microsoft SQL Server Reporting Services
72
Planning requirements for Microsoft SQL Server
Reporting Services
The Microsoft Dynamics CRM Reporting Extensions are data processing extensions that are
installed on the Microsoft SQL Server Reporting Services server. Microsoft Dynamics CRM
Reporting Extensions accept the authentication information from the Microsoft Dynamics CRM
Server 2013 and passes it to the Microsoft SQL Server Reporting Services server. Microsoft
Dynamics CRM Reporting Extensions Setup includes Fetch data processing extension and SQL
data processing extension.
The Microsoft Dynamics CRM Reporting Extensions are required for all major reporting tasks in
Microsoft Dynamics CRM such as, working with default (out-of-box) Microsoft Dynamics CRM
reports, uploading custom reports, creating Report Wizard reports, or scheduling reports.
Microsoft Dynamics CRM Reporting Extensions must also be installed before you import or
provision new organizations.
The Microsoft Dynamics CRM Reporting Extensions Setup does the following:
1. Installs Fetch data processing extensionand SQL data processing extension on the Microsoft
SQL Server Reporting Services server.
2. Installs custom assemblies used by default reports and wizard reports on Microsoft SQL
Server Reporting Services server.
3. Creates default reports (SQL-based) for the default organization both on Microsoft
Dynamics CRM Server 2013 and Microsoft SQL Server Reporting Services server.
The following table explains what reporting options will be available to you if you install
Microsoft Dynamics CRM Reporting Extensions.
What reports will work?
Installed?
Default reports
Custom SQLbased reports
Fetch-based
Wizard reports
Custom Fetchbased reports
No
Clean installation:
 Cannot be
scheduled.
Will not be
available.
Cannot be
uploaded and
run.
Will not be
available.
 Can be
uploaded and
run if
Microsoft
Dynamics
CRM Server
2013 and SQL
Server are
73
Installed?
Default reports
Custom SQLbased reports
Fetch-based
Wizard reports
Custom Fetchbased reports
Can be created,
run, and
scheduled.
Can be
uploaded, run,
and scheduled.
installed on
one
computer or
Trust for
Delegation is
configured.
Yes
Will be published
for the default
organization.
Can be uploaded
and run.
Important
Microsoft Dynamics CRM Reporting Extensions should not be installed on an instance of
Microsoft SQL Server Reporting Services that is running under an account that is a
member of the SQL Access Group. This can occur when Microsoft SQL Server Reporting
Services is running under the same account as a Microsoft Dynamics CRM Server 2013
component. This configuration can make the system vulnerable to certain attacks.
During installation, Setup detects this scenario. You can click Help for information about
how to work around the issue.
Note that when you install Microsoft Dynamics CRM Reporting Extensions, you have the option
of installing the component on a different server that is running Reporting Services. Therefore,
by isolating Microsoft Dynamics CRM Reporting Extensions on a separate instance of SQL Server,
which does not store the Microsoft Dynamics CRM databases, report performance may be
improved.
Microsoft Dynamics CRM Reporting Extensions
requirements
Microsoft Dynamics CRM Reporting Extensions has the following requirements:
 You must complete Microsoft Dynamics CRM Server Setup before you run the Microsoft
Dynamics CRM Reporting Extensions Setup.
 You must run the Microsoft Dynamics CRM Reporting Extensions Setup on a computer that
has Microsoft SQL Server 2008 Reporting Services installed. For smaller data sets and fewer
users, you can use either a single-server deployment, or a multiple-server deployment with
one computer that is running SQL Server for Microsoft Dynamics CRM, and another server
for Microsoft SQL Server Reporting Services. With larger datasets or more users,
performance will decrease quickly when complex reports are run.
74
See Also
SQL Server installation and configuration
Planning email integration
Planning email integration
This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft
Dynamics CRM 2013. To use the Microsoft Dynamics CRM email routing and tracking features,
you must use one or both of the following software components to integrate your email system
with your Microsoft Dynamics CRM deployment:
 The Email Router provides centrally managed email routing for users, queues, and forward
mailboxes. This is frequently the better option for on-premises, partner-hosted Microsoft
Dynamics CRM, and some Microsoft Dynamics CRM Online deployments. With this method,
email is routed to Microsoft Dynamics CRM regardless of whether the recipient is logged on.
 Microsoft Dynamics CRM for Microsoft Office Outlook provides email routing capabilities on
a single user basis. This doesn’t require the Email Router, and is frequently the better option
for smaller organizations that don’t have a full-time IT staff, or for organizations that use
Microsoft Dynamics CRM Online. With this method, the actual email routing for each user
occurs only while the user is logged on. If Microsoft Outlook isn’t running, email messages
aren’t processed until Microsoft Outlook is started again.
Important
If your organization uses email queues, you must use the Email Router. Queues aren’t
supported in CRM for Outlook.
Microsoft Dynamics CRM Server 2013 can operate without Microsoft Exchange Server or
a POP3 server. However, you won’t have Microsoft Dynamics CRM incoming email
tracking capabilities. Also, Microsoft Dynamics CRM Server 2013 can operate without an
SMTP server. However, you won’t have Microsoft Dynamics CRM outgoing email
capabilities.
Depending on your requirements, you may want to implement a solution that uses both the
Email Router and CRM for Outlook. For example, if your Microsoft Dynamics CRM deployment
hosts multiple organizations, or a single organization that has users who have varying needs,
you may want to configure some users for the CRM for Outlook email routing method, and
configure other users and queues for the Email Router.
See Also
Planning requirements for Microsoft SQL Server Reporting Services
75
Microsoft Dynamics CRM Email Router
Microsoft Dynamics CRM Email Router
The Email Router is an optional interface component that integrates your email system with
Microsoft Dynamics CRM, and routes qualified email messages to and from your Microsoft
Dynamics CRM organization. This section provides guidelines for analyzing your organization’s
requirements for integrating email with Microsoft Dynamics CRM, and outlines the things to
consider when you plan, install, and configure an Email Router deployment.
The Email Router enables you to configure an interface between your Microsoft Dynamics CRM
deployment and one or more servers running Exchange Server, Exchange Online accounts, or
POP3 servers, for incoming email. For outgoing email, one or more SMTP servers, Exchange Web
Services (EWS), or Exchange Online accounts are supported. Email messages come into the
Microsoft Dynamics CRM system through the Email Router. For more information, see Microsoft
Dynamics CRM 2013 Email Router software requirements in this guide.
Important
Although it is supported, we do not recommend that you install the Email Router on a
computer that is running Microsoft Exchange Server.
Note
You can deploy and run the Email Router on multiple computers in a Microsoft cluster to
provide high availability and failover functionality. For more information, see Install Email Router on multiple computers in the Installing Guide.
After you install the Email Router, you must run the Email Router Configuration Manager, an
application that is installed during Microsoft Dynamics CRM Email Router Setup. You can use the
Email Router Configuration Manager to configure the following:
 One or more incoming profiles. An incoming profile contains the information about the
email systems that will be used to process incoming email messages.
 One or more outgoing profiles. An outgoing profile contains the information about the email
systems that will be used to process outgoing email messages.
 One or more deployments. The Deployments area contains information about the Microsoft
Dynamics CRM deployment and maps to an incoming and outgoing profile.
 Users, queues, and forward mailboxes. This area contains information about each user that
will use the Email Router for email tracking. You can also configure email routing for queues
and define a forward mailbox.
For more information about the Email Router Configuration Manager, see the following
resources:
76
 Microsoft Dynamics CRM E-mail Router Installation Instructions in the Installing Guide
 Email Router Configuration Manager Help
Email systems
The Email Router can connect to one or more email servers running Microsoft Exchange Server
or Exchange Online. The Email Router can also connect to POP3-compliant servers to provide
incoming email routing. For outgoing email, you can use SMTP and EWS (Exchange Online only).
For more information about the email server versions and protocols that Microsoft Dynamics
CRM supports, see Microsoft Dynamics CRM 2013 Email Router software requirements in this guide.
Exchange Server is an enterprise messaging system with the versatility to support various
organizations. As with Active Directory and Microsoft Dynamics CRM, Exchange Server requires
planning before it is deployed. Many documents are available from Microsoft that explain how
to plan, deploy, and operate Exchange Server. For more information, see Additional resources for
Exchange Server in this guide.
Network topology and email traffic
The overall requirements to deploy and configure an effective Microsoft Dynamics CRM email
solution for a small business are similar to those of a large enterprise. However, a small business
might not have an IT department. As you plan your email solution, consider the details of your
particular IT environment, such as who is responsible for network administration, what is
allowed for Email Router placement, use of forward mailbox and forwarding rules.
To optimize performance, carefully consider the size, complexity, and geographical distribution
of your network. The location of your email servers, the number of users who will route email to
and from Microsoft Dynamics CRM, expected traffic levels, and the frequency and size of
attachments should help guide your decisions.
For example, an international enterprise-level Microsoft Dynamics CRM deployment might have
user and queue mailboxes in multiple sites, regions, or countries. Such a deployment may
accommodate multiple Microsoft Dynamics CRM organizations and multiple email server
configurations. The email servers might be located inside or outside the corporate domain,
separated by firewalls.
A small business deployment, on the other hand, will typically have a relatively small number of
users and significantly less email traffic. Frequently, there will be no full-time IT department to
configure and maintain an Email Router deployment.
77
Avoid mailbox storage problems
Every organization has its own unique requirements for email message routing and storage. To
avoid problems that can result from overtaxing your system's storage capacity, consider the
following when you plan an Email Router deployment:
 All email messages
 Email messages in response to CRM email
 Email messages from CRM Leads, Contacts, and Accounts
 Email messages from Microsoft Dynamics CRM records that are email enabled
For more information, see E-mail message filtering and correlation in this guide.
 What storage quotas should be applied to each mailbox? For more information about how
to apply mailbox storage quotas and managing automated messages that are sent to
mailbox owners when their size limit is exceeded, see the documentation for your email
system.
 How long should email messages be stored? For more information about automatically
archiving or deleting email messages, see the documentation for your email system.
Like CRM for Outlook, the Microsoft Dynamics CRM Online Email Router lets you track CRMrelated information automatically. The email tracking functionality in the Email Router operates
in the manner described in the CRM for Outlook section. The Email Router also lets you send
and receive emails through CRM Online.
See Also
Planning email integration
E-mail message filtering and correlation
E-mail message filtering and correlation
This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft
Dynamics CRM 2013. The Email Router can automatically create e-mail activities in Microsoft
Dynamics CRM, which are based on received e-mail messages. This type of automation is known
as e-mail message tracking. Users can select a filtering option that determines what e-mail
messages will be tracked in Microsoft Dynamics CRM. Filtering is set on the E-mail tab of the Set
Personal Options dialog box in the Microsoft Dynamics CRM client applications. The user
filtering options are as follows:
 All e-mail messages. All e-mail messages that are received by the user will have activities
created.
78
 E-mail messages in response to CRM e-mail. Only the replies to an e-mail message that is
already tracked will be saved as e-mail activities. This option uses smart matching to relate
e-mail messages to activities.
 E-mail messages from CRM Leads, Contacts, and Accounts. Only e-mail messages sent from
leads, contacts, and accounts that exist in the Microsoft Dynamics CRM database are saved
as activities.
 E-mail messages from Microsoft Dynamics CRM records that are e-mail enabled. E-mail
messages are tracked from any record type, including customized record types, that contain
an e-mail address.
By default, the E-mail messages in response to CRM e-mail option is enabled. Correlation
occurs after an e-mail message is filtered. System administrators can turn off all message
tracking for a particular user by setting the E-mail Access Type - Incoming value to None on the
General tab on the User form.
Microsoft Dynamics CRM 2013 tracking tokens
Tracking tokens increase the probability for e-mail identification and matching. You can use the
tracking token feature to improve e-mail message tracking. A tracking token is an alphanumeric
string generated by Microsoft Dynamics CRM and appended to the end of an e-mail subject line.
It matches e-mail activities with e-mail messages.
You can turn tacking tokens on or off, and configure them to be unique for a specific Microsoft
Dynamics CRM organization. This means that a company with a deployment that has multiple
Microsoft Dynamics CRM organizations (such as for a large conglomerate), can configure
tracking tokens that are unique to each deployment. To configure tracking tokens, do the
following:
1. On the nav bar, click or tap Microsoft Dynamics CRM > Settings. Then click or tap
Administration > System Settings.
2. Click the E-mail tab.
Tracking tokens add an additional correlation component to smart matching. When Microsoft
Dynamics CRM generates an outgoing e-mail activity, a resulting e-mail response arriving in the
Microsoft Dynamics CRM system is then correlated to the originating activity.
By default, for new installations of Microsoft Dynamics CRM 2013, Microsoft Dynamics CRM
2011, and upgraded Microsoft Dynamics CRM 4.0 organizations, the tracking token feature is
turned on. The following figure and table show a tracking token and the parts that make up a
tracking token.
79
Tracking token structure
The following table lists tracking-token parts and descriptions.
Part
Description
Prefix
Configurable. Default value = CRM. This can be
unique for an organization or for a particular
Microsoft Dynamics CRM deployment in an
organization with multiple Microsoft Dynamics
CRM deployments. We recommend that
different Microsoft Dynamics CRM
deployments use unique prefixes.
Online-offline designator
Not configurable. One digit. 0 for Online. 1 for
Offline. This part indicates if the user was
online or offline when the e-mail activity was
created.
ID
Configurable. Default range is three (3) digits.
This is a numeric identifier for the Microsoft
Dynamics CRM user who generated the e-mail
activity.
Number
Configurable. Default range is four (4) digits.
This is a numeric identifier for the e-mail
activity (not the individual messages that the
activity contains). If you configure Microsoft
Dynamics CRM to generate a token with a
four-digit number, it will increment the
number through 9999, and then restart the
number at 0000. You can use a larger order of
80
Part
Description
digits to reduce the possibility of assigning
duplicate tokens to active e-mail threads.
For more information about how to configure the tracking token, see the Microsoft Dynamics
CRM Help.
Smart matching
When an incoming e-mail message is processed by the Email Router, the system extracts
information that is associated with the e-mail message subject, sender address, and recipient's
addresses that link the e-mail activity to other Microsoft Dynamics CRM records. This correlation
process, also known as smart matching, uses the following criteria to match received e-mail
message information to e-mail activities:
 Subject matching. Prefixes, such as RE: or Re:, and letter case are ignored. For example, email message subjects with Re: hello and Hello would be considered a match.
 Sender and recipient matching. The system calculates the number of exact sender and
recipient e-mail addresses in common.
When the matching process is complete, the system selects the owner and the object of the
incoming e-mail message.
By default, smart matching is turned on for new installations of Microsoft Dynamics CRM Server
2013 and Microsoft Dynamics CRM Server 2011, and for installations of Microsoft Dynamics
CRM Server 2011 that have been upgraded from Microsoft Dynamics CRM 4.0 Server.
Note
You can disable, enable, and tune smart-matching settings in the System Settings area
of the Microsoft Dynamics CRM application.
See Also
Microsoft Dynamics CRM Email Router
Forward mailbox vs. individual mailboxes
System Settings dialog box - Email tab
81
Forward mailbox vs. individual mailboxes
This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft
Dynamics CRM 2013. For incoming e-mail messages, you can configure the Email Router to
monitor either of the following:
 A forward mailbox, also known as a sink mailbox
 Each user's or queue's mailbox
Important
If your e-mail system does not allow rules where an e-mail message can be forwarded as
an attachment, you must select Individual Mailbox Monitoring during Microsoft
Dynamics CRM Email Router Setup. If you are using Microsoft Exchange Server, we
recommend that you select Forward Mailbox Monitoring.
Configuring the Email Router to use a forward mailbox gives Microsoft Dynamics CRM one
central mailbox to monitor, instead of monitoring the mailbox of each user who needs Microsoft
Dynamics CRM e-mail capabilities.
Organizations that have to monitor a large number of mailboxes should consider using a
forward mailbox to reduce the administrative effort. Monitoring many mailboxes can sometimes
require maintaining access credentials in many incoming configuration profiles. For more
information, see “Access credentials” in Configure the E-mail Router in the Installing Guide.
By using a forward mailbox, you shift the administrative effort to the task of deploying a serverside forwarding rule to each user mailbox. The forwarding rule forwards all incoming e-mail
messages as attachments to the centralized forward mailbox. For Exchange Server only, you can
use the Rule Deployment Wizard (installed with the Email Router) to deploy forwarding rules.
This can significantly reduce administration and maintenance requirements because the Rule
Deployment Wizard can deploy forwarding rules to multiple Microsoft Dynamics CRM users at
the same time.
Important
To use a forward mailbox with a Microsoft Dynamics CRM deployment that interfaces
with a POP3-compliant e-mail system, the e-mail system must be able to forward e-mail
messages as attachments. Also, for POP3 e-mail servers and Exchange Online, you
cannot use the Rule Deployment Wizard. Instead, you must create the rules manually.
For instructions, see “Create the rule manually” in Configure the E-mail Router in the
Installing Guide.
You can configure users and queues in different ways within the same Microsoft Dynamics CRM
deployment. For example, you may want to configure some user or queue mailboxes to be
82
monitored directly on one e-mail server, and configure others to use a forward mailbox on a
different e-mail server.
Forward mailbox monitoring
When you use forward mailbox monitoring, incoming messages are processed by Microsoft
Exchange Server or the POP3 server and the Email Router in the following sequence:
1. A message is received by a Microsoft Dynamics CRM user or queue mailbox, on either the
Exchange Server or the POP3 server.
2. A rule in the user's mailbox sends a copy of the message to the Microsoft Dynamics CRM
forward mailbox.
3. The Email Router retrieves the message from the Microsoft Dynamics CRM forward mailbox
and sends it to the computer that is running Microsoft Dynamics CRM Server 2013.
See Also
E-mail message filtering and correlation
Microsoft Dynamics CRM user options
Microsoft Dynamics CRM user options
This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft
Dynamics CRM 2013. This section describes the options available in Microsoft Dynamics CRM
user records for sending and receiving e-mail messages.
Incoming e-mail messaging options
The available incoming e-mail configurations that you can use when a user or a queue receives
Microsoft Dynamics CRM e-mail messages are as follows:
 None. Use this option for users or queues that do not use Microsoft Dynamics CRM to track
received e-mail messages.
 Microsoft Dynamics CRM for Outlook. This option is available for users and requires that
Microsoft Office Outlook be installed on the user's computer. This option does not require
the Email Router component and is not available for queues.
 Server-Side Synchronization or E-mail Router. When you select this option, the server-side
synchronization or Email Router will process Microsoft Dynamics CRM e-mail messages
directly from the user's or queue's inbox, without using a forward or a sink mailbox.
Although this option does not require a sink mailbox, it does make troubleshooting server83
side synchronization or Email Router issues more complex for larger user bases (10 or more
users) because each incoming e-mail message is processed by the server-side
synchronization or Email Router in every user's mailbox instead of in a single dedicated
mailbox.
 Forward Mailbox. To use this option, you must install the Email Router. This option requires
a sink mailbox, which is a dedicated mailbox that collects e-mail messages transferred from
each Microsoft Dynamics CRM user's mailbox by a server-side rule. Although this option
does not require users to run Microsoft Outlook, it does require that the rule be deployed
for each user. You use the Rule Deployment Wizard to deploy rules to each Microsoft
Dynamics CRM user mailbox.
Outgoing e-mail messaging options
The available outgoing e-mail configurations that you can use when users or queues send
Microsoft Dynamics CRM e-mail messages are as follows:
 None. Use this option for users or queues that do not use Microsoft Dynamics CRM to send
e-mail messages.
 Microsoft Dynamics CRM for Outlook. This option is available for users and requires that
Microsoft Office Outlook be installed on the user's computer. This option does not require
the Email Router component and is not available for queues.
 Server-Side Synchronization or E-mail Router. This option delivers Microsoft Dynamics CRM
e-mail messages by using the server-side synchronization or Email Router component. The
e-mail system must be SMTP-compliant. The server-side synchronization or Email Router
can be installed on the SMTP server or on a different computer that has a connection to the
SMTP server.
See Also
Forward mailbox vs. individual mailboxes
Additional resources for Exchange Server
Additional resources for Exchange Server
For more information about how to plan to install Microsoft Exchange Server 2007, see the
following:
 Exchange Server 2007 Planning
For more information about how to plan to install Microsoft Exchange Server 2010, see the
following:
84
 Planning for Exchange 2010
See Also
Microsoft Dynamics CRM user options
Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013
Operating system and platform technology security
considerations for Microsoft Dynamics CRM 2013
In the broadest sense, security involves planning and considering tradeoffs between threats and
access. For example, a computer can be locked in a vault and available only to one system
administrator. This computer may be secure, but it is not very usable because it is not connected
to any other computer. If your business users need access to the Internet and your corporate
intranet, you must consider how to make the network both secure and usable.
The following sections contain links to information about how you can make your computing
environment more secure. Ultimately, Microsoft Dynamics CRM data security largely depends
on the security of the operating system and the required and optional software components.
In This Topic
Securing Windows Server
Securing SQL Server
Securing Exchange Server and Outlook
Securing mobile devices
Securing Windows Server
Windows Server, the foundation of Microsoft Dynamics CRM, provides sophisticated network
security. The Kerberos version-5 authentication protocol that is integrated into Active Directory
and Active Directory Federation Services (AD FS) allows you to federate Active Directory
domains by using claims-based authentication. Both give you powerful standards-based
authentication. These authentication standards let users input a single user name and password
logon combination for resource access across the network. Windows Server also includes
several features that help make the network more secure.
85
The following links take you to information about these features. You can learn how to help
make your deployment of Windows Server more secure:
 Windows Server 2012
 Secure Windows Server 2012
 Windows Server 2012 Security Baseline
 Windows Server 2008
 Secure Windows Server
 Windows Server 2008 Security Guide
 Windows Server 2008 R2 Security Baseline and Windows Server 2008 Security Baseline
Windows error reporting
Microsoft Dynamics CRM requires the Windows Error Reporting (WER) service, which Setup will
install if it is missing. The WER service collects information, such as IP addresses. These are not
used to identify users. The WER service does not intentionally collect names, addresses, e-mail
addresses, computer names, or any other form of personally identifying information. It is
possible that such information may be captured in memory or in the data collected from open
files, but Microsoft does not use it to identify users. In addition, some information that is
transmitted between the Microsoft Dynamics CRM application and Microsoft may not be
secure. For more information about the type of information that is transmitted, see Privacy
statement for the Microsoft Error Reporting Service.
Important
By default, automatic error reporting is not enabled in Microsoft Dynamics CRM. For
more information about how to enable automatic error reporting for Microsoft
Dynamics CRM, see Enable Windows Error Reporting.
Virus, malware, and identity protection
To help protect your identity and your system against malware or viruses, see the following
resources:
 Microsoft Security. This page is an entry point for tips, training, and guidance about how to
keep your computer up-to-date and prevent your computer from being susceptible to
exploitation, spyware, and viruses.
 Security TechCenter. This page has links to technical bulletins, advisories, updates, tools, and
guidance designed to make computers and applications up-to-date and more secure.
86
Update management
Microsoft Dynamics CRM updates include security, performance, and functional improvements.
Making sure that your Microsoft Dynamics CRM applications have the latest updates helps make
sure that your system is running as efficiently and reliably as it can.
For information about how to manage updates, see the following:
 Windows Server Update Services
 Update Management in System Center Essentials
 Managing Software Updates in Windows Small Business Server 2008
 Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New
Generation of WSUS
Securing SQL Server
Because Microsoft Dynamics CRM relies on SQL Server, make sure that you take the following
measures to improve the security of your SQL Server database:
 Make sure that the latest operating system and SQL Server service packs (SP) and updates
are applied. Check the Microsoft Security Web site for the latest details.
 Make sure that all SQL Server data and system files are installed on NTFS partitions for file
system-level security. You should make the files available only to administrative or systemlevel users through NTFS permissions. This helps to safeguard against users who access
those files when the MSSQLSERVER service is not running.
 Use a low-privilege domain account. Or, you can specify the Network Service or the Local
System Account for SQL Server services. However, we do not recommend that you use these
accounts because Domain User accounts can be configured with less permission to run the
SQL Server services. The Domain User account should have minimal rights in the domain and
should help contain (but will not stop) an attack on the server if there is a compromise. In
other words, this account should have only local user-level permissions in the domain. If SQL
Server is installed by using a Domain Administrator account to run the services, a
compromise of SQL Server will lead to a compromise of the entire domain. If you have to
change this setting, use SQL Server Management Studio to make the change, because the
access control lists (ACLs) on files, the registry, and user rights will be changed
automatically.
 SQL Server authenticates users who have either Windows Authentication or SQL Server
credentials. We recommend that you use Windows Authentication for single sign-on ease of
use and to provide the most secure authentication method.
 By default, the auditing of the SQL Server system is disabled so that no conditions are
audited. This makes intrusion detection difficult and aids attackers with covering their
tracks. At a minimum, you should enable auditing of failed logins.
87
 Report Server administrators can enable RDL Sandboxing to restrict access to the Report
Server. More information: Enabling and Disabling RDL Sandboxing
 Each SQL login is configured to use the master database as the default database. Although
users should not have rights to the master database, as a best practice, you should change
the default for every SQL login (except those with the SYSADMIN role) to use
OrganizationName_MSCRM as the default database. More information: Securing SQL Server
Securing Exchange Server and Outlook
The following considerations are for Microsoft Exchange Server, and some are specific to
Exchange Server in a Microsoft Dynamics CRM environment:
 Exchange Server contains a rich series of mechanisms for precise administrative control of
its infrastructure. In particular, you can use administrative groups to collect Exchange Server
objects, such as servers, connectors, or policies, and then modify the ACLs on those
administrative groups to make sure that only certain users can access them. You may, for
example, want to give Microsoft Dynamics CRM administrators some control over servers
that directly affect their applications. When you implement efficient use of administrative
groups, you can make sure that you give Microsoft Dynamics CRM administrators only the
rights that they require to perform their jobs.
 Frequently, you may find it convenient to create a separate organizational unit (OU) for
Microsoft Dynamics CRM users, and give Microsoft Dynamics CRM administrators limited
administrative rights over that OU. They can make the change for any user in that OU, but
not for any user outside it.
 You should make sure that you adequately protect against unauthorized e-mail relay. E-mail
relay is a feature that lets an SMTP client use an SMTP server to forward e-mail messages to
a remote domain. By default, Microsoft Exchange Server 2003, Microsoft Exchange Server
2007, and Microsoft Exchange Server 2010 are configured to prevent e-mail relay. The
settings that you configure will depend on your message flow and configuration of your
Internet service provider's (ISP) e-mail server. However, the best way to approach this
problem is to lock down your e-mail relay settings and then gradually open them to allow email to flow successfully. For more information, see the Exchange Server Help.
 If you use forward mailbox monitoring, the Email Router requires an Exchange Server or
POP3-compliant mailbox. We recommend that the permission on this mailbox be set to
prevent other users from adding server-side rules. For more information about Exchange
Server mailboxes, see Mailbox Permissions.
 The Microsoft Dynamics CRM Email Router service operates under the Local System
Account. This enables the Email Router to access a specified user's mailbox and process email in that mailbox.
For more information about how to make Exchange Server more secure, see the following:
 Microsoft Exchange Server 2013 or Microsoft Exchange Server 2010, see the Deployment
Security Checklist.
88
 Microsoft Exchange Server 2007, see Security and Protection.
Securing mobile devices
As organizations move to support an increasingly mobile workforce, strong security remains
essential. The following resources provide information and best practices for mobile devices,
such as smartphones and tablets:
 How to Manage Mobile Devices by Using Configuration Manager and Windows Intune
 Windows Phone for business
 Security Considerations (Microsoft Surface)
 iOS in Business (iPad and iPhone)
See Also
Planning email integration
Security considerations for Microsoft Dynamics CRM 2013
Security considerations for Microsoft Dynamics
CRM 2013
Microsoft Dynamics CRM 2013 introduces several improvements that help make your
deployment more secure. This section provides information and best practices for the Microsoft
Dynamics CRM application. For more information, see Overview of security for Microsoft
Dynamics CRM.
In This Topic
Minimum permissions required for Microsoft Dynamics CRM Setup and services
What kind of service account should I choose?
Microsoft Dynamics CRM installation files
Minimum permissions required for Microsoft Dynamics
CRM Setup and services
Microsoft Dynamics CRM is designed so that its features can run under separate identities. By
specifying a domain user account that is granted only the permissions necessary to enable a
89
particular feature to function, you help secure the system and reduce the likelihood of
exploitation.
This topic describes the minimum permissions that are required by the user account for
Microsoft Dynamics CRM services and features.
Microsoft Dynamics CRM Server Setup
The user account used to run Microsoft Dynamics CRM Server Setup that includes the creation
of databases requires the following minimum permissions:
 Be a member of the Active Directory Domain Users group. By default, Active Directory Users
and Computers adds new users to the Domain Users group.
 Be a member of the Administrators group on the local computer where Setup is running.
 Have Local Program Files folder read and write permission.
 Be a member of the Administrators group on the local computer where the instance of SQL
Server is located that will be used to store the Microsoft Dynamics CRM databases.
 Have sysadmin membership on the instance of SQL Server that will be used to store the
Microsoft Dynamics CRM databases.
 Have organization and security group creation permission in Active Directory. Alternatively,
you can use a Setup XML configuration file to install Microsoft Dynamics CRM Server 2013
when security groups have already been created. For more information, see Use the
Command Prompt to Install Microsoft Dynamics CRM in the Installing Guide.
 If Microsoft SQL Server Reporting Services is installed on a different server, you must add
the Content Manager role at the root level for the installing user account. You must also add
the System Administrator Role at the site-wide level for the installing user account.
Services and CRMAppPool IIS application pool identity permissions
The user account that is used for the Microsoft Dynamics CRM services and IIS application pools
require the following permissions:
Important
 Microsoft Dynamics CRM services and application pool (CRMAppPool) identity accounts
must not be configured as a Microsoft Dynamics CRM user. Doing so can cause
authentication issues and unexpected behavior in the application for all Microsoft Dynamics
CRM users. For more information, see Problems in CRM when the CRMAppPool user account is a
CRM user.
 Managed service accounts, introduced in Windows Server 2008 R2, aren’t supported for
running Microsoft Dynamics CRM services.
90
Microsoft Dynamics CRM Sandbox Processing Service
 Domain Users membership.
 That account must be granted the Logon as service permission in the Local Security Policy.
 Folder read and write permission on the Trace, by default located under \Program
Files\Microsoft Dynamics CRM\Trace, and user account %AppData% folders on the local
computer.
 Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM subkey in
the Windows registry.
 The service account may need an SPN for the URL used to access the website that is
associated with it. To set the SPN for the Sandbox Processing Service account, run the
following command at a command prompt on the computer where the service is running.
SETSPN –a MSCRMSandboxService/<ComputerName> <service account>
Microsoft Dynamics CRM Asynchronous Processing Service and Microsoft Dynamics
CRM Asynchronous Processing Service (maintenance) services
 Domain Users membership.
 PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and
appropriate membership is granted during Microsoft Dynamics CRM Server Setup.
 Performance Log Users membership.
 That account must be granted the Logon as service permission in the Local Security Policy.
 Folder read and write permission on the Trace folder, by default located under \Program
Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local
computer.
 Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService
subkeys in the Windows registry.
 The service account may need an SPN for the URL used to access the website that is
associated with it. To set the SPN for the Asynchronous Service account, run the following
command at a command prompt on the computer where the service is running.
SETSPN –a MSCRMAsyncService/<ComputerName> <service account>
Microsoft Dynamics CRM Monitoring Service
 Domain Users membership.
 That account must be granted the Logon as service permission in the Local Security Policy.
 Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
91
 SQLAccessGroup membership. By default, this group is created and appropriate
membership is granted during Microsoft Dynamics CRM Server Setup.
 The service account may need an SPN for the URL used to access the website that is
associated with it.
Microsoft Dynamics CRM VSS Writer service
 Domain Users membership.
 That account must be granted the Logon as service permission in the Local Security Policy.
 Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
 PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and
appropriate membership is granted during Microsoft Dynamics CRM Server Setup.
Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)
 Domain Users membership.
 That account must be granted the Logon as service permission in the Local Security Policy.
 Local administrator group membership is required to perform organization database
operations (such as create new or import organization) only if the following conditions are
true:
 The Microsoft SQL Server specified for the organization database is on the same
computer as the Deployment Web Service server role.
 The Web Application Server server role is running on the same computer as the
Deployment Web Service server role.
 Local administrator group membership on the computer where the Deployment Web
Service is running.
 Local administrator group membership on the computer where SQL Server is running.
 Sysadmin permission on the instance of SQL Server to be used for the configuration and
organization databases.
 Folder read and write permission on the Trace and CRMWeb folders, by default located
under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on
the local computer.
 Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService
subkeys in the Windows registry.
 PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and
appropriate membership is granted during Microsoft Dynamics CRM Server Setup.
92
 CRM_WPG group membership. This group is used for IIS worker processes. The group is
created and the membership is added during Microsoft Dynamics CRM Server Setup.
 The service account may need an SPN for the URL used to access the website that is
associated with it.
Application Service (CRMAppPool IIS Application Pool identity)
 Member of the Active Directory Domain Users group.
 Member of the Active Directory Performance Log Users group.
 Folder read and write permission on the Trace and CRMWeb folders, by default located
under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on
the local computer.
 Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService
subkeys in the Windows registry.
 CRM_WPG group membership. This group is used for IIS worker processes. The group is
created and the membership is added during Microsoft Dynamics CRM Server Setup.
 The service account may need an SPN for the URL used to access the website that is
associated with it.
IIS Application Pool identities running under Kernel-Mode authentication and SPNs
By default, IIS 7.0 and IIS 7.5 websites are configured to use Kernel-Mode authentication. When
you run the Microsoft Dynamics CRM website by using Kernel-Mode authentication, you might
not need to configure additional service principal names (SPNs) for the CRMAppPool identities.
To determine whether your IIS deployment requires SPNs, see Service Principal Name (SPN)
checklist for Kerberos authentication with IIS 7.0/7.5 .
What kind of service account should I choose?
When you specify an identity to run a Microsoft Dynamics CRM service, you can choose either a
domain user account or the Network Service account.
If the service interacts with network services, accesses domain resources like file shares or if it
uses linked server connections to other computers, you can use a minimally-privileged domain
account. Many server-to-server activities can be performed only with a domain user account
and can provide the most secure option. This account should be pre-created by domain
administration in your environment.
93
Note
When you configure a service to use a domain account, you can isolate the privileges for
the application, but must manually manage passwords or create a custom solution for
managing these passwords. Many server applications use this strategy to enhance
security, but this strategy requires additional administration and complexity. In these
deployments, service administrators spend a considerable amount of time on
maintenance tasks such as managing service passwords and service principal names
(SPNs), which are required for Kerberos authentication. In addition, these maintenance
tasks can disrupt service.
The Network Service account is a built-in account that has more access to resources and objects
than members of the Domain Users group. Services that run as the Network Service account
access network resources by using the credentials of the computer account in the format
<domain_name>\<computer_name>$. The actual name of the account is NT
AUTHORITY\NETWORK SERVICE.
Microsoft Dynamics CRM installation files
If you plan to install Microsoft Dynamics CRM from a location on the network, such as a network
share, you must make sure that the correct permissions are applied to the folder, preferably on
an NTFS volume, where the installation files are located. For example, you may want to allow
only members of the Domain Admins group permissions for the folder. This practice can help to
reduce the risk of attacks on the installation files that may compromise or alter them. For more
information about how to set permissions on files and folders on the Windows operating
system, see Windows Help.
See Also
Microsoft Dynamics CRM 2013 server roles
Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013
Security best practices for Microsoft Dynamics CRM
Administration best practices for on-premises deployments of Microsoft Dynamics CRM
Network ports for Microsoft Dynamics CRM
Known risks and vulnerabilities
Microsoft Dynamics CRM standards compliance and certification
94
Security best practices for Microsoft Dynamics CRM
Internet Information Services (IIS) is a mature web service that is included with Windows Server.
Microsoft Dynamics CRM depends on an efficient and secure IIS web service. Consider the
following:
 In the machine.config and web.config configuration files you can determine whether
debugging is enabled, and also if detailed error messages are sent to the client. You should
make sure that debugging is disabled on all production servers, and that a generic error
message is sent to the client if a problem occurs. This avoids unnecessary information about
the web server configuration being sent to the client.
 For file system level security, we recommend that you install the IIS web root on an NTFS
partition that doesn’t contain the operating system files. For example, C:\Inetpub is on a
typical system partition that contains operating system files, whereas D:\Inetpub is not.
 Make sure that the latest operating system and IIS service packs and updates are applied.
For the latest information, see the Microsoft Security website.
 Microsoft Dynamics CRM Server Setup creates application pools called CRMAppPool and
CRMDeploymentServiceAppPool that operate under user credentials that you specify
during Setup. To facilitate a least-privileged model, we recommend that you specify
separate domain user accounts for these application pools instead of using the Network
Service account. Additionally, we recommend that no other ASP.NET-connected application
be installed under these application pools. For information about the minimum permissions
required for these components, see “Minimum permissions required for Microsoft
Dynamics CRM Setup, services, and components” in Security considerations for Microsoft
Dynamics CRM 2013 in this guide.
Important
 All websites that are running on the same computer as the Microsoft Dynamics CRM
website can also have access to the CRM database.
 If you use a domain user account, before you run Microsoft Dynamics CRM Server Setup,
you may need to verify that the service principal name (SPN) is set correctly for that
account, and if necessary, set the correct SPN. For more information about SPNs and how to
set them, see How to use SPNs when you configure Web applications that are hosted on IIS.
Service principal name management in Microsoft
Dynamics CRM 2013
The service principal name (SPN) attribute is a multivalued, nonlinked attribute that is built from
the DNS host name. The SPN is used during mutual authentication between the client and the
server hosting a particular service. The client finds a computer account based on the SPN of the
service to which it is trying to connect.
95
The Microsoft Dynamics CRM Server 2013 installer deploys role-specific services and web
application pools that operate under user credentials specified during Setup. To review the
complete list of these roles and their permission requirements, see Minimum permissions required
for Microsoft Dynamics CRM Setup and services.
When you deploy a hosted Microsoft Dynamics CRM infrastructure, two of these roles may
require additional consideration:
 Deployment Web Service
 Application Service
In web farm scenarios, as is the case for a hosted offering, the recommendation is to leave
kernel-mode authentication enabled. In addition, you should closely consider using separate
domain user accounts to run these services because:
 Having separate service accounts for these server roles facilitates being able to implement
hardware load balancing.
 The Deployment Web Service server role requires elevated permissions to provision
organizations in the CRM database. If you want to adhere to a least-privileged model, the
safest approach for implementing SPNs in a hosted Microsoft Dynamics CRM infrastructure
involves having the Deployment Web Service run under a different domain user account
than the Application Service.
If you follow this suggestion to use separate domain accounts for these server roles, you should
check to make sure that the SPN is correct for each account before you start Microsoft Dynamics
CRM Server Setup. This will make it easier for you to set the correct SPN when necessary.
If kernel-mode authentication is enabled, the SPNs will be defined for the machine account,
regardless of the specified service account. When you implement a web farm, enable kernelmode authentication and change the local ApplicationHost.config file.
If application and deployment web services are running on the same system, and kernel-mode
authentication is disabled, you could configure both services to run under the same domaikuser
account to prevent duplicate SPN issues. If you can’t enable kernel-mode authentication, install
the Application and Deployment web services on separate systems. The SPNs may still need to
be created manually since kernel-mode authentication is disabled.
For more information about SPNs and how to set them, see Service Principal Name (SPN) checklist
for Kerberos authentication with IIS 7.0/7.5
See Also
Security considerations for Microsoft Dynamics CRM 2013
Administration best practices for on-premises deployments of Microsoft Dynamics CRM
96
Administration best practices for on-premises
deployments of Microsoft Dynamics CRM
By following some simple rules of administration, you can significantly improve the security of
your Microsoft Dynamics CRM on-premises deployment.
 Typically, there is no need for CRM users to have administrative privileges over the domain.
Therefore, all CRM user accounts should be restricted to Domain Users membership. Also,
following the principle of least-privilege, anyone who uses the CRM system should have
minimal rights. This starts at the domain level. A domain user account should be created and
used to run CRM. Domain Administrator accounts should never be used to run CRM.
 Limit the number of Microsoft Dynamics CRM Deployment Administrator and System
Administrator roles to a few people who are responsible for rule changes. Others who are
SQL Server, Microsoft Exchange Server, or Active Directory administrators do not have to be
members of the CRM users group.
 Make sure that at least two or three trusted people have the Deployment Administrator
role. This avoids system lockout if the primary Deployment Administrator is unavailable.
 In some organizations it is a common practice to reuse passwords across systems and
domains. For example, an administrator responsible for two domains may create Domain
Administrator accounts in each domain that use the same password, and even set local
administrator passwords on domain computers that are the same across the domain. In
such a case, a compromise of a single account or computer could lead to a compromise of
the entire domain. Passwords should never be reused in this manner.
 It is also common practice to use Domain Administrator accounts as service accounts for
common services such as back-up systems. However, it is a security risk to use Domain
Administrator accounts as service accounts. The password can easily be retrieved by anyone
who has administrative rights over the computer. In such a case, the compromise could
affect the entire domain. Service accounts should never be Domain Administrator accounts,
and they should be limited in privilege as much as possible.
 A domain user account that is specified to run a Microsoft Dynamics CRM service must not
also be configured as a CRM user. This can cause unexpected behavior in the application.
See Also
Security best practices for Microsoft Dynamics CRM
Microsoft Dynamics CRM security model
97
Network ports for Microsoft Dynamics CRM
This section describes the ports that are used for Microsoft Dynamics CRM. This information is
helpful as you configure the network when users connect through a firewall.
In This Topic
Network ports for the Microsoft Dynamics CRM web application
Network ports for the Asynchronous Service, Web Application Server, and Sandbox Processing Service
server roles
Network ports for the Deployment Web Service server role
Network ports that are used by the SQL Server that runs the SQL Server and Microsoft Dynamics CRM
Reporting Extensions server roles
Network ports for the Microsoft Dynamics CRM web
application
The following table lists the ports used for a server that is running a Full Server installation of
Microsoft Dynamics CRM. Moreover, except for the Microsoft SQL Server role, and the
Microsoft Dynamics CRM Reporting Extensions server role, all server roles are installed on the
same computer.
Protocol
Port
Description
Explanation
TCP
80
HTTP
Default web application
port. This port may be
different as it can be
changed during Microsoft
Dynamics CRM Server
Setup. For new websites,
the default port number is
5555.
TCP
135
MSRPC
RPC endpoint resolution.
TCP
139
NETBIOS-SSN
NETBIOS session service.
TCP
443
HTTPS
Default secure HTTP port.
The port number may
differ from the default
98
Protocol
Port
Description
Explanation
port. This secure network
transport must be
manually configured.
Although this port is not
required to run Microsoft
Dynamics CRM, we
strongly recommend it.
For information about
how to configure HTTPS
for CRM, see “Make
Microsoft Dynamics CRM
client-to-server network
communications more
secure” in PostInstallation and
Configuration Guidelines
in the Installing Guide.
TCP
445
Microsoft-DS
Active Directory service
required for Active
Directory access and
authentication.
UDP
123
NTP
Network Time Protocol.
UDP
137
NETBIOS-NS
NETBIOS name service.
UDP
138
NETBIOS-dgm
NETBIOS datagram
service.
UDP
445
Microsoft-DS
Active Directory service
required for Active
Directory access and
authentication.
UDP
1025
Blackjack
DCOM, used as an RPC
listener.
Important
99
Depending on your domain trust configuration, additional network ports may need to
be available for Microsoft Dynamics CRM to work correctly. More information: How to
configure a firewall for domains and trusts
Network ports for the Asynchronous Service, Web
Application Server, and Sandbox Processing Service
server roles
The following table lists the additional ports that are used for a deployment where the Sandbox
Processing Service is running on a separate computer.
Protocol
Port
Description
Explanation
TCP
808
CRM server role
communication
The Asynchronous Service and Web Application Server
services communicate to the Sandbox Processing Service
through this channel. The default port is 808, but can be
changed in the Windows registry by adding the DWORD
registry value TcpPort in the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM\.
Network ports for the Deployment Web Service server
role
The following table lists the additional port that is used by the Deployment Web Service server
role.
Protocol
Port
Description
Explanation
TCP
808
Used for Fetch-based
reports
Client computers that are
running Fetch-based
reports communicate
over this port when
communicating with the
computer that is running
the Deployment Web
Service server role.
100
Network ports that are used by the SQL Server that runs
the SQL Server and Microsoft Dynamics CRM Reporting
Extensions server roles
The following table lists the ports that are used for a computer that is running SQL Server and
has only SQL Server and the Microsoft Dynamics CRM Reporting Extensions (SRS Data
Connector) server roles installed.
Protocol
Port
Description
Explanation
TCP
135
MSRPC
RPC endpoint resolution.
TCP
139
NETBIOS-SSN
NETBIOS session service.
TCP
445
Microsoft-DS
Active Directory service
required for Active
Directory access and
authentication.
TCP
1433
ms-sql-s
SQL Server sockets
service. This port is
required for access to SQL
Server. This number may
be different if you have
configured your default
instance of SQL Server to
use a different port
number or you are using
a named instance.
UDP
123
NTP
Network Time Protocol.
UDP
137
NETBIOS-NS
NETBIOS name service.
UDP
138
NETBIOS-dgm
NETBIOS datagram
service.
UDP
445
Microsoft-DS
Active Directory service
required for Active
Directory access and
authentication.
101
Protocol
Port
Description
Explanation
UDP
1025
Blackjack
DCOM, used as an RPC
listener.
Important
In addition to the ports listed previously, UDP port 1434 (SQL Server Browser Service) on
the SQL Server is required by Microsoft Dynamics CRM Server Setup to return a list of
the computers that are running SQL Server during the installation of Microsoft
Dynamics CRM Server. To work around this, specify the SQLServer\InstanceName during
Setup.
See Also
Microsoft Dynamics CRM security model
Known risks and vulnerabilities
Known risks and vulnerabilities
This topic describes the risks and vulnerabilities that may exist when you use Microsoft
Dynamics CRM. Mitigations and workarounds are also described when applicable.
In This Topic
Risks when users connect to CRM over an unsecured network
Security recommendations on server role deployments
Anonymous authentication
Isolate the HelpServer role for Internet-facing deployments
Claims-based authentication issues and limitations
Secure the <notLocalizable
xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">web.config</notLocalizable> file
Outbound Internet calls from custom code executed by the Sandbox Processing Service are enabled
Secure server-to-server communication
DNS rebinding attacks
102
Risks when users connect to CRM over an unsecured
network
Issues that can occur when you run Microsoft Dynamics CRM without using Secure Sockets
Layer (SSL) (HTTPS) are as follows:
 Microsoft Dynamics CRM user provided data, including Visual chart definitions, can be
altered over an unsecured HTTP connection by using "man in the middle" type attacks. To
mitigate this vulnerability, configure Microsoft Dynamics CRM to only use SSL. For more
information about how to configure Microsoft Dynamics CRM Server 2013 to use SSL, see
Make Microsoft Dynamics CRM client-to-server network communications more secure.
Security recommendations on server role deployments
The following recommendations can help make your Microsoft Dynamics CRM deployment
more reliable and secure.
Server role
Recommendation
Sandbox Processing Service
Install this role to a dedicated server on a
separate virtual LAN (VLAN) from other
computers that are running Microsoft
Dynamics CRM roles. Then, if there is a
malicious plug-in running in the sandbox that
exploits the computer, the network isolation
from a separate VLAN can help protect other
CRM resources from being compromised.
Help Server
Install this role on a separate computer for
both IFD and internally-facing deployments.
For more information, see Isolate the HelpServer
role for Internet-facing deployments later in this
topic.
Anonymous authentication
Microsoft Dynamics CRM Internet-facing deployment (IFD) requires anonymous authentication
enabled on IIS for claims-based authentication. Notice that the claims-based authentication
token doesn’t contain raw credentials or the connection string to Microsoft Dynamics CRM
Server. However, the web.config file does contain configuration information about the
authentication mode. For more information, see Secure the <notLocalizable
103
xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">web.config</notLocalizable> file later in
this topic. To secure the Microsoft Dynamics CRM website, use SSL.
Isolate the HelpServer role for Internet-facing
deployments
Microsoft Dynamics CRM Internet-facing deployment (IFD) require anonymous authentication.
Because anonymous website authentication is used, the virtual directory used by the Microsoft
Dynamics CRM Help site can be targeted for denial of service (DoS) attacks.
To isolate the Microsoft Dynamics CRM Help pages, and help protect the other Microsoft
Dynamics CRM 2013 roles from potential DoS attacks, consider installing the Help Server role on
a separate computer.
For more information about the options for installing Microsoft Dynamics CRM roles on
separate computers, see Microsoft Dynamics CRM 2013 server roles.
For more information about reducing the risk of DoS attacks, see Improving Web Application
Security: Threats and Counter-measures.
Claims-based authentication issues and limitations
This topic describes issues and limitations when you use claims-based authentication with
Microsoft Dynamics CRM.
Verify that the identity provider uses a strong password policy
When you use claims-based authentication, we recommend that you verify that the identity
provider that is trusted by the security token service (STS) and, in turn, Microsoft Dynamics
CRM, enforces strong password policies. Microsoft Dynamics CRM itself doesn’t enforce strong
passwords. By default, when it is used as an identity provider, Active Directory enforces a strong
password policy.
AD FS federation server sessions are valid up to 8 hours even for
deactivated or deleted users
By default, Active Directory Federation Services (AD FS) server tokens allocate a web single signon (SSO) cookie expiration of eight (8) hours. Therefore, even when a user is deactivated or
deleted from an authentication provider, such as AD FS 2.0, as long as the user session is still
active the user can continue to be authenticated to secure resources.
To work around this issue, choose from the following options.
104
 Disable the user in Microsoft Dynamics CRM and in Active Directory. For information about
how to disable a user in Microsoft Dynamics CRM, see Enable or disable a user record. For
information about how to disable a user in Active Directory, see the Active Directory Users
and Computers Help.
 Reduce the web SSO lifetime. To do this, see the Active Directory Federation Services (AD
FS) Management Help.
Secure the
The web.config file that is created by Microsoft Dynamics CRM does not contain connection
strings or encryption keys. However, the file does contain configuration information about the
authentication mode and strategy, ASP.NET view state information, and debug error message
display. If this file is modified with malicious intent it can threaten the server where Microsoft
Dynamics CRM is running. To help secure the web.config file, we recommend the following:
 Grant permissions to the folder where the web.config file is located to include only those
user accounts that require it, such as administrators. By default, the web.config file is
located in the <drive:>Program Files\Microsoft Dynamics CRM\CRMWeb folder.
 Limit the number of users who have interactive access to CRM servers, such as console
logon permission.
 Disable directory browsing on the CRM website. By default, this is disabled. For more
information about how to disable directory browsing, see Internet Information Services (IIS)
Manager Help.
Outbound Internet calls from custom code executed by
the Sandbox Processing Service are enabled
By default, outbound calls from custom code executed by the Microsoft Dynamics CRM Sandbox
Processing Service that access services on the Internet are enabled. For high-security
deployments of Microsoft Dynamics CRM, this could pose a security risk. If you do not want to
allow outbound calls from custom code, such as CRM plug-ins or custom workflow activities, you
can disable outbound connections from custom code executed by the Sandbox Processing
Service by following the procedure here.
Instead of blocking all outbound calls, you can enforce web access restrictions on sandboxed
plug-ins. More information: Plug-in Isolation, Trusts, and Statistics
Notice that disabling outbound connections for custom code includes disabling calls to cloud
platforms such as Windows Azure and Windows Azure SQL Database.
105
Disable outbound connections for custom code on the computer that is running the
sandbox processing service
1. On the Windows Server computer where the Microsoft Dynamics CRM Sandbox
Processing Service server role is installed, start Registry Editor and locate the following
subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSCRM
2. Right-click MSCRM, point to New, click DWORD Value, type
SandboxWorkerDisableOutboundCalls, and then press ENTER.
3. Right-click SandboxWorkerDisableOutboundCalls, click Modify, type 1, and then press
ENTER.
4. Close Registry Editor.
5. Restart the Sandbox Processing Service. To do this, click Start, type services.msc, and
then press ENTER.
6. Right-click Microsoft Dynamics CRM Sandbox Processing Service, and then click
Restart.
7. Close the Microsoft Management Console (MMC) Services snap-in.
Secure server-to-server communication
By default, Microsoft Dynamics CRM server-to-server communication, such as communication
between the Web Application Server role and the server that is running Microsoft SQL Server,
isn’t executed over a security channel. Therefore, information that is transmitted between
servers may be susceptible to certain attacks, such as man-in-the-middle attacks.
We recommend that you implement Internet Protocol security (IPsec) to help protect
information that is transmitted between servers in your organization. IPsec is a framework of
open standards for protecting communications over Internet Protocol (IP) networks through the
use of cryptographic security services. More information: IPsec
DNS rebinding attacks
Like many web-based applications, Microsoft Dynamics CRM may be vulnerable to DNS
rebinding attacks. This exploit involves misleading a web browser into retrieving pages from two
different servers thereby trusting that the servers are from the same domain and subsequently
breaking the Same Origin Policy. Using this technique, an attacker can tamper with CRM data by
using the victim’s identity through cross-site scripting attacks on CRM pages.
For more information about how to help protect against such attacks, see Protecting Browsers
from DNS Rebinding Attacks.
106
See Also
Network ports for Microsoft Dynamics CRM
Microsoft Dynamics CRM 2013 supported configurations
Microsoft Dynamics CRM standards compliance and
certification
The topics in this section contain information about Microsoft Dynamics CRM Server 2011
compliance with security standards and certification.
Security standards compliance
Compliance can affect many organizations, large and small, either through regulatory
requirements or organizational policies.
FIPS 140-2 compliance
Microsoft Dynamics CRM can be configured to be compliant with the Federal Information
Processing Standard (FIPS) 140-2, which is a publication titled "Security Requirements for
Cryptographic Modules." It specifies which encryption algorithms and hashing algorithms can be
used, and how encryption keys are to be generated and managed. For more information about
how to configure Microsoft Dynamics CRM Server 2011 for FIPS 140-2 compliance, see FIPS 140-2
Compliancy with Microsoft Dynamics CRM 2011.
Certification
Microsoft Dynamics CRM Server 2011 is certified for Windows Server 2008 R2. For a list of issues
that were identified during logo certification, see MicrosoftDynamicsCRM2011WindowsLogo.doc on
the Microsoft Dynamics CRM 2011 Implementation Guide download page.
See Also
Security considerations for Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 supported configurations
107
Microsoft Dynamics CRM 2013 supported
configurations
This section describes the supported network, domain, and server configurations for Microsoft
Dynamics CRM, which supports multiple domains in either a native- or interim-mode
environment.
Active Directory requirements
The Active Directory requirements are as follows:
 The computers that run Microsoft Dynamics CRM Server 2013 roles and the computer that
runs SQL Server, where the Microsoft Dynamics CRM databases are located, must be in the
same Active Directory domain.
 The Active Directory domain where a Microsoft Dynamics CRM Server 2013 role is located
must run in Windows Server 2003 interim, Windows Server 2003 native, or any Windows
Server 2008 or Windows Server 2012 domain modes.
 The Active Directory forest where a Microsoft Dynamics CRM Server 2013 role is located can
run in Windows Server 2003 interim, Windows Server 2003, Windows Server 2008, or
Windows Server 2012 forest functional levels.
 The user account that is used to run a Microsoft Dynamics CRM service must be in the same
domain as the computer that is running the Microsoft Dynamics CRM Server 2013 role.
 The Microsoft Dynamics CRM security groups (PrivUserGroup, SQLAccessGroup,
ReportingGroup, and PrivReportingGroup) must be in the same domain as the computer
that is running Microsoft Dynamics CRM. These security groups can be located in the same
organizational unit (OU) or in different OUs. To use security groups that are located in
different OUs, you must install Microsoft Dynamics CRM Server 2013 by using an XML
configuration file and specify the correct distinguished name for each pre-existing security
group within the <Groups> element. More information: Sample server XML configuration
file for installing with pre-created groups
Important
Direct user account membership to the Microsoft Dynamics CRM privusergroup
security group is required and group membership nesting under privusergroup
currently is not supported. For example, if you add a security group named
mycrmprivgroupusers to privusergroup, members of mycrmprivgroupusers will not
resolve as privusergroup members. This includes the CRMAppPool or the SQL Server
Reporting Services service identities, which if granted membership to privusergroup
through another security group, can cause system-wide failures in the Microsoft
Dynamics CRM web application and reporting features.
108
 For users who access Microsoft Dynamics CRM from another domain and are not using
claims-based authentication, a one-way trust must exist in which the domain where the
Microsoft Dynamics CRM Server 2013 is located trusts the domain where the users are
located.
 For users who access Microsoft Dynamics CRM from another forest and are not using
claims-based authentication, a two-way trust must exist between the forests.
Important
 When you add multiple users who are located in a domain that is a different one than the
domain where the Microsoft Dynamics CRM Server is located, you must have one of the
following conditions:
 A one-way trust in which the domain where the users are located trusts the domain
where the Microsoft Dynamics CRM Server is located.
 A two-way trust between the user’s domain and the domain where the Microsoft
Dynamics CRM Server is located.
 The user information will not appear on the User form when you add users to Microsoft
Dynamics CRM who are located in a remote domain that does not have a trust to the
domain where Microsoft Dynamics CRM Server is located. More information: The user
information is not automatically populated in the required fields when you add a user to Microsoft
Dynamics CRM
Single-server deployment
For small user bases, a Microsoft Dynamics CRM Server (any edition) can be deployed in a
single-server configuration, with Microsoft Dynamics CRM Server 2013, SQL Server, Microsoft
SQL Server Reporting Services, and optionally Microsoft Exchange Server installed and running
on the same computer.
Single-server deployments are not recommended for best experience in application
performance and disaster recovery.
There is one limitation to single-server deployments: the server where Microsoft Dynamics CRM
Server 2013 is installed cannot also function as a domain controller, unless it is running
Windows Small Business Server. If the computer is a member server (not functioning as a
domain controller), you can deploy a single-server Microsoft Dynamics CRM solution on any
other supported version of Windows Server.
Important
Except for Windows Small Business Server, Microsoft Dynamics CRM is not supported
when you install it on an Active Directory domain controller.
109
See Also
Security considerations for Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM multiple-server deployment
Microsoft Dynamics CRM multiple-server
deployment
Microsoft Dynamics CRM Server 2013 deployments can include multiple servers, which provide
additional performance and scaling benefits. However, with Microsoft Dynamics CRM
Workgroup Server 2013, server roles cannot be installed on separate computers. Therefore, all
server roles are installed on every computer where you install Microsoft Dynamics CRM Server
2013.
Install server roles by running Microsoft Dynamics CRM
Server Setup
During Microsoft Dynamics CRM Server Setup, you can select to install a server role:
 Individually.
 As one of the three predefined groups of server roles.
 As a full server installation that includes all roles.
Server roles let you increase flexibility and scalability of the Microsoft Dynamics CRM
deployment. Note that all server roles must be running and available on the network to provide
a fully functioning Microsoft Dynamics CRM system.
Install server roles by running Microsoft Dynamics CRM Server 2013 at the
command prompt
You can install Microsoft Dynamics CRM Server roles and Microsoft Dynamics CRM Reporting
Extensions from their respective installation disks or file download location unattended by using
the command prompt. The required setup information is provided to the Setup program both as
command-line parameters and as an XML configuration file that the Setup program references.
More information: Use the Command Prompt to Install Microsoft Dynamics CRM.
110
Microsoft Dynamics CRM Server 2013 placement
For improved application performance, the computer or computers that run the Microsoft
Dynamics CRM Server 2013 roles and the computer that is running SQL Server should be on the
same LAN. This is because of the large amount of network traffic passing between the
computers. This is also recommended with Active Directory where the computer or computers
on which Microsoft Dynamics CRM Server 2013 and the Active Directory domain controller are
running should be on the same LAN to guarantee efficient Active Directory access to Microsoft
Dynamics CRM.
SQL Server and Active Directory domain controller
placement
For each organization, Microsoft Dynamics CRM stores all customer relationship management
data in a SQL Server database. Make sure that the computer on which SQL Server is running that
maintains the Microsoft Dynamics CRM databases is located near the Microsoft Dynamics CRM
Server 2013. This means there should be a high-speed, permanent network connection between
the Microsoft Dynamics CRM Server 2013 and the computer that is running SQL Server. A
network communications failure between these computers can result in data loss and service
becoming unavailable.
The same is true for Active Directory because Microsoft Dynamics CRM depends on it for
security information. If communication with Active Directory is lost, Microsoft Dynamics CRM
will not function correctly. If communication with Active Directory is inefficient, Microsoft
Dynamics CRM performance will be affected. Therefore, it is important to put an Active
Directory domain controller on the same high-speed, permanent network connection as the
Microsoft Dynamics CRM and SQL Server computers.
See Also
Microsoft Dynamics CRM 2013 supported configurations
Microsoft Dynamics CRM 2013 server roles
Microsoft Dynamics CRM 2013 server roles
In Microsoft Dynamics CRM Server 2013, you can install specific server functionality,
components, and services on different computers. These components and services correspond
to specific server roles. For example, customers who have larger user bases can install the Front
End Server role on two or more servers that run Internet Information Services (IIS) to increase
throughput performance for users. Or, a Full Server role can be installed on one computer and
111
Microsoft Dynamics CRM Reporting Extensions on another. If a server role is missing,
Deployment Manager displays a message in the Messages area.
Use one of the following options to install server roles:
 Run the Microsoft Dynamics CRM Server Setup Wizard to select one or more server role
groups or one or more individual server roles. If Microsoft Dynamics CRM Server 2013 is
already installed, you can use Programs and Features in Control Panel to add or remove
server roles.
 Configure an XML Setup configuration file and then run Setup at the command prompt to
specify a server role group or one or more individual server roles. You cannot explicitly
select the SQL Server "role" for installation during Microsoft Dynamics CRM Server Setup.
This is a logical role that SQL Server sets when you specify a particular instance of SQL
Server, either local or on another computer (recommended) for use in the Microsoft
Dynamics CRM deployment. For more information, see Microsoft Dynamics CRM 2013 Server
XML configuration file.
Note
At any time after the initial installation of server roles, you can add or remove server
roles in Control Panel. For more information, see Uninstall, change, or repair instructions.
Important
If you have a Microsoft Dynamics CRM deployment that includes one or more Front End
Server and Back End Server roles, the Language Pack must be installed on the computer
that has the Front End Server role. If you have deployed individual server roles, the
Language Packs must be installed on the computers that are running the Web
Application Server and the Help Server roles.
In This Topic
Available group server roles
Available individual server roles
Scope definition
Installation method definition
Microsoft Dynamics CRM Server role requirements
Available group server roles
Although these server role groups are recommended for most deployments, any individual
server role may be installed during Setup.
112
All server roles must be running in your organization’s network to provide a fully functioning
system.
Server Role Group
Description
Scope
Installation Method
Full Server
Contains all roles from
Deployment
Front End Server, Back
End Server, and
Deployment
Administration Server. By
default, Microsoft
Dynamics CRM Server
Setup deploys the system
as Full Server. In a Full
Server deployment, server
roles are not listed
separately in Control
Panel. To view the
installed roles or make
changes, right-click
Microsoft Dynamics CRM
Server 2013, click
Uninstall/Change, and
then click Configure.
Full
Front End Server
Enables the server roles
for running client
applications and
applications developed
with the Microsoft
Dynamics CRM SDK.
Deployment
Group or Full
Back End Server
Includes the server roles
Deployment
that handle processing
asynchronous events,
such as workflows and
custom plug-ins, database
maintenance, and email
routing. These roles are
usually not exposed to the
Internet.
Group or Full
113
Server Role Group
Description
Scope
Installation Method
For a list of server roles
that are included in this
group, see the following
table.
Deployment
Administration Server
Enables the server roles
Deployment
for components that are
used to manage the
Microsoft Dynamics CRM
deployment either by
using the methods
described in the Microsoft
Dynamics CRM SDK or the
deployment tools. Also
includes the interface for
database disaster
recovery support.
Group or Full
For a list of server roles
that are included in this
group, see the following
table.
Available individual server roles
Server Role
Description
Discovery
Web Service
Organization
Web Service
Server Group
Scope
Installation Method
Finds the
Front End
organization that a Server
user belongs to in a
multi-tenant
deployment.
Deploymen
t
Individual, Group, or Full
Supports running
applications that
use the methods
described in the
Microsoft
Deploymen
t
Individual, Group, or Full
Front End
Server
114
Server Role
Description
Server Group
Scope
Installation Method
Dynamics CRM SDK
.
Web
Application
Server
Runs the Web
Application Server
that is used to
connect users to
Microsoft
Dynamics CRM
data. The Web
Application Server
role requires the
Organization Web
Service role.
Front End
Server
Deploymen
t
Individual, Group, or Full
Help Server
Makes Microsoft
Dynamics CRM
Help available to
users.
Front End
Server
Deploymen
t
Individual, Group, or Full
Asynchronou
s Service
Processes queued
asynchronous
events, such as
workflows, bulk email, or data
import.
Back End
Server
Deploymen
t
Individual, Group, or Full
Sandbox
Processing
Service
Enables an isolated
environment to
allow for the
execution of
custom code, such
as plug-ins. This
isolated
environment
reduces the
possibility of
custom code
affecting the
operation of the
Back End
Server
Deploymen
t
Individual, Group, or Full
115
Server Role
Description
Server Group
Scope
Installation Method
Back End
Server
Deploymen
t
Individual, Group, or Full
organizations.
Email
Integration
Service
Handles sending
and receiving of
email messages by
connecting to an
external email
server.
Deployment
Web Service
Manages the
Deployment
deployment by
Administratio
using the methods n Server
described in the
Microsoft
Dynamics CRM SDK
.
Deploymen
t
Individual, Group, or Full
Deployment
Tools
Consists of the
Deployment
Deployment
Administratio
Manager and
n Server
Windows
PowerShell
cmdlets. Microsoft
Dynamics CRM
administrators can
use the Windows
PowerShell cmdlets
to automate
Deployment
Manager tasks.
Deploymen
t
Individual, Group, or Full
Deployment
Manager is a
Microsoft
Management
Console (MMC)
snap-in that system
administrators can
use to manage
organizations,
servers, and
116
Server Role
Description
Server Group
Scope
Installation Method
licenses for
deployments of
Microsoft
Dynamics CRM.
Microsoft
Dynamics
CRM VSS
Writer
The Microsoft
Deployment
Dynamics CRM VSS Administratio
Writer service
n Server
provides an
interface to backup
and restore
Dynamics CRM
data by using the
Windows Server
Volume Shadow
Copy Service (VSS)
infrastructure.
Deploymen
t
Individual, Group, or Full
Microsoft
Dynamics
CRM
Reporting
Extensions
Provides reporting N/A
functionality by
interfacing with the
Microsoft
Dynamics CRM
system and
Microsoft SQL
Server Reporting
Services.
Deploymen
t
Individual by using
srsDataConnectorSetup.exe
.
SQL Server
Installs the
MSCRM_CONFIG
database on the
SQL Server.
Deploymen
t
Individual during Microsoft
Dynamics CRM Server
Setup or from Deployment
Manager Edit Organization
Wizard.
N/A
Scope definition
 Deployment. Each instance of the server role services the entire deployment.
 Organization. Each instance of the server role services an organization. Therefore, you can
use a different server role instance for a given organization.
117
Installation method definition
 Individual, Group, or Full. During Microsoft Dynamics CRM Server Setup, you can install a
server role individually, install one of the three predefined groups of server roles, or
perform a Full Server installation that includes all roles. Or, you can select multiple
individual server roles.
 srsDataConnectorSetup.exe. Install this role on the computer where Microsoft SQL Server
Reporting Services is running by using Microsoft SQL Server Reporting Services Setup.
For more information about Microsoft Dynamics CRM server roles and multiple server
deployment, see Install Microsoft Dynamics CRM Server 2013 on multiple computers in the Microsoft
Dynamics CRM Planning Guide.
Microsoft Dynamics CRM Server role requirements
The following table describes the components necessary for each Microsoft Dynamics CRM
Server role. An "X" indicates the component is required for the Microsoft Dynamics CRM Server
role to install and function. Notice that, in most cases if a component is not already installed,
Microsoft Dynamics CRM Server Setup will install it.
Microsoft Dynamics CRM Server Role Prerequisites
Component
Back End Server
Microsoft SQL Server
Reporting Services
ReportViewer control
Front End Server
Deployment
Administration Server
X
SQL Server Native Client
X
X
X
Microsoft Application
Error Reporting Tool
X
X
X
Microsoft Visual C++
Runtime Library
X
X
X
Windows Identity
Foundation (WIF)
Framework
X
X
X
X
X
Windows Server 2008
Web Server Role
118
Component
Back End Server
Indexing Service
Front End Server
Deployment
Administration Server
X
Microsoft .NET
Framework 4
X
X
Microsoft Chart Controls
for Microsoft .NET
Framework
Windows Azure
platform AppFabric SDK
X
X
X
X
Windows PowerShell
X
X
Microsoft URL Rewrite
Module for IIS
X
File Server Resource
Manager
X
The following table describes the group membership for the Active Directory that is used by
Microsoft Dynamics CRM. An “X” indicates the group membership required for the service to
function.
Group Membership Requirements
Service
PrivUserGroup
SQLAccessGroup
Deployment
Web Service
service
account
X
X
Web
Application
Service*
X
X
Asynchronous
Service service
X
X
PrivReportingGroup
ReportingGroup
119
Service
PrivUserGroup
SQLAccessGroup
PrivReportingGroup
ReportingGroup
account
Sandbox
Processing
Service service
account**
SQL Server
service
account
X
Microsoft SQL X
Server
Reporting
Services server
account
Email Router
service
account
X
X
Installing
User/Service
account
X
Individual user
accounts in
Microsoft
Dynamics CRM
X
Unzip Service
service
account
X
Microsoft
X
Dynamics CRM
VSS Writer
service
account
X
120
* The Web Application Service identity is applied to the CRMAppPool application pool.
Subsequently, this identity is used by the Organization Service, Web Application, and Microsoft
Dynamics CRM platform.
** The Sandbox Service does not need any Microsoft Dynamics CRM group membership.
Note
Email Router runs as a local system.
Important
 The Installing user should be a separate service account, but it should not be used to run any
services.
 If any of the service accounts are created as users in Microsoft Dynamics CRM, you may
encounter various problems, some of which are potential security issues.
See Also
Microsoft Dynamics CRM multiple-server deployment
Support for Microsoft Dynamics CRM multiple-server topologies
Support for Microsoft Dynamics CRM multipleserver topologies
This section provides examples of various multiple-server topologies.
In This Topic
Six-server topology
Multi-forest and multi-domain with Internet access Active Directory topology
Six-server topology
The six-server topology is for small to midsize user bases, typically 25 or fewer users
concurrently using Microsoft Dynamics CRM. The following example depicts a possible
configuration running a supported version of Windows Server and the required and optional
software technologies. It also includes a Full Server deployment of Microsoft Dynamics CRM
Server that is configured for an Internet-facing deployment (IFD). For a complete list of the
supported versions of these components, see Software requirements for Microsoft Dynamics CRM
Server 2013.
121
A five server topology can consist of the following configuration:
 Server 1: Running on Microsoft Windows Server as a functioning domain controller.
 Server 2: Running on Windows Server as a secondary domain controller.
 Server 3: Running on Windows Server, running IIS with a Full Server installation of Microsoft
Dynamics CRM, where all Microsoft Dynamics CRM server roles are installed on the same
computer.
 Server 4: Running on Windows Server with an instance of Microsoft SQL Server and running
Microsoft Dynamics CRM Reporting Extensions.
 Server 5: Running on Windows Server with Microsoft Exchange Server for email message
routing.
 Server 6: Running on Windows Server with Active Directory Federation Services (AD FS)
(required for Microsoft Dynamics CRM IFD).
 CRMClient, tablet and phone devices. These computers and devices are running
applications that are available, such as CRM for Outlook, Microsoft Dynamics CRM for
tablets, and Microsoft Dynamics CRM for phones.
122
Basic Microsoft Dynamics CRM 2013 six-server topology
Multi-forest and multi-domain with Internet access
Active Directory topology
For very large user bases that span multiple domains and, in some cases, forests, the following
configuration is supported. The following example depicts a possible configuration running a
particular version of Windows Server and required software such as SQL Server and Microsoft
SharePoint.
The text and diagram show a possible deployment that lets users access Microsoft Dynamics
CRM 2013 through the Internet by implementing Active Directory Federation Services (AD FS)
supported by Front End Server roles that are isolated from user and resource domains on a
perimeter network (also known as DMZ, demilitarized zone, and screened subnet) model.
For a complete list of the supported versions of these software technologies, see Software
requirements for Microsoft Dynamics CRM Server 2013.
123
Forest X: Domain A: Perimeter subnet
 Network Load Balanced (NLB) virtual server consisting of the following two nodes.
 Front End Server: Running Windows Server and Microsoft Dynamics CRM Server with
the Front End Server role.
 Front End Server: Another Windows Server running Microsoft Dynamics CRM Server
with the Front End Server role.
 Active Directory Federation Services (AD FS) Server: Running on Windows Server as the
Internet-facing claims-based authentication security token service.
Forest X: Domain A: Intranet
 NLB virtual server consisting of the following two nodes.
 Windows Server, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM
Reporting Extensions for SQL Server Reporting Services (Server X).
 Windows Server, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM
Reporting Extensions for SQL Server Reporting Services (Server Y).
 NLB virtual server consisting of the following nodes.
 Front End Server: Running Windows Server and Microsoft Dynamics CRM Server with
the Front End Server role.
 Front End Server: Another Windows Server running Microsoft Dynamics CRM Server
with the Front End Server role.
 Microsoft SQL Server failover cluster running the following two nodes.
 Windows Server, SQL Server database engine (Server X).
 Windows Server, SQL Server database engine (Server Y).
 Windows Server running the Asynchronous Service server role.
 Windows Server running the Sandbox Processing Service server role.
 Windows Server running the Active Directory Federation Services (AD FS) Windows Server
role.
 Windows Server running Microsoft SharePoint (required for document management).
Forest Y: Domain B: Intranet
 Exchange Server failover cluster consisting of the following two nodes.
 Windows Server running Exchange Server (Server X).
 Windows Server running Exchange Server (Server Y).
124
Internet access to Microsoft Dynamics CRM 2013 topology example
See Also
Microsoft Dynamics CRM multiple-server deployment
Upgrading from Microsoft Dynamics CRM 2011
Upgrading from Microsoft Dynamics CRM 2011
The only supported upgrade path to Microsoft Dynamics CRM 2013 is from Microsoft Dynamics
CRM 2011. This section provides guidelines for preparing for an upgrade to Microsoft Dynamics
CRM 2013. Performing these tasks in advance can help minimize system downtime and ensure a
successful upgrade. Also, this section describes how Microsoft Dynamics CRM 2013 upgrades
125
your current system and what happens to items such as existing reports, customizations, and
solutions.
Microsoft Dynamics CRM 2011 server roles are not compatible with a Microsoft Dynamics CRM
2013 deployment. Therefore, after you upgrade the first Microsoft Dynamics CRM 2011 server,
other Microsoft Dynamics CRM 2011 servers that are running in the deployment will become
disabled. As each server is upgraded, the corresponding server will be enabled.
You can upgrade Microsoft Dynamics CRM 2011 server roles in any order. However, to have a
fully functioning Microsoft Dynamics CRM deployment, all servers and server roles must be
upgraded.
For an overview of the upgrade process, see the whitepaper: How to Prepare for the Upgrade to
Microsoft Dynamics CRM 2013
In This Topic
Recommended upgrade steps
Microsoft Dynamics CRM Server upgrade options
Microsoft Dynamics CRM 2011 Server versions supported for upgrade
Microsoft Dynamics CRM 2011 for Outlook versions supported for upgrade
Microsoft Dynamics CRM software and components not supported for in-place upgrade
Upgrade product key
User permissions and privileges
Sharing a SQL Server
Tips for a successful upgrade
Next steps
Recommended upgrade steps
To ease the upgrade process and minimize downtime, we recommend that you use the
following order when you upgrade Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM
2013.
1. Make sure all Microsoft Dynamics CRM 2011 for Outlook clients are running Microsoft
Dynamics CRM 2011 Update Rollup 12 or a later update rollup. Doing so provides Microsoft
Dynamics CRM 2011 for Outlook the capability to connect and use Microsoft Dynamics CRM
Server 2013.
126
2. Upgrade all Microsoft Dynamics CRM 2011 servers and organizations to Microsoft Dynamics
CRM Server 2013.
3. Upgrade Microsoft Dynamics CRM 2011 for Outlook to Microsoft Dynamics CRM 2013 for
Microsoft Office Outlook. Upgrading to CRM 2013 for Outlook provides Go offline capability.
Microsoft Dynamics CRM Server upgrade options
There are three different upgrade options:
 Migrate by using a new instance of SQL Server. We recommend this option for upgrading
from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. Although this option
requires a different computer for Microsoft Dynamics CRM 2013 and a different instance of
SQL Server, it provides the least amount of potential downtime for Microsoft Dynamics CRM
users since the Microsoft Dynamics CRM 2011 deployment can remain functioning until the
upgrade is completed and verified.
 Migrate by using the same instance of SQL Server. This option requires a different
computer for Microsoft Dynamics CRM Server 2013, but will upgrade in-place the
configuration and default organization databases using the same instance of SQL Server. If
issues occur during the upgrade, you must roll back to Microsoft Dynamics CRM 2011 to
avoid significant downtime.
 In-place upgrade. Although this option does not require a different computer for Microsoft
Dynamics CRM Server 2013 or a different instance of SQL Server, it poses the greatest risk if
upgrade issues occur because a roll back and reinstall of Microsoft Dynamics CRM will be
required to avoid potential downtime.
For detailed procedures for each of these options, see the Upgrade from Microsoft Dynamics
CRM 4.0 topics in the Installing Guide.
For the latest product information, see the Microsoft Dynamics CRM 2013 and Microsoft Dynamics
CRM Online Readme.
Important
Always run a full backup of the Microsoft Dynamics CRM databases before you upgrade
to a new version of the product. For information about database backups, see Backing Up
the Microsoft Dynamics CRM System in the Operating and Maintaining Guide.
During an in-place upgrade, only the organization that you specify to upgrade to
Microsoft Dynamics CRM 2011 is upgraded. If the Microsoft Dynamics CRM 2011
deployment contains additional organizations, those organizations are disabled and are
not upgraded. You must upgrade those organizations using Deployment Manager. For
more information, see Deployment Manager Help.
For each organization that you upgrade, we recommend that the volume have free
space that is at least three times the size of the organization database file
127
(organizationName_MSCRM.mdf) and four times the size of the log file
(organizationName_MSCRM.ldf). For example, if a single organization database and log
file are located on the same volume where the mdf file is 326 MB and the ldf file is 56
MB, the recommended available space should be at least 1.2 GB to allow for growth
((326 x 3) + (56 x 4)). Notice that the database files that expand during upgrade do not
reduce in size after the upgrade is complete.
As part of organization upgrade, all entitynameBase and entitynameExtensionBase
tables will be merged into a single table. To reduce downtime, consider deferring the
table merge of large organization databases that are highly customized so that the table
merge process can be run as a separate upgrade operation. For more information, see
Run the Base and Extension table merge as a separate operation.
Microsoft Dynamics CRM 2011 Server versions supported
for upgrade
The following Microsoft Dynamics CRM 2011 update rollup versions are supported for upgrade
to Microsoft Dynamics CRM Server 2013. All other update rollup versions will receive an error
message resembling the following and will not be upgraded.
The installed version of Microsoft Dynamics CRM Server cannot be upgraded to Microsoft
Dynamics CRM 2013. For more information, see the Microsoft Dynamics CRM Implementation
Guide.
 Microsoft Dynamics CRM 2011 Update Rollup 14 or later update rollup.
 Microsoft Dynamics CRM 2011 Update Rollup 6 (Not recommended).
Microsoft Dynamics CRM 2011 for Outlook versions
supported for upgrade
The following Microsoft Dynamics CRM 2011 update rollup versions are supported for upgrade
to Microsoft Dynamics CRM 2013 for Microsoft Office Outlook.
 Microsoft Dynamics CRM 2011 Update Rollup 12
 Microsoft Dynamics CRM 2011 Update Rollup 6 (Not recommended).
Microsoft Dynamics CRM software and components not
supported for in-place upgrade
The following products and solutions are not supported by Microsoft Dynamics CRM 2013 and
will not be upgraded during Microsoft Dynamics CRM Setup. If you upgrade a Microsoft
128
Dynamics CRM 2011 system that includes the product or solution listed below, or you install
these components after you install Microsoft Dynamics CRM, these products or solutions may
not function correctly. We recommend that you uninstall or manually remove the component
before you upgrade.
 Microsoft Dynamics CRM 2011 Reporting Extensions
 Microsoft Dynamics CRM 2011 Email Router
 Microsoft Dynamics CRM List Component for SharePoint Server
 Connector for Microsoft Dynamics
Important
Microsoft Dynamics CRM 4.0 is not supported for upgrade. However, you can upgrade
Microsoft Dynamics CRM 4.0 Server to Microsoft Dynamics CRM Server 2011 by using a
trial product key, and then upgrade to Microsoft Dynamics CRM Server 2013. For
instructions about how to migrate from Microsoft Dynamics CRM 4.0 to Microsoft
Dynamics CRM 2013, see Migrate from Microsoft Dynamics CRM 4.0 Server to
Microsoft Dynamics CRM 2013 Server.
Upgrade product key
Before the upgrade, obtain the product key that you will enter during the upgrade. In Microsoft
Dynamics CRM 2013, the server and client keys are combined so that you enter only one key.
For more information, see Microsoft Dynamics CRM editions and licensing in this guide.
If you want to make system changes that require changes to your existing Microsoft Dynamics
CRM licensing agreement, see How to buy Microsoft Dynamics.
User permissions and privileges
To perform a successful upgrade, the user who runs Microsoft Dynamics CRM Setup must:
 Have an account in the same Active Directory domain as the server or servers that are being
upgraded.
 Be a member of both the Deployment Administrator Role and the Microsoft Dynamics CRM
System Administrator Role.
 Have administrator rights on the SQL Server and Reporting Services server associated with
the deployment that is being upgraded.
 Have sufficient permissions to create new security groups in the Active Directory
organizational unit that contains the existing Microsoft Dynamics CRM groups.
129
Sharing a SQL Server
Only one Microsoft Dynamics CRM deployment per instance of SQL Server is supported. This is
because each Microsoft Dynamics CRM deployment requires its own MSCRM_CONFIG database,
and multiple instances of the MSCRM_CONFIG database cannot coexist on the same instance of
SQL Server. If you have multiple SQL Server instances running on the same computer, you can
host the databases for multiple Microsoft Dynamics CRM deployment on the same computer.
However, this might decrease system performance.
Tips for a successful upgrade
The following issues, if applicable to your current Microsoft Dynamics CRM 2011 deployment,
should be resolved before you start the upgrade.
Maximum number of attributes exceeded
If you have more than 1023 attributes defined for an entity, you must delete the additional
attributes before you run the upgrade. The upgrade will fail with the following message if you
have more than 1023 attributes.
CREATE VIEW failed because column 'column_name' in view 'view_name' exceeds the maximum
of 1024 columns.
Remove custom database objects
The Microsoft Dynamics CRM databases often change from one major release to the next
because of database redesign.
We suggest that, if you have added custom database objects such as triggers, statistics, stored
procedures, and certain indexes, you remove those objects from the configuration and
organization databases. In many cases, Microsoft Dynamics CRM Server Setup displays a
warning when these objects are detected.
Remove the ignorechecks registry subkey
If you have manually added the ignorechecks registry subkey on the Microsoft Dynamics CRM
Server 2011 remove it before you start the upgrade. For more information, see You cannot deploy
Microsoft Dynamics CRM by using an account that does not have local administrator permissions on
Microsoft SQL Server.
130
If you are upgrading from Microsoft Dynamics CRM 2011 Update Rollup 6,
indexes will be added during upgrade
Microsoft Dynamics CRM 2011 Update Rollup 12 introduced new indexes for entities in the
Quick Find Search Optimization feature. Therefore, if you upgrade from Microsoft Dynamics
CRM 2011 Update Rollup 6, these indexes will be created during Microsoft Dynamics CRM
Server 2013 Setup and you may notice that part of the upgrade will take longer to complete.
The reason for this is that the indexes need to be populated and based on the size of your
dataset the completion time will vary. Additionally, if you have existing custom indexes in the
organization database that use the same index name, they will be overwritten during upgrade.
For more information including a list of the indexes added, see Indexes added with Microsoft
Dynamics CRM 2011 Update Rollup 12.
Consider rescheduling base and extension table merge
By default, during an organization upgrade, every base and extension table will become merged.
For large organization databases that are highly customized the merging may take several hours
to complete. For more information, see Run the Base and Extension table merge as a separate
operation.
Next steps
Read more about upgrade in the following topics:
 Before you upgrade: issues and considerations
 Upgrade the Microsoft Dynamics CRM Deployment
 Upgrade Microsoft Dynamics CRM for Outlook
See Also
Microsoft Dynamics CRM 2013 supported configurations
Upgrade Microsoft Dynamics CRM for Outlook
Before you upgrade: issues and considerations
This section describes the changes and known issues that occur as a result of upgrading from
Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. This section also describes the
things that may impact your deployment after the upgrade is complete.
131
In This Topic
What has changed in supported products and technologies?
End of support for outdated programmability features
Delete connections to enable use of access teams
Changes to duplicate detection
Microsoft Lync presence not supported in some areas
Update your customizations for the new user interface
What has changed in supported products and
technologies?
In support of the latest technologies and in compliance with the Microsoft Support Lifecycle,
obsolete platform products and technologies will no longer be supported in the next major
release of Microsoft Dynamics CRM. For more information, see What’s changing in the next major
release.
End of support for outdated programmability features
There are several Microsoft Dynamics CRM 4.0 features that will be removed or will no longer
be supported after the upgrade to Microsoft Dynamics CRM 2013. For more information, see
What’s changing in the next major release.
You can use the Custom Code Validation Tool to examine your web resources and show you
where there might be some problems. The issues that are flagged are either using unsupported
coding processes or using the Microsoft Dynamics CRM 4.0 objects and functions. Download this
tool and extract the contents. Within the contents, you will find instructions about how to install
and use the tool. For more information about this tool, read this blog: Check your JavaScript code
to prepare for your upgrade.
Delete connections to enable use of access teams
To be able to add users who have opportunity connections to access teams, the connections
must be deleted before you upgrade. If there are connections in your existing Microsoft
Dynamics CRM deployment configured between Opportunity and User entities, you should
delete them before you upgrade. Deleting these connections will let you add those users to
teams that use the Access team type, typically used for team selling. After the upgrade is
complete you can re-create the prior connections and, if needed, add those users to access
teams. For more information about access teams, see About team templates in the Customer
Center.
132
To find all opportunity and user connections, start Advanced Find and set the following query.
1. In the Look for list select Connections.
2. Click or tap Select and then click or tap Connected From (Opportunity)
3. Click or tap Select and then click or tap Connected To (User)
4. Click or tap Results.
Changes to duplicate detection
To facilite auto-save on forms, duplicate detection during create and update operations will not
be supported in the forms for Microsoft Dynamics CRM updated user interface entities. For
more information, see Duplicate Detection during Record Create and Update Operations Not
Supported. You can find sample code for adding this support to your forms in the Microsoft
Dynamics CRM SDK download package.
Microsoft Lync presence not supported in some areas
Microsoft Lync presence will not be supported on the updated user interface entity forms and in
Activity Feeds. Lync will be present in grids and subgrids.
Update your customizations for the new user interface
After the upgrade, supported customizations to menus and forms from your previous version
will continue to work, though they may appear slightly different to simplify the transition to the
new user experience. The forms for entities that are updated to the new user interface have a
similar layout as the Microsoft Dynamics CRM 2011 forms. To display the forms in the new
layout, system customizers can edit each new form and choose Bring in another form from the
ribbon. For more information, see Upgrading Forms.
See Also
Upgrading from Microsoft Dynamics CRM 4.0
Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics
Upgrade the Microsoft Dynamics CRM Deployment
Microsoft Dynamics CRM 2013 presents a significant advancement in features and functionality
from Microsoft Dynamics CRM 2011. As such, existing features, solutions, and extensions may
133
be affected as a result of the upgrade. This topic provides a best practices process to minimize
downtime while helping determine issues that may occur as a result of the upgrade.
In This Topic
The upgrade process
Prepare to upgrade
Establish the test environment
Upgrade and validate the test environment
What to do when you cannot successfully upgrade or migrate?
The upgrade process
The Microsoft Dynamics CRM Server upgrade process can be distilled down into four main
areas:
1. Prepare to upgrade.
2. Establish a test environment.
3. Upgrade and validate the test environment.
4. Upgrade and validate the production site.
There are two separate environments as part of the upgrade process:
 Test environment. The test environment represents a restricted deployment of Microsoft
Dynamics CRM that is used to validate the upgrade. The test environment must mirror the
production environment as closely as possible whereby there are substantial similarities in
hardware (processor, disk, memory, and so on), technology platform (Windows Server, SQL
Server, and so on), topology (1-server, 2-server, 5-server, and so on) and data Microsoft
Dynamics CRM databases). To create an appropriate environment for testing, it may require
setting up Windows Network Load Balancing (NLB) or clustering, installing and configuring
Microsoft Dynamics CRM components and applications, such as Email Router, workflows,
customizations, and connectors, as well as installing any additional add-ons, plug-ins, or
solutions particular to the deployment. Establishing a test environment that is running and
configured wholly or in part by using virtualization technology, such as Windows Server
Hyper-V, can greatly facilitate this process. In this test environment, the administrator
performs the upgrade, optimizes for performance, may introduce upgraded code, and tests
that the system is running well.
 Production deployment. This deployment represents the deployment of Microsoft
Dynamics CRM that is used by all Microsoft Dynamics CRM users in the organization. In the
134
production deployment, the upgrade is performed, and the administrator may use
strategies that optimize upgrade performance. The upgrade administrator may move
upgraded code from the development or test environment to the production environment.
The administrator then brings the production environment online, validates that the system
is running well, and deploys CRM for Outlook for users as needed.
Prepare to upgrade
Make sure you have enough staff, resources, and time to dedicate to the upgrade. As part of this
phase, you must determine who will be involved in the upgrade, designate the test deployment
hardware and software that will be used to validate the upgrade, and plan for potential failures.
You should also assess the current production environment for upgrade suitability. This requires
reviewing the Microsoft Dynamics CRM 2013 documentation.
Important
Only Microsoft Dynamics CRM Server 2011 with at least Microsoft Dynamics CRM 2011
Update Rollup 14 (recommended) or Microsoft Dynamics CRM 2011 Update Rollup 6
can be upgraded to Microsoft Dynamics CRM Server 2013.
Additionally, you must determine the acceptance criteria that will be used to decide whether to
go forward with the production upgrade.
Tip
Microsoft Dynamics Sure Step is available to Microsoft Dynamics Partners to help
reduce risk and guide you through the tasks associated with deployment and
configuration of Microsoft Dynamics solutions. For more information about Microsoft
Dynamics Sure Step, including training, methodology, and tool downloads, visit the
PartnerSource website.
Determine the upgrade strategy
To determine the upgrade strategy, you need to answer the following questions:
 What will be upgraded? Upgrading the Microsoft Dynamics CRM server may require that
you upgrade platform components such as Windows Server or SQL Server. It will also
require that other Microsoft Dynamics CRM applications such as CRM for Outlook and Email
Router be upgraded.
 When? What is the timeline for the upgrade?
 How? For example, will you upgrade in-place or will you migrate to new hardware before
the upgrade? This should also include how the upgrade will be rolled out. Who will validate
the upgrade? Will there be a pilot or phased rollout? Based on the outcome of the test
upgrade you may need to modify or mitigate your strategy and perform corrective actions
135
to ensure functionality. For example, if some workflows cannot be upgraded, you must plan
to re-create those workflows and test them.
Plan for failure, backup, and recovery
Some components, such as custom reports, workflows, custom JavaScript, or third-party
extensions may cause the upgrade to fail or not function correctly. These items should be
documented and a contingency plan be established for each issue. Additionally, custom
JavaScript and third-party extensions may need to be removed before the upgrade.
Therefore, you must be prepared to quickly and completely rollback the system. If you will
recover from any scenario, you must back up all needed information and store a copy offsite. A
backup plan should be created and rehearsed for all Microsoft Dynamics CRM components and
services to make sure that, if a failure occurs, the maximum amount of data is recoverable. To
understand the failure-recovery procedures, you must examine several different scenarios to
learn how restoration occurs in each case.
For more information about how to back up or recover Microsoft Dynamics CRM data, see Data
protection and recovery.
Review appropriate planning and prerequisite documentation
Product documentation is instrumental in helping you scope the amount of preparation
required before you upgrade. The documentation to review should include:
 Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online Readme
 This guide and the Installing Guide for Microsoft Dynamics CRM 2013, which are part of the
Microsoft Dynamics CRM 2013 Implementation Guide. Of particular importance are the
Upgrading from Microsoft Dynamics CRM 2011, Microsoft Dynamics CRM 2013 system requirements
and required technologies, and Microsoft Dynamics CRM 2013 supported configurations topics.
 Also, if you will be installing additional components, such as CRM for Outlook or Microsoft
Dynamics CRM Email Router, download and review the following documents:
 Microsoft Dynamics CRM 2013 for Microsoft Office Outlook Readme
 Microsoft Dynamics CRM Email Router Readme
Ensure you have the latest technologies
For best results, verify that you have applied the latest service packs and update rollups not only
for Microsoft Dynamics CRM but for other dependent technologies such as Windows Server,
SQL Server, and Exchange Server.
Determine an upgrade plan and checklists
136
In this task you will determine how to evaluate the overall functionality and production
readiness of the upgraded environment. The purpose of these tasks is to validate a production
ready and fully operational system suitable for rolling out to the user base.
Use the following steps as a checklist for the tasks that are required leading up to the
production upgrade or "go-live" day.
Verify that the system is functional after the upgrade by performing these basic tests:
 Review the Setup log files for issues that may have occurred during the upgrade. By default,
Setup creates these files in the C:\Documents and Settings\<username>\Application
Data\Microsoft\MSCRM\Logs folder on the computer where Setup is run and where
<username> is the name of the user account who ran Setup.
 Review the Event Viewer log files. Microsoft Dynamics CRM Server 2013 events are
recorded under the sources that begin with MSCRM in Event Viewer.
 Start Deployment Manager and verify that all Microsoft Dynamics CRM servers are enabled
and that the default organization is enabled. Depending on whether you migrated or
performed an in-place upgrade, additional Microsoft Dynamics CRM 2011 organizations are
upgraded by using the Import Organization Wizard or the Upgrade Organization Wizard in
Deployment Manager.
 Start Internet Explorer and connect to the Microsoft Dynamics CRM server. After you have
performed the previous tasks, perform a user acceptance test. The following is an example
of some of the features to test in a typical organization:
 Validate reports against previous version reports.
 Print reports in Microsoft Dynamics CRM.
 Validate applicable data in the Microsoft Dynamics CRM system, such as creating,
editing, deleting, and promoting/converting records for the following entities:
 Accounts
 Contacts
 Opportunities
 Cases
 Activities
 Custom Entities
 Verify workflows against previous workflows. Update any workflow items affected by
configuration or data model modifications.
 Test all custom code, JavaScript, and custom reports (if applicable).
 Test all integration processes (if applicable).
137
 Test of third party applications or extensions.
Establish the test environment
We strongly recommend that you plan to run at least one test upgrade before you upgrade your
production environment. After you run a test upgrade, verify the product configuration by
performing operations that you would typically use in your production environment. For
example, for a service organization, you may want to create an e-mail activity related to a case,
and then verify the functionality by sending a test e-mail that contains text from an existing
case. If you receive any errors while you are using Microsoft Dynamics CRM in a test
environment, make sure that you resolve them before you upgrade your production
environment.
Tip
Virtual machine software, such as Windows Server Hyper-V, can ease the deployment
time to establish the test environment as well as limit the amount of hardware
resources that are required to emulate the production deployment.
Determine which computers you will use, or, if you are using virtual machine technology, which
virtual machine you will use.
Migrate by using a new instance of SQL Server
We recommend this upgrade option because it lets you maintain a Microsoft Dynamics CRM
2011 deployment at the same time that a new Microsoft Dynamics CRM 2013 system is being
deployed. This reduces application down time as the new deployment can be installed,
organizations imported, and then verified without effecting the production Microsoft Dynamics
CRM 2011 deployment in the event of an issue.
Important
The Migrate by using a new instance of SQL Server option provides the least amount of
potential downtime in the event of an issue as the result of the upgraded deployment.
1. Establish a new instance of SQL Server. You can use an existing instance but it must not be
the same instance where the Microsoft Dynamics CRM 2011 configuration database is
located.
2. Run Microsoft Dynamics CRM Server 2013 Setup on a new 64-bit computer that does not
already have Microsoft Dynamics CRM Server 2011 installed.
3. Back up the production Microsoft Dynamics CRM 2011 configuration and organization
databases and restore them to the new instance of SQL Server.
4. Run the Import Organization Wizard to import one or more Microsoft Dynamics CRM 2011
organizations to the newly installed Microsoft Dynamics CRM 2013 system. During the
import, the Microsoft Dynamics CRM 2011 organization database will be upgraded.
138
5. If you have additional organizations or if you are using a new SQL Server for the migration,
you must import the organization databases to the new system. To do this, on the computer
where Microsoft Dynamics CRM Server 2013 is installed and running, start Microsoft
Dynamics CRM Deployment Manager, right-click Organizations, click Import Organization,
and then select the newly restored Microsoft Dynamics CRM 2011
OrganizationName_MSCRM database.
6. If customizations were made to .NET assemblies or configuration files, you must copy those
customized files to the new system. By default, these files are located under the
<drive>:\Program Files\Microsoft Dynamics CRM\Server\bin\assembly\ folder on the
existing Microsoft Dynamics CRM 2011 server.
Upgrade and validate the test environment
Verify the newly upgraded Microsoft Dynamics CRM 2013 environment for stability and
operation. This includes having a select set of users connect by using the Microsoft Dynamics
CRM web application and use the system to perform all normal day-to-day tasks. Make sure
workflows and reports are functioning correctly. Test that new features from the upgrade are
functioning as well.
Run acceptance criteria and checklists
Execute the previously mentioned tasks on the new deployment. Based on the tests, a decision
will be made to either implement or not implement the upgrade to the production
environment.
User acceptance testing
After the test checklist is completed and the quality of the tasks is within acceptable limits, user
acceptance testing can start. This involves a subset of all users and typically can involve key
users that carry out their normal day-to-day tasks against the system. These key users report
any issues or unexpected behavior to the Microsoft Dynamics CRM administration team for
action.
Go live
After user acceptance testing has successfully completed, bring the Microsoft Dynamics CRM
2013 server online. This may require removing the Microsoft Dynamics CRM 2011 server before
joining the Microsoft Dynamics CRM 2013 server to the domain, configuring the IIS bindings to
use the same bindings as the Microsoft Dynamics CRM 2011 website, and updating DNS records
as necessary to correctly resolve to the new Microsoft Dynamics CRM 2013 website.
139
What to do when you cannot successfully upgrade or
migrate?
If, after following the guidelines in this section, you cannot successfully upgrade the production
deployment or migrate, use the following resources to help resolve the issue.
Self support
 Use the Event Viewer to view events that can help you troubleshoot the issue. Microsoft
Dynamics CRM Server 2013 events are recorded under the sources that begin with MSCRM
in the Event Viewer.
 Turn on platform tracing. For instructions, see the tracing topics under Monitor and
troubleshoot Microsoft Dynamics CRM.
 Browse or search for knowledge base articles for Microsoft Dynamics CRM in the Microsoft
Dynamics CRM Solution Center.
 Visit the CustomerSource or the PartnerSource website.
Assisted support
Contact Microsoft Customer Support Services. For a complete list of Microsoft Customer
Support Services telephone numbers and information, visit the Microsoft Customer Support page.
Upgrade Microsoft Dynamics CRM for Outlook
Microsoft Dynamics CRM for Microsoft Office Outlook is a Microsoft Office Outlook add-in that
lets Microsoft Dynamics CRM users complete CRM tasks in the familiar Microsoft Outlook
environment.
In This Topic
Microsoft Dynamics CRM for Outlook upgrade requirements
Cross-architecture upgrade of Microsoft Dynamics CRM for Outlook
Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM 2013 Server
Microsoft Dynamics CRM for Outlook upgrade
requirements
A system capable of running Microsoft Dynamics CRM 2013 for Microsoft Office Outlook. For
the best performance when you run CRM 2013 for Outlook, make sure your PC is running 64-bit
Windows and Microsoft Office, has sufficient hard disk and RAM, and all the prerequisite
140
software, such as Microsoft Office and Internet Explorer. For information about the hardware
and software requirements for CRM 2013 for Outlook, see Microsoft Dynamics CRM 2013 for
Outlook hardware requirements and Microsoft Dynamics CRM 2013 for Outlook software requirements .
Make sure you have at least Microsoft Dynamics CRM 2011 Update Rollup 12 applied. Only
Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup
12 or later update rollup is compatible with Microsoft Dynamics CRM Server 2013.
Important
Although you can connect to Microsoft Dynamics CRM Server 2013 with Microsoft
Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12
or later update rollup, you cannot take data offline by using Go offline. To take data
offline, upgrade to CRM 2013 for Outlook.
Although Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM
2011 Update Rollup 6 is supported for upgrade to CRM 2013 for Outlook, Microsoft
Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 6 is
incompatible with Microsoft Dynamics CRM Server 2013.
All other Microsoft Dynamics CRM 2011 for Outlook update rollup versions are not
supported for upgrade.
Admin permission required. To install or upgrade CRM for Outlook, you must have local
administrator permission on the computer where you perform the installation or upgrade.
Base languages must match. To upgrade Microsoft Dynamics CRM 2011 for Outlook, the base
language of CRM 2013 for Outlook must match the base language of Microsoft Dynamics CRM
2011 for Outlook.
Cannot upgrade when you are in Go offline mode. You cannot upgrade Microsoft Dynamics
CRM 2011 for Outlook when it is in Go offline mode. You must bring Microsoft Dynamics CRM
2011 for Outlook online before you can upgrade to CRM 2013 for Outlook.
Upgrade is required to continue offline access after server upgrade. After the Microsoft
Dynamics CRM Server 2011 deployment has been upgraded to Microsoft Dynamics CRM Server
2013, users must upgrade to CRM 2013 for Outlook to continue accessing data offline (Go
offline). For example, a particular user runs Microsoft Dynamics CRM 2011 for Outlook and
accesses data offline. This user's organization is upgraded from Microsoft Dynamics CRM 2011
to Microsoft Dynamics CRM 2013. Although there now exists a client-server mismatch, users can
still connect to the server and access data online if they run Microsoft Dynamics CRM 2011 with
at least Microsoft Dynamics CRM 2011 Update Rollup 12. However, to go offline again, the user
must upgrade to CRM 2013 for Outlook.
141
Cross-architecture upgrade of Microsoft Dynamics CRM
for Outlook
If you intend to change to a different architecture (move from 32-bit to 64-bit) while upgrading,
note the following.
 In-place cross-architecture upgrade is not supported. If you are running Microsoft
Dynamics CRM 2011 for Outlook 32-bit, you can perform an in-place upgrade only to 32-bit
CRM 2013 for Outlook. This also applies to Microsoft Office: If you are running and intend to
retain a 32-bit version of Microsoft Office, you can upgrade only to 32-bit CRM 2013 for
Outlook.
 Cross-architecture upgrade requires uninstalling and reinstalling. If you have a 64-bit PC
running a 64-bit version of Microsoft Windows, you can change from 32-bit to 64-bit CRM
2013 for Outlook by performing the following steps in the order listed.
a. Make sure that your PC has a 64-bit version of Windows. How to determine whether a
computer is running a 32-bit version or 64-bit version of the Windows operating system.
b. Uninstall Microsoft Dynamics CRM 2011 for Outlook.
c. Uninstall Microsoft Office.
d. Install a 64-bit edition of Microsoft Office.
e. Install the 64-bit edition of CRM 2013 for Outlook.
For more information about installing CRM 2013 for Outlook, see Task 1: Install Microsoft
Dynamics CRM for Outlook.
Microsoft Dynamics CRM 2011 for Outlook compatibility
with Microsoft Dynamics CRM 2013 Server
Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup
12 or later update rollup is compatible with Microsoft Dynamics CRM Server 2013. This
compatibility eases the upgrade timeline to allow administrators to do a phased rollout without
work stoppages for Microsoft Dynamics CRM 2011 for Outlook users who have not been
upgraded to CRM 2013 for Outlook.
Important
Only Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011
Update Rollup 12 or a later update rollup is compatible with Microsoft Dynamics CRM
Server 2013.
142
See Also
Upgrading from Microsoft Dynamics CRM 2011
Before you upgrade: issues and considerations
Planning Deployment of Microsoft Dynamics CRM
2013 Advanced Topics
Before you plan a deployment of Microsoft Dynamics CRM for an enterprise business, such as
an Internet-facing deployment (IFD) or multi-organization deployment, read through the topics
referenced here.
In This Section
Advanced deployment options for Microsoft Dynamics CRM Server 2013
See Also
Planning Deployment of Microsoft Dynamics CRM 2013
Advanced deployment options for Microsoft Dynamics CRM for Outlook
Installing Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Advanced deployment options for Microsoft
Dynamics CRM Server 2013
This section describes advanced deployment options for Microsoft Dynamics CRM Server 2013.
Update Setup files by using a local package
The update Setup feature can indicate if you have the latest updates to Microsoft Dynamics
CRM before you run Setup. With this feature, you can specify where Setup locates the MSP
package that is applied to the Setup files. This gives you additional control over the update, and
also lets you apply the update package locally without the need of an Internet connection.
To specify the location, you must edit the XML configuration file <Patch> element and then run
Setup from the command prompt. For more information, see Use the Command Prompt to
Install Microsoft Dynamics CRM.
143
Add or remove server roles
Use one of the following options to install server roles:
 Run the Microsoft Dynamics CRM Server Setup Wizard to select one or more server role
groups or one or more individual server roles. If Microsoft Dynamics CRM Server 2011 is
already installed, you can use Programs and Features in Control Panel to add or remove
server roles. For more information, see Microsoft Dynamics CRM 2013 server roles.
 Configure an XML configuration file and then run Setup at the command prompt to specify a
server role group or one or more individual server roles. For more information, see Install
Microsoft Dynamics CRM Server 2013 roles.
Use Windows Powershell to perform deployment tasks
You can use Windows Powershell to perform many Microsoft Dynamics CRM deployment tasks.
For more information, see Administer the deployment using Windows PowerShell.
See Also
Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics
Configure a Microsoft Dynamics CRM Internet-facing deployment
Configure a Microsoft Dynamics CRM Internetfacing deployment
You can deploy Microsoft Dynamics CRM so that remote users can connect to the application
through the Internet. The following Internet-facing deployment (IFD) configurations are
supported:
 Microsoft Dynamics CRM for internal users only
 Microsoft Dynamics CRM for internal users and IFD access
 Microsoft Dynamics CRM for IFD-only access
Configuring an IFD enables access to Microsoft Dynamics CRM from the Internet, outside the
company firewall, without using a virtual private network (VPN) solution. Microsoft Dynamics
CRM configured for Internet access uses claims-based authentication to verify credentials of
external users. When you configure Microsoft Dynamics CRM for Internet access, integrated
Windows Authentication must remain in place for internal users.
144
To let users access the application over the Internet, the server that is running Internet
Information Services (IIS) where the Microsoft Dynamics CRM application is installed must be
available over the Internet.
For more information, see Accessing Microsoft Dynamics CRM from the Internet - Claims-based
authentication and IFD requirements.
In This Topic
About claims-based authentication
Internet-facing server best practices
Configure IFD
About claims-based authentication
The claims-based security model extends traditional authentication models to include other
directory sources that contain information about users. This identity federation lets users from
various sources, such as Active Directory Domain Services (AD DS), customers via the Internet,
or business partners, authenticate with native single sign-on.
The claims-based model has three components: the relying party, which needs the claim to
decide what it is going to do; the identity provider, which provides the claim; and the user, who
decides what if any information they want to provide. Microsoft provides a claims-based access
solution called Active Directory Federation Services (AD FS). AD FS enables Active Directory
Domain Services (AD DS) to be an identity provider in the claims-based access platform.
AD FS consists of the following components:
 AD FS Framework provides developers pre-built .NET security logic for building claims-aware
applications, enhancing either ASP.NET or WCF applications.
 Active Directory Federation Services (AD FS) is a security token service (STS) for issuing and
transforming claims, enabling federations, and managing user access. Active Directory
Federation Services (AD FS) supports the WS-Trust, WS-Federation, and Security Assertion
Markup Language (SAML) protocols. Active Directory Federation Services (AD FS) can also
issue manage information cards for AD DS users.
For more information about AD FS, see:
 Identity & Access
 Active Directory Federation Services Overview (Windows Server 2012 AD FS 2.1)
 Download AD FS 2.0 for Windows Server 2008: AD FS 2.0 RTW
145
Internet-facing server best practices
Implement a strong password policy
To reduce the risk of "brute-force attacks" we strongly recommend that you implement a strong
password policy for remote users who are accessing the domain where Microsoft Dynamics
CRM is installed. For more information about how to implement a strong password policy in
Windows Server, see Creating a Strong Password Policy on Microsoft TechNet and the
"Understanding User Accounts" topic in Active Directory Users and Computers Help.
Internet connection firewall
The Windows Server 2012 and Windows Server 2008 operating systems provide firewall
software to prevent unauthorized connections to the server from remote computers. For more
information about how to configure the Internet connection firewall for Internet Information
Services (IIS) Manager, see the IIS Help.
For information about how to make a Web site available on the Internet, see the "Domain Name
Resolution" topic in the IIS Help.
Proxy/firewall server
If you do not have a secure proxy and firewall solution on your network, we recommend that
you use a dedicated proxy and firewall server, such as Forefront Unified Access Gateway (UAG).
Forefront UAG can act as a gateway between the Internet and Microsoft Dynamics CRM Server.
Forefront UAG protects your IT infrastructure while providing users with fast and secure remote
access to applications and data. For more information, see Forefront Unified Access Gateway 2010.
Configure IFD
Use the following steps as configuration guidelines.
Step 1: Configure Microsoft Dynamics CRM Server 2013 for Internet
access
You can configure Microsoft Dynamics CRM Server 2013 for Internet access. To do this, run the
Configure Claims-Based Authentication Wizard, and then run the Internet-Facing Deployment
Configuration Wizard where Microsoft Dynamics CRM Server 2013 the Deployment
Administration Server role is installed. For more information, see the Deployment Manager
Help.
146
Step 2: Configure Microsoft Dynamics CRM for Outlook to connect to the
Microsoft Dynamics CRM Server 2013 by using the Internet
For Microsoft Dynamics CRM for Microsoft Office Outlook to be able to access the Microsoft
Dynamics CRM Server 2013 over the Internet, you must specify the external Web address that
will be used to access the Internet-facing Microsoft Dynamics CRM Server 2013. To do this, you
must install CRM for Outlook, and then run the Configuration Wizard. Then, during
configuration, type the external Web address in the External Web address box. If you install
server roles, this Web address must specify where the Discovery Web Service role is installed.
For more information about how to configure CRM for Outlook, see Task 2: Configure Microsoft
Dynamics CRM for Outlook.
See Also
Advanced deployment options for Microsoft Dynamics CRM Server 2013
Key management in Microsoft Dynamics CRM
Key management in Microsoft Dynamics CRM
To verify the identity of people and organizations, and to guarantee content integrity, Microsoft
Dynamics CRM generates digital certificates. These electronic credentials bind the identity of the
certificate owner to a pair of electronic keys (public and private) that can be used to digitally
encrypt and sign information. The credentials ensure that the keys actually belong to the person
or organization specified.
In This Topic
Key types
Key regeneration and renewal
Key-management logging
Key storage
How to encrypt Microsoft Dynamics CRM keys
Key types
Microsoft Dynamics CRM uses two kinds of private encryption keys for deployments accessed
over the Internet:
147
 Web remote procedure call (WRPC) token key. This key is used to generate a security
token, which helps make sure that the request originated from the user who made the
request. This security token decreases the likelihood of certain attacks, such as a cross-site
request forgery (one-click) attack.
 CRM e-mail credentials key. This key encrypts the credentials for the Email Router, an
optional component of Microsoft Dynamics CRM.
Key regeneration and renewal
CRM ticket keys are automatically generated and renewed and then distributed, or deployed, to
all computers running Microsoft Dynamics CRM or running a specific Microsoft Dynamics CRM
Server 2013 role. These keys are regenerated periodically and, in turn, replace the previous
keys. By default, key regeneration occurs every 24 hours.
Key-management logging
Microsoft Dynamics CRM records encryption-key events in the Application log. By using the
Event Viewer, you can filter on the Source column and look for MSCRMKeyServiceName entries,
where ServiceName is the key management service, such as MSCRMKeyArchiveManager or
MSCRMKeyGenerator.
Key storage
Cryptographic keys are stored in the Microsoft Dynamics CRM configuration database
(MSCRM_CONFIG).
Warning
By default, encryption keys are not stored in the configuration database in an encrypted
format. We strongly recommend that you specify encryption when you run Setup as
described below.
How to encrypt Microsoft Dynamics CRM keys
Before you run Microsoft Dynamics CRM Setup, you can add the <encryptionkeys> entry in the
XML configuration file, and then run Microsoft Dynamics CRM Server Setup at the command
prompt. During the installation, Setup creates a server master key and database master key,
which are used to encrypt Microsoft Dynamics CRM certificates.
For more information, see the <encryptionkeys> element in the Microsoft Dynamics CRM 2013
Server XML configuration file topic.
148
See Also
Advanced deployment options for Microsoft Dynamics CRM Server 2013
Multi-organization deployment
Multi-organization deployment
Deployment Manager is a Microsoft Management Console (MMC) snap-in that deployment
administrators can use to manage organizations, servers, and licenses for deployments of
Microsoft Dynamics CRM. Deployment Manager is installed with the Full Server, Deployment
Administration Server or Deployment Tools server roles.
In the Organizations area of the Deployment Manager, you import, create, update, enable,
disable, or remove organizations. For more information about organization management in
Microsoft Dynamics CRM, see the Deployment Manager Help.
Alternatively, you can perform Microsoft Dynamics CRM deployment tasks, such as organization
management, using Windows PowerShell. For more information about PowerShell, see
Administer the deployment using Windows PowerShell.
Important
There are several names that cannot be used to name an organization. To view a list of
reserved names, open the ReservedNames table in the MSCRM_CONFIG database, and
review the names in the ReservedName column or use the following SQL query.
USE MSCRM_CONFIG SELECT ReservedName FROM ReservedNames
See Also
Advanced deployment options for Microsoft Dynamics CRM Server 2013
Advanced deployment options for Microsoft Dynamics CRM for Outlook
Accessibility in Microsoft Dynamics CRM
Administrators and users who have administrative responsibilities typically use the Settings area
of the Microsoft Dynamics CRM web application to manage Microsoft Dynamics CRM Online. A
mouse and keyboard are the typical devices that administrators use to interact with the
application.
149
Users who don’t use a mouse can use a keyboard to navigate the user interface and complete
actions. The ability to use the keyboard in this way is a result of support for keyboard
interactions that a browser provides.
For more information, see the following Microsoft Dynamics CRM web application accessibility
topics:
 Use Keyboard Shortcuts
 Accessibility for People with Disabilities
Administrators and other users who have administrative responsibilities for on-premises
deployments of Microsoft Dynamics CRM 2013 also use Microsoft Dynamics CRM Deployment
Manager, a Microsoft Management Console (MMC) application, to manage on-premises
deployments of Microsoft Dynamics CRM Server 2013.
For more information, see the following Microsoft Management Console (MMC) accessibility
topics:
 Navigation in MMC Using the Keyboard and Mouse
 MMC Keyboard Shortcuts
Accessibility features in browsers
The following table contains links to documentation about web browser accessibility.
Browser
Documentation
Internet Explorer
Accessibility in Internet Explorer
Language Support and Accessibility Features
Mozilla Firefox
Accessibility features in Firefox
Apple Safari
Safari
Google Chrome
Accessibility Technical Documentation
See Also
Microsoft Accessibility Resource Center
150