Microsoft Dynamics CRM 2013 System Requirements Document

Microsoft Dynamics CRM 2013
Planning Guide
Version 6.0
This document is provided "as-is". Information and views expressed in this

document, including URL and other Internet Web site references, may change
without notice.
Some examples depicted herein are provided for illustration only and are
fictitious. No real association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual
property in any Microsoft product. You may copy and use this document for
your internal, reference purposes.
2013 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveX, Azure, BizTalk, JScript, Microsoft
Dynamics, Outlook, SharePoint, SQL Server, Visual Basic, Visual Studio,
Windows, Windows Server, and Windows Vista are trademarks of the
Microsoft group of companies. All other trademarks are property of their
respective owners.
Contents
Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics
CRM Online.................................................................................................. 12
In This Section............................................................................................. 12
Related Sections.......................................................................................... 12
Send us your comments about this document...............................................12
Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft
Dynamics CRM Online................................................................................. 13
Resources for planning Microsoft Dynamics CRM........................................13
Microsoft Dynamics SureStep...................................................................13
Manage your Microsoft Dynamics CRM Online subscription......................13
See Also....................................................................................................... 14
Microsoft Dynamics CRM editions and licensing.............................................14
Editions and licensing for on-premises deployments...................................14
Licensing................................................................................................... 14
Client Access License Types......................................................................14
Microsoft Dynamics CRM Online licensing...................................................15
See Also....................................................................................................... 15
What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online.......................................................................................................... 15
In This Topic................................................................................................. 15
Whats changed in this release?..................................................................16
New in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online....................................................................................................... 16
New Microsoft Dynamics CRM Online features............................................16
Expanded licensing plans.........................................................................16
New Microsoft Dynamics CRM 2013 (on-premises) features........................16
Volume Shadow Service (VSS) support.....................................................16
Server-side synchronization......................................................................16
Microsoft Dynamics CRM 2013 Best Practices Analyzer............................17
Defer the base and extension table merge as part of upgrade.................17
See Also....................................................................................................... 17
Microsoft Dynamics CRM 2013 system requirements and required
technologies................................................................................................ 17
In This Section.......................................................................................... 19
See Also....................................................................................................... 19
Microsoft Dynamics CRM Server 2013 hardware requirements......................19

See Also....................................................................................................... 20
Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM
Server 2013................................................................................................. 20
See Also....................................................................................................... 21
Software requirements for Microsoft Dynamics CRM Server 2013.................21
In This Topic................................................................................................. 21
Windows Server operating system..............................................................21
Supported Windows Server 2012 editions................................................22
Supported Windows Server 2008 editions................................................22
Server virtualization.................................................................................... 22
Active Directory modes............................................................................... 23
Internet Information Services (IIS)...............................................................23
SQL Server editions..................................................................................... 23
Accessing Microsoft Dynamics CRM from the Internet - Claims-based
authentication and IFD requirements.......................................................24
SQL Server Reporting Services....................................................................26
Software component prerequisites..............................................................27
Verify prerequisites...................................................................................... 27
See Also....................................................................................................... 28
Microsoft Dynamics CRM 2013 Reporting Extensions requirements...............28
In this topic.................................................................................................. 28
Microsoft Dynamics CRM Reporting Extensions general requirements.....29
Microsoft Dynamics CRM Reporting Authoring Extension General
Requirements......................................................................................... 29
See Also....................................................................................................... 30
SharePoint Document Management software requirements for Microsoft
Dynamics CRM 2013.................................................................................... 30
Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint....30
See Also....................................................................................................... 31
Lync and Office Communications Server integration with Microsoft Dynamics
CRM 2013.................................................................................................... 31
See Also....................................................................................................... 31
Microsoft Dynamics CRM 2013 Email Router hardware requirements............31
See Also....................................................................................................... 32
Microsoft Dynamics CRM 2013 Email Router software requirements.............32
In This Topic................................................................................................. 33
Exchange Server......................................................................................... 34
Messaging and transport protocols..............................................................34

Exchange Online.......................................................................................... 35
Additional Email Router software requirements...........................................35
See Also....................................................................................................... 35
Microsoft Dynamics CRM 2013 for Outlook hardware requirements..............35
See Also....................................................................................................... 36
Microsoft Dynamics CRM 2013 for Outlook software requirements................36
In this topic.................................................................................................. 37
Microsoft Dynamics CRM for Outlook software feature prerequisites..........37
Additional Microsoft Dynamics CRM for Outlook software requirements...38
Running Microsoft Dynamics CRM for Outlook on computers that have
multiple versions of Outlook installed....................................................39
See Also....................................................................................................... 39
Web application requirements for Microsoft Dynamics CRM 2013 web
application requirements............................................................................. 39
In This Topic................................................................................................. 39
Microsoft Dynamics CRM web application hardware requirements..............40
Supported versions of Internet Explorer......................................................40
Supported operating systems when you use Internet Explorer.................40
Supported versions of Internet Explorer...................................................41
Supported non-Internet Explorer web browsers..........................................41
Supported versions of Microsoft Office........................................................41
Printing reports............................................................................................ 42
See Also....................................................................................................... 42
Tablet support for Microsoft Dynamics CRM 2013 and CRM Online................42
In This Topic................................................................................................. 42
Windows 8................................................................................................... 43
Microsoft Dynamics CRM for Windows 8 minimum requirements.............43
Apple iPad.................................................................................................... 43
Microsoft Dynamics CRM for iPad minimum requirements........................44
Google Nexus.............................................................................................. 44
See Also....................................................................................................... 44
Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft
Dynamics CRM Online................................................................................. 44
In This Topic................................................................................................. 44
CRM phone apps.......................................................................................... 45
CRM for iPhones........................................................................................ 45
CRM for Android........................................................................................ 45
CRM for Windows Phone 8........................................................................45
BlackBerry................................................................................................ 45
CRM for phones........................................................................................... 46
See Also....................................................................................................... 46
64-bit supported configurations for Microsoft Dynamics CRM 2013...............46
See Also....................................................................................................... 47
Microsoft Dynamics CRM 2013 language support..........................................47
In This Topic................................................................................................. 47
Microsoft Dynamics CRM Server language requirements..........................47
Microsoft Dynamics CRM Server language examples...............................48
CRM phone app language support............................................................49
See Also....................................................................................................... 50
Planning Deployment of Microsoft Dynamics CRM 2013................................51
In This Section............................................................................................. 51
Prerequisites and considerations for planning your deployment of Microsoft
Dynamics CRM 2013.................................................................................... 52
See Also....................................................................................................... 52
Hardware requirements..................................................................................53
See Also....................................................................................................... 53
Software requirements...................................................................................53
See Also....................................................................................................... 54
Active Directory and network requirements for Microsoft Dynamics CRM 2013
.................................................................................................................... 54
Federation and claims-based authentication support..................................54
Active Directory Federation Services...........................................................54
Digital Certificates....................................................................................... 55
IPv6 Support................................................................................................ 56
See Also....................................................................................................... 56
SQL Server installation and configuration......................................................56
In This Section............................................................................................. 57
SQL Server requirements and recommendations for Microsoft Dynamics CRM
.................................................................................................................... 57
See Also....................................................................................................... 59
SQL Server deployment.................................................................................59
In This Topic................................................................................................. 59
SQL Server deployment considerations.......................................................60

Language locale collation and sort order.....................................................61
Disk configurations and file locations..........................................................61
SQL Server program file location.................................................................62
SQL Server data file location.......................................................................62
Specifying file paths..................................................................................63
Default-instance file path for program and data files...............................64
Microsoft Dynamics CRM database renaming considerations......................64
Organization database names..................................................................64
Organization database renaming..............................................................64
SQL Server transparent data encryption.....................................................65
See Also....................................................................................................... 65
Additional resources for SQL Server...............................................................65
See Also....................................................................................................... 66
Planning requirements for Microsoft SQL Server Reporting Services..............66
Microsoft Dynamics CRM Reporting Extensions requirements.....................67
See Also....................................................................................................... 68
Planning email integration............................................................................. 68
See Also....................................................................................................... 68
Microsoft Dynamics CRM Email Router...........................................................69
Email systems............................................................................................. 69
Network topology and email traffic.............................................................70
Avoid mailbox storage problems...............................................................70
See Also....................................................................................................... 71
E-mail message filtering and correlation........................................................71
Microsoft Dynamics CRM 2013 tracking tokens...........................................72
Tracking token structure........................................................................... 72
Smart matching........................................................................................... 73
See Also....................................................................................................... 74
Forward mailbox vs. individual mailboxes......................................................74
Forward mailbox monitoring........................................................................75
See Also....................................................................................................... 75
Microsoft Dynamics CRM user options...........................................................75
Incoming e-mail messaging options............................................................75
Outgoing e-mail messaging options............................................................76
See Also....................................................................................................... 76
Additional resources for Exchange Server......................................................76
See Also....................................................................................................... 77
Operating system and platform technology security considerations for
Microsoft Dynamics CRM 2013....................................................................77
In This Topic................................................................................................. 77
Securing Windows Server............................................................................77
Windows error reporting........................................................................... 78
Virus, malware, and identity protection....................................................78
Update management................................................................................78
Securing SQL Server.................................................................................... 79
Securing Exchange Server and Outlook......................................................80
Securing mobile devices..............................................................................80
See Also....................................................................................................... 81
Security considerations for Microsoft Dynamics CRM 2013............................81
In This Topic................................................................................................. 81
Minimum permissions required for Microsoft Dynamics CRM Setup and
services..................................................................................................... 81
Microsoft Dynamics CRM Server Setup.....................................................81
Services and CRMAppPool IIS application pool identity permissions.........82
Microsoft Dynamics CRM Sandbox Processing Service...........................82
Microsoft Dynamics CRM Asynchronous Processing Service and Microsoft
Dynamics CRM Asynchronous Processing Service (maintenance)
services............................................................................................... 82
Microsoft Dynamics CRM Monitoring Service.........................................83
Microsoft Dynamics CRM VSS Writer service..........................................83
Deployment Web Service (CRMDeploymentServiceAppPool Application
Pool identity)....................................................................................... 83
Application Service (CRMAppPool IIS Application Pool identity).............84
IIS Application Pool identities running under Kernel-Mode authentication
and SPNs............................................................................................. 85
What kind of service account should I choose?...........................................85
Microsoft Dynamics CRM installation files...................................................85
See Also....................................................................................................... 86
Security best practices for Microsoft Dynamics CRM......................................86
Service principal name management in Microsoft Dynamics CRM 2013.....87
See Also....................................................................................................... 88
Administration best practices for on-premises deployments of Microsoft
Dynamics CRM............................................................................................. 88
See Also....................................................................................................... 89
Network ports for Microsoft Dynamics CRM...................................................89
In This Topic................................................................................................. 89
Network ports for the Microsoft Dynamics CRM web application.................89
Network ports for the Asynchronous Service, Web Application Server, and
Sandbox Processing Service server roles..................................................91
Network ports for the Deployment Web Service server role........................91
Network ports that are used by the SQL Server that runs the SQL Server and
Microsoft Dynamics CRM Reporting Extensions server roles.....................91
See Also....................................................................................................... 93
Known risks and vulnerabilities......................................................................93
In This Topic................................................................................................. 93
Risks when users connect to CRM over an unsecured network...................93
Security recommendations on server role deployments..............................93
Anonymous authentication..........................................................................94
Isolate the HelpServer role for Internet-facing deployments.......................94
Claims-based authentication issues and limitations....................................95
Verify that the identity provider uses a strong password policy................95
AD FS federation server sessions are valid up to 8 hours even for
deactivated or deleted users..................................................................95
Secure the................................................................................................... 95
Outbound Internet calls from custom code executed by the Sandbox
Processing Service are enabled................................................................96
Secure server-to-server communication......................................................96
DNS rebinding attacks.................................................................................97
See Also....................................................................................................... 97
Microsoft Dynamics CRM standards compliance and certification..................97
Security standards compliance....................................................................97
FIPS 140-2 compliance.............................................................................. 97
Certification................................................................................................. 98
See Also....................................................................................................... 98
Microsoft Dynamics CRM 2013 supported configurations..............................98
Active Directory requirements.....................................................................98
Single-server deployment............................................................................99
See Also..................................................................................................... 100
Microsoft Dynamics CRM multiple-server deployment.................................100
Install server roles by running Microsoft Dynamics CRM Server Setup......100
Install server roles by running Microsoft Dynamics CRM Server 2013 at the
command prompt................................................................................. 100
Microsoft Dynamics CRM Server 2013 placement.....................................101
SQL Server and Active Directory domain controller placement.................101
See Also..................................................................................................... 101
Microsoft Dynamics CRM 2013 server roles.................................................101

In This Topic............................................................................................... 102
Available group server roles......................................................................102
Available individual server roles................................................................104
Scope definition......................................................................................... 107
Installation method definition....................................................................107
Microsoft Dynamics CRM Server role requirements...................................107
See Also..................................................................................................... 110
Support for Microsoft Dynamics CRM multiple-server topologies.................110
In This Topic............................................................................................... 110
Six-server topology....................................................................................110
Multi-forest and multi-domain with Internet access Active Directory topology
............................................................................................................... 111
See Also..................................................................................................... 113
Upgrading from Microsoft Dynamics CRM 2011...........................................113
In This Topic............................................................................................... 114
Recommended upgrade steps...................................................................114
Microsoft Dynamics CRM Server upgrade options.....................................114
Microsoft Dynamics CRM 2011 Server versions supported for upgrade....116
Microsoft Dynamics CRM 2011 for Outlook versions supported for upgrade
............................................................................................................... 116
Microsoft Dynamics CRM software and components not supported for inplace upgrade......................................................................................... 116
Upgrade product key.................................................................................117
User permissions and privileges................................................................117
Sharing a SQL Server................................................................................. 117
Tips for a successful upgrade....................................................................117
Maximum number of attributes exceeded..............................................117
Remove custom database objects..........................................................118
Remove the ignorechecks registry subkey..............................................118
If you are upgrading from Microsoft Dynamics CRM 2011 Update Rollup 6,
indexes will be added during upgrade.................................................118
Consider rescheduling base and extension table merge.........................118
Next steps................................................................................................. 118
See Also..................................................................................................... 119
Before you upgrade: issues and considerations...........................................119
In This Topic............................................................................................... 119
What has changed in supported products and technologies?....................119
End of support for outdated programmability features.............................119
Delete connections to enable use of access teams...................................120
Changes to duplicate detection.................................................................120

Microsoft Lync presence not supported in some areas..............................120
Update your customizations for the new user interface............................120
See Also..................................................................................................... 121
Upgrade the Microsoft Dynamics CRM Deployment.....................................121
In This Topic............................................................................................... 121
The upgrade process.................................................................................121
Prepare to upgrade.................................................................................... 122
Establish the test environment..................................................................124
Upgrade and validate the test environment..............................................125
What to do when you cannot successfully upgrade or migrate?...............126
Upgrade Microsoft Dynamics CRM for Outlook.............................................126
In This Topic............................................................................................... 127
Microsoft Dynamics CRM for Outlook upgrade requirements....................127
Cross-architecture upgrade of Microsoft Dynamics CRM for Outlook.........128
Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft
Dynamics CRM 2013 Server....................................................................128
See Also..................................................................................................... 129
Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics...129
In This Section........................................................................................... 129
See Also..................................................................................................... 129
Advanced deployment options for Microsoft Dynamics CRM Server 2013. . .129
Update Setup files by using a local package.............................................129
Add or remove server roles.......................................................................130
Use Windows Powershell to perform deployment tasks.............................130
See Also..................................................................................................... 130
Configure a Microsoft Dynamics CRM Internet-facing deployment...............130
In This Topic............................................................................................... 131
About claims-based authentication...........................................................131
Internet-facing server best practices.........................................................132
Implement a strong password policy......................................................132
Internet connection firewall....................................................................132
Proxy/firewall server............................................................................... 132
Configure IFD............................................................................................. 132
Step 1: Configure Microsoft Dynamics CRM Server 2013 for Internet access
............................................................................................................. 132
Step 2: Configure Microsoft Dynamics CRM for Outlook to connect to the
Microsoft Dynamics CRM Server 2013 by using the Internet................133
See Also..................................................................................................... 133
Key management in Microsoft Dynamics CRM.............................................133

In This Topic............................................................................................... 133
Key types................................................................................................... 133
Key regeneration and renewal...................................................................134
Key-management logging..........................................................................134
Key storage............................................................................................... 134
How to encrypt Microsoft Dynamics CRM keys..........................................134
See Also..................................................................................................... 134
Multi-organization deployment.....................................................................135
See Also..................................................................................................... 135
Accessibility in Microsoft Dynamics CRM......................................................135
Accessibility features in browsers..............................................................136
See Also..................................................................................................... 136
Planning Guide for Microsoft

Dynamics CRM 2013 and Microsoft
Dynamics CRM Online
IT Pros and CRM administrators can use the resources and topics in this guide
to help them plan an on-premises deployment of Microsoft Dynamics CRM
2013 and to help in planning to use Microsoft Dynamics CRM Online.
In This Section
Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics
CRM Online
Microsoft Dynamics CRM editions and licensing
What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
Microsoft Dynamics CRM 2013 system requirements and required technologies
Planning Deployment of Microsoft Dynamics CRM 2013
Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics
Related Sections
Installing Guide for Microsoft Dynamics CRM 2013 and Microsoft
Dynamics CRM Online
Administration Guide for Microsoft Dynamics CRM 2013 and
Microsoft Dynamics CRM Online
Operating Guide for Microsoft Dynamics CRM 2013 (on-premises)
Customization Guide for Microsoft Dynamics CRM 2013 and Microsoft
Dynamics CRM Online
Report Writers Guide for Microsoft Dynamics CRM 2013 and
24
Send us your comments about this

document
If you have a question or comment about this document, click to send an email message to the Microsoft Dynamics CRM content team.
If your question is about Microsoft Dynamics CRM products, and not about the
content of this book, search the Microsoft Help and Support Center or the
Microsoft Knowledge Base.
Planning Your Deployment of

Microsoft Dynamics CRM 2013 and
For larger organizations, planning Microsoft Dynamics CRM 2013 or Microsoft
Dynamics CRM Online, like any enterprise-wide software, is a significant task.
This guide is written for the team of people responsible for planning Microsoft
Dynamics CRM, and provides information and tools that are needed to design
a successful implementation. In smaller organizations, several roles may be
filled by one person. In larger organizations, each role may be divided among
several people. These roles include the following:
Business managers. Responsible for determining how your business will use Microsoft Dynamics
CRM. This includes mapping your processes to Microsoft Dynamics CRM, deciding on default values,
and identifying any required customizations.
Customization technical staff. Responsible for implementing the planned customizations.
Network technical staff. Responsible for determining how Microsoft Dynamics CRM will be
deployed on the network and how users will access the system.
Project manager. Responsible for managing an enterprise-wide implementation project.
Organizations that implement Microsoft Dynamics CRM software may use the
services of an independent software vendor (ISV) or value-added reseller, a
consultant, or other organization that is partnered with Microsoft and will help
you with implementing and maintaining your Microsoft Dynamics CRM
installation. Because of this assumption, there may be references in this
guide to these "partners" who are expected to provide services to you.
25
Resources for planning Microsoft

Dynamics CRM
These resources are available to help you plan a deployment of Microsoft
Dynamics CRM 2013 or Microsoft Dynamics CRM Online.
Microsoft Dynamics SureStep

Microsoft Dynamics Sure Step is a full customer lifecycle methodology for all
Microsoft Dynamics solutions, providing the Microsoft ecosystem with
comprehensive sales through delivery guidance, project management
discipline alignment and field-driven best practices. Microsoft Dynamics Sure
Step is designed for Microsoft Dynamics Partners to successfully and reliably
complete customer projects on time and on budget. More information:
Microsoft Dynamics CRM Sure Step Guide
Manage your Microsoft Dynamics CRM Online

subscription
If youre an administrator who needs to plan and implement Microsoft
Dynamics CRM Online in your organization, the Manage your Microsoft Dynamics
CRM Online subscription is designed for you. The guide also helps other users to
ramp up with Microsoft Dynamics CRM Online.
See Also
Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online
Microsoft Dynamics CRM editions and

licensing
Microsoft Dynamics CRM offers licensing options that cover implementations
for small, to mid-level, to even very large organizations.
Editions and licensing for on-premises

deployments
Microsoft Dynamics CRM Server 2013. There is no user limit for this edition. Additional features
include support for multiple organizations, multiple server instances, and separate role-based service
26
installation. Role-based services let you increase performance by installing component services on
different computers. Users of the Professional edition can be granted full access to all features and
customization areas.
Microsoft Dynamics CRM Workgroup Server 2013. This edition is limited to five, or fewer, users.
This version is limited to a single organization and a single computer that is running Microsoft
Dynamics CRM 2013. Users of the Basic edition have the same access as the Essential edition, plus
they can be granted access to accounts, contacts, cases, leads, reporting, personal dashboards, and
visualizations.
Licensing
A Microsoft Dynamics CRM deployment operates by using a single product
key. However, each Microsoft Dynamics CRM Server in a Microsoft Dynamics
CRM 2013 deployment requires a server license. Only the Microsoft Dynamics
CRM Server 2013 edition is licensed for multiple Microsoft Dynamics CRM
2013 servers or server roles in a deployment. Microsoft Dynamics CRM
Workgroup Server 2013 edition is limited to running on a single server in a
deployment.
You can view and upgrade a license in Deployment Manager. Deployment
Manager is a Microsoft Management Console (MMC) snap-in that system
administrators can use to manage organizations, servers, and licenses for
deployments of Microsoft Dynamics CRM.
Client Access License Types

You can view and modify client access license types for each user in the
Users area of the Settings area in the Microsoft Dynamics CRM web client.
For more information about Microsoft Dynamics CRM 2013 licensing, see How
to buy Microsoft Dynamics.
You can view and upgrade a license in Deployment Manager. Deployment
Manager is a Microsoft Management Console (MMC) snap-in that deployment
administrators can use to manage organizations, servers, and licenses for
Microsoft Dynamics CRM Online licensing

With Microsoft Dynamics CRM Online, you get powerful CRM capabilities and
features delivered as a cloud service from Microsoft, providing instant-on,
anywhere access, and predictable pay-as-you-go pricing. Licensing plans for
Microsoft Dynamics CRM Online determine the amount of features and
functionality users need and is licensed using a subscription.
27
Microsoft Dynamics CRM Online Essential. Users who have the Essential subscription can be
granted access to the system entities, custom entities, activities, Activity Feeds, and access by using the
Microsoft Dynamics CRM SDK.
Microsoft Dynamics CRM Online Basic. Users who have the Basic subscription have the same
access as the Essential USL plus can be granted access to accounts, contacts, cases, leads, reporting,
personal dashboards and visualizations.
Microsoft Dynamics CRM Online Professional. Users of who have the Professional subscription can
be granted full access to all features and customization areas of Microsoft Dynamics CRM.
For more information, see Microsoft Dynamics CRM Online Licensing Guidelines.
See Also
Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics
CRM Online
What's new in Microsoft Dynamics

CRM 2013 and Microsoft Dynamics
CRM Online
Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online include
several new features that offer flexibility, scalability, and ease of use.
In This Topic
Whats changed in this release?
New in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online
New Microsoft Dynamics CRM Online features
New Microsoft Dynamics CRM 2013 (on-premises) features
Whats changed in this release?

In support of the latest technologies and in compliance with the Microsoft
Support Lifecycle, obsolete platform products and technologies will no longer
be supported in Microsoft Dynamics CRM 2013. More information: Whats
changing in the next major release
28
New in both Microsoft Dynamics CRM

2013 and Microsoft Dynamics CRM Online
Some new features included with Microsoft Dynamics CRM 2013 and
Microsoft Dynamics CRM Online are the following:
Improved user interface. Much of the user interface has been improved to provide better touch
support, drive efficiencies, and minimize the number of window popups.
Database encryption. Organization database encryption is enabled for a set of default entity attributes
that contain sensitive information, such as user names and email passwords. This feature can help
organizations meet FIPS 140-2 compliance. Encryption keys can be viewed and changed in Microsoft
Dynamics CRM. More information: Data Encryption
New Microsoft Dynamics CRM Online

features
This section lists the new features available with the Microsoft Dynamics CRM
Online Fall 13 release.
Expanded licensing plans

Microsoft Dynamics CRM Online brings to the online customers a new multitiered licensing model that has already been successfully used by the onpremises customers. More information: Microsoft Dynamics CRM editions and
licensing
New Microsoft Dynamics CRM 2013 (onpremises) features

This section lists new features available with Microsoft Dynamics CRM 2013
(on-premises).
Volume Shadow Service (VSS) support

The Volume Shadow Service (VSS) Writer service provides support for Data
Protection Manager to simplify data backup and recovery. More information:
Microsoft Dynamics CRM 2013 VSS Writer
Server-side synchronization
Server-side synchronization provides server-to-server synchronization of
email messages, tasks, contacts, and appointments between Microsoft
Dynamics CRM 2013 and Microsoft Exchange Server or POP3/SMTP email
29
systems. To use this functionality you dont have to install and maintain a
separate application. More information: Introducing Server-Side
Synchronization
Microsoft Dynamics CRM 2013 Best Practices Analyzer

The Microsoft Dynamics CRM 2013 Best Practices Analyzer is a diagnostic tool
that gathers information from installed Microsoft Dynamics CRM 2013 server
roles and builds a report of best practices and recommended solutions based
on the existing deployment. More information: Microsoft Dynamics CRM
2013 Best Practices Analyzer (BPA)
Defer the base and extension table merge as part of

upgrade
As part of the upgrade from Microsoft Dynamics CRM 2011 to Microsoft
Dynamics CRM 2013, all organization databases will have the
entitynameBase and entitynameExtensionBase tables merged into a single
entitynameBase table. Reducing the number of tables in the organization
database can improve overall performance of transactional operations in
CRM.
However, for enterprise customers with organization databases having large
and complex customizations or solutions, the table merge may take several
hours to complete. You can perform the merge as a separate operation to
reduce application downtime caused by the upgrade. More information: Run
the Base and Extension table merge as a separate operation
See Also
Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online
What's new for administrators in Microsoft Dynamics CRM 2013 and

CRM Online
What's new for customization
30
Microsoft Dynamics CRM 2013 system

requirements and required
technologies
Microsoft Dynamics CRM Online reduces the system requirements of
traditional on-premises deployments by operating all the infrastructure and
platform essentials in the cloud. At a glance, the minimum software
requirements for users and administrators of Microsoft Dynamics CRM Online
includes the following:
Windows operating system when you use CRM for Outlook. Apple Mac, when running Apple Safari,
supported tablet, or mobile device.
Supported web browser, such as later versions of Internet Explorer or the latest versions of Apple
Safari, Google Chrome and Mozilla Firefox.
Microsoft Office Outlook (optional).
Microsoft Dynamics CRM 2013 on-premises versions have a much larger

requirement for both hardware and software than Microsoft Dynamics CRM
Online. Microsoft Dynamics CRM 2013 on-premises versions require the
software listed previously plus the following software:
Microsoft Windows Server
A Microsoft Windows Server Active Directory infrastructure
An Internet Information Services (IIS) website
Microsoft SQL Server 2008 or Microsoft SQL Server 2012
Microsoft SQL Server 2008 Reporting Services or Microsoft SQL Server 2012 Reporting Services
Microsoft Exchange Server or access to a POP3-compliant email server (optional)
SharePoint Server (required for document management)
Claims-based security token service (required for Internet-facing deployments)
Windows operating system when you use CRM for Outlook. Apple Mac, when running Apple Safari,
supported tablet, or mobile device.
Supported web browser, such as later versions of Internet Explorer or the latest versions of Apple
Safari, Google Chrome and Mozilla Firefox.
Microsoft Office Outlook (optional).
31
Note
For detailed hardare and software requirements or specific product
versions and service pack levels that are supported, see the links in In
this Section later in this topic.
Important
Typically, Microsoft Dynamics CRM applications support the latest
version and service pack (SP) for all required components, such as
Windows Server, Microsoft SQL Server, and Microsoft Office. However,
to fully support the latest version of a required component, you should
apply the latest update for Microsoft Dynamics CRM. For information
about the latest update, see Microsoft Dynamics CRM 2013 updates and
hotfixes.
For the compatibility status of the required or optional components
that are updated, see Microsoft Dynamics CRM Compatibility List.
Microsoft Dynamics CRM 2013 matches the support policy for all
dependent products and technologies, such as Microsoft Office or
Microsoft Exchange Server. For example, mainstream support for
Microsoft Office 2010 ends 10/13/2015; therefore mainstream support
for CRM for Outlook running on Microsoft Office 2010 also ends on that
date. For more information, see Select a Product for Lifecycle Information.
Before you install Microsoft Dynamics CRM 2013, review the following topics,
which provide detailed information about the products and technologies that
are required or optional for Microsoft Dynamics CRM 2013.
In This Section
Microsoft Dynamics CRM Server 2013 hardware requirements
Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server
2013
Software requirements for Microsoft Dynamics CRM Server 2013
Microsoft Dynamics CRM 2013 Reporting Extensions requirements
SharePoint Document Management software requirements for Microsoft Dynamics
CRM 2013
Lync and Office Communications Server integration with Microsoft Dynamics CRM
2013
32
Microsoft Dynamics CRM 2013 Email Router hardware requirements

Microsoft Dynamics CRM 2013 Email Router software requirements
Microsoft Dynamics CRM 2013 for Outlook hardware requirements
Microsoft Dynamics CRM 2013 for Outlook software requirements
Web application requirements for Microsoft Dynamics CRM 2013 web application
requirements
64-bit supported configurations for Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 language support
See Also
Microsoft Dynamics CRM Server 2013

hardware requirements
The following table lists the minimum and recommended hardware
requirements for Microsoft Dynamics CRM Server 2013 running in a Full
Server configuration. These requirements assume that additional components
such as Microsoft SQL Server, Microsoft SQL Server Reporting Services,
SharePoint, or Microsoft Exchange Server arent installed or running on the
system.
Component
*Minimum
*Recommended
Processor
x64 architecture or compatible dual-core 1.5

GHz processor
Quad-core x64 arc

higher such as AM
systems
Memory
2-GB RAM
10 GB of available hard disk space
8-GB RAM or more

40 GB or more of a
Hard disk
Note
Computers with more than 16GB of
RAM will require more disk space for
Note
Computers with
RAM will requir
33
paging, hibernation, and dump files.
paging, hiberna
* Actual requirements and product functionality may vary based on your

system configuration and operating system.
Running Microsoft Dynamics CRM on a computer that has less than the
recommended requirements may result in inadequate performance.
The minimum and recommended requirements are based on 320-user load
simulation tests.
See Also
2013
Microsoft SQL Server hardware

requirements for Microsoft Dynamics
CRM Server 2013
Microsoft SQL Server database engine and Microsoft SQL Server Reporting
Services are required to install and run on-premises versions of Microsoft
Dynamics CRM 2013. The following table lists the minimum and
recommended hardware requirements for Microsoft SQL Server. These
requirements assume that additional components such as Microsoft Dynamics
CRM 2013, Microsoft SQL Server Reporting Services, SharePoint, or Microsoft
Exchange Server arent installed or running on the system.
Component
*Minimum
*Recommended
Processor
x64 architecture or compatible dual-core

1.5 GHz processor
Quad-core x64 arc

higher such as AM
systems
Memory
4-GB RAM
16-GB RAM or mo
Hard disk
SAS RAID 5 or RAID 10 hard disk array
SAS RAID 5 or RA
34
* Actual requirements and product functionality may vary based on your

Maintaining Microsoft Dynamics CRM databases on a computer that has less
than the recommended requirements may result in inadequate performance.
The minimum and recommended requirements are based on 320-user load
simulation tests.
See Also
Software requirements for Microsoft

Dynamics CRM Server 2013
This section lists the software and application requirements for Microsoft
Dynamics CRM Server 2013.
In This Topic
Windows Server operating system
Supported Windows Server 2012 editions
Server virtualization
Active Directory modes
Internet Information Services (IIS)
SQL Server editions
Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication
and IFD requirements
SQL Server Reporting Services
Software component prerequisites
Verify prerequisites
35
Windows Server operating system

Microsoft Dynamics CRM Server 2013 can be installed only on Windows
Server 2008 or Windows Server 2012 64-bit-based computers. The specific
versions and editions of Windows Server that are supported for installing and
running Microsoft Dynamics CRM Server 2013 are listed in the following
sections.
Important
The Windows Server 2003 family of operating systems arent supported for installing and running
Microsoft Dynamics CRM Server 2013.
Microsoft Windows Small Business Server editions arent supported for installing and running

The following editions of the Windows Server 2012 operating system are
supported for installing and running Microsoft Dynamics CRM Server 2013:
Windows Server 2012 Datacenter
Windows Server 2012 Standard
Important
Windows Server 2012 R2 is currently not supported with this release of

The following editions of the Windows Server 2008 operating system are
supported for installing and running Microsoft Dynamics CRM Server 2013:
Windows Server 2008 Standard SP2 (x64 versions) or Windows Server 2008 Standard R2 SP1
Windows Server 2008 Enterprise SP2 (x64 versions) or Windows Server 2008 Enterprise R2 SP1
Windows Server 2008 Datacenter SP2 (x64 versions) or Windows Server 2008 Datacenter R2 SP1
Windows Web Server 2008 SP2 (x64 versions) or Windows Web Server 2008 R2 SP1
Important
Windows Server 2008 installed by using the Server Core installation option is not supported for
installing and running Microsoft Dynamics CRM 2013 Server.
Windows Server 2008 for Itanium-based systems isnt supported for installing and running Microsoft
36
Server virtualization
Microsoft Dynamics CRM servers can be deployed in a virtualized
environment by using Windows Server 2008 or Windows Server 2012 with
Hyper-V or virtualization solutions from vendors who participate in the
Microsoft Windows Server Virtualization Validation Program (SVVP). You must
understand the limitations and best practices of server virtualization before
you try to virtualize your installation of Microsoft Dynamics CRM. For
information about Hyper-V, see the Microsoft Virtualization website.
Active Directory modes

The computer that Microsoft Dynamics CRM Server 2013 is running on must
be a member in a domain that is running in one of the following Active
Directory directory service forest and domain functional levels:
Windows Server 2003 Interim
Windows Server 2003 Native
Windows Server 2012
For more information about Active Directory domain and forest functional
levels, see the Active Directory Domains and Trusts Microsoft Management
Console (MMC) snap-in Help.
Important
The computer that Microsoft Dynamics CRM is running on shouldnt function as an Active Directory
domain controller.
When you use the Add Users Wizard, only users from trusted domains in the current forest will be
displayed. Users from trusted external forests arent supported and dont appear in the wizard.
Installing Microsoft Dynamics CRM 2013 Server in an LDAP directory that is running in Active
Directory Application Mode (ADAM) is not supported.
Internet Information Services (IIS)

Microsoft Dynamics CRM Server 2013 supports Internet Information Services
(IIS) versions 7, 7.5, and 8.0.
We recommend that you install and run IIS in Native Mode before you install
Microsoft Dynamics CRM Server 2013. However, if IIS is not installed and it is
37
required for a Microsoft Dynamics CRM server role, Microsoft Dynamics CRM
Server Setup will install it.
Important
Microsoft Dynamics CRM cant use a website that has more than one
http or https binding. Although IIS supports multiple http and https
bindings, there is a limitation in using additional bindings with Windows
Communication Foundation (WCF). WCF is required when you use CRM
for Outlook. Before you install or upgrade, you must remove the
additional bindings from the Web site used for Microsoft Dynamics CRM
or select a different Web site.
SQL Server editions

Any one of the following Microsoft SQL Server editions is required and must
be installed on Windows Server 2008 (x64 SP2 or R2) versions or Windows
Server 2012 64-bit-based computers, running, and available for Microsoft
Dynamics CRM:
Microsoft SQL Server 2008, Standard Edition, x64 SP3 or R2 SP2
Microsoft SQL Server 2008, Enterprise Edition, x64 SP3 or R2 SP2
Microsoft SQL Server 2008 Datacenter x64 SP3 or R2 SP2
Microsoft SQL Server 2008 Developer x64 SP3 or R2 SP2 (for non-production environments only)
Microsoft SQL Server 2012, Enterprise, 64-bit SP1
Microsoft SQL Server 2012, Business Intelligence, 64-bit SP1
Microsoft SQL Server 2012, Standard, 64-bit SP1
Important
32-bit versions of Microsoft SQL Server 2008 or Microsoft SQL Server 2012 database engine are not
supported for this version of Microsoft Dynamics CRM.
Microsoft SQL Server 2008 Workgroup, Web, Compact, or Microsoft SQL Server 2008 Express
Edition editions are not supported for use with Microsoft Dynamics CRM 2013 Server.
Microsoft SQL Server 2000 and Microsoft SQL Server 2005 editions and are not supported for this
version of Microsoft Dynamics CRM.
Running 64-bit Microsoft SQL Server 2008 versions for Itanium (IA-64) systems in conjunction with
Microsoft Dynamics CRM will receive commercially reasonable support. Commercially reasonable
support is defined as all reasonable support efforts by Microsoft Support that do not require Microsoft
Dynamics CRM code fixes. Microsoft Dynamics CRM 2013 supports a named instance of Microsoft
38
SQL Server for configuration and organization databases.
Accessing Microsoft Dynamics CRM from

the Internet - Claims-based
authentication and IFD requirements
The following items are required or recommended for Internet-facing
deployment (IFD). This topic assumes you will be using Active Directory
Federation Services (AD FS) as the security token service (STS). For more
information about configuring Microsoft Dynamics CRM for claims-based
authentication, download the Claims-based Authentication White Paper from the
Microsoft Download Center.
Important
Exposing the Microsoft Dynamics CRM website to the Internet is not
supported unless claims-based authentication is used and Microsoft
Dynamics CRM is configured for IFD.
Similarly, Outlook Anywhere (RPC over HTTP) is not supported as a
solution to connect CRM for Outlook to an on-premises deployment of
Microsoft Dynamics CRM 2013 over the Internet. The on-premises
deployment of Microsoft Dynamics CRM 2013 must be configured for
IFD as described in the topic Configure a Microsoft Dynamics CRM Internetfacing deployment.
In order for Microsoft Dynamics CRM for tablets to successfully connect
to a new deployment of Microsoft Dynamics CRM Server 2013, you
must run a Repair of Microsoft Dynamics CRM Server 2013 on the
server running IIS where the Web Application Server role is installed
after the Internet-Facing Deployment Configuration Wizard is
successfully completed. For repair instructions, see Uninstall,
change, or repair Microsoft Dynamics CRM Server 2013.
The computer where Microsoft Dynamics CRM 2013 Server is installed must have access to a security
token service (STS) service, such as Active Directory Federation Services (AD FS) federation server.
Microsoft Dynamics CRM 2013 Server supports Active Directory Federation Services (AD FS) 2.0,
2.1, and 2.2 versions.
Note the following conditions for the Web components before you configure IFD:
If you are installing Microsoft Dynamics CRM in a single server configuration, be aware that
Active Directory Federation Services 2.0 installs on the Default Web Site. Therefore, you must
create a new Web site for Microsoft Dynamics CRM.
39
When you run the Internet-Facing Deployment Configuration Wizard, Microsoft Dynamics CRM
2013 Server must be running on a Web site that is configured to use Secure Sockets Layer (SSL).
Microsoft Dynamics CRM Server Setup will not configure the Web site for SSL.
We recommend that the Web site where the Microsoft Dynamics CRM 2013 Web application will
be installed has the Require SSL setting enabled in IIS.
The Web site should have a single binding. Multiple IIS bindings, such as a Web site with an
HTTPS and an HTTP binding or two HTTPS or two HTTP bindings, are not supported for running
Microsoft Dynamics CRM.
Access to the Active Directory Federation Services (AD FS) federation metadata file from the
computer where the Configure Claims-Based Authentication Wizard is run. Note the following:
The federation metadata endpoint must use the Web services trust
model (WS-Trust) 1.3 standard. Endpoints that use a previous
standard, such as the WS-Trust 2005 standard, are not supported. In
Active Directory Federation Services 2.0, all WS-Trust 1.3 endpoints
contain /trust/13/ in the URL path.
Encryption certificates. The following encryption certificates are required. You can use the same
encryption certificate for both purposes, such as when you use a wildcard certificate:
Important
If you use a certificate that is created by using a custom
certificate request, the template that was used must be the
Legacy key template. Custom certificate requests created by
using the CNG key template are incompatible with Microsoft
Dynamics CRM. For more information about custom certificate
request templates, see Create a Custom Certificate Request.
Claims encryption. claims-based authentication requires identities

to provide an encryption certificate for authentication. This
certificate should be trusted by the computer where you are
installing Microsoft Dynamics CRM 2013 Server so it must be
located in the local Personal store where the Configure ClaimsBased Authentication Wizard is running.
SSL (HTTPS) encryption. The certificates for SSL encryption should

be valid for host names similar to org.contoso.com,
auth.contoso.com, and dev.contoso.com. To satisfy this requirement
you can use a single wildcard certificate (*.contoso.com), a
certificate that supports Subject Alternative Names, or individual
certificates for each name. Individual certificates for each host
name are only valid if you use different servers for each Web server
role. Multiple IIS bindings, such as a Web site with two HTTPS or two
HTTP bindings, is not supported for running Microsoft Dynamics
CRM. For more information about the options that are available to
40
you, contact your certification authority service company or your

certification authority administrator.
The CRMAppPool account of each Microsoft Dynamics CRM website must have read permission to
the private key of the encryption certificate specified when configuring claims-based authentication.
You can use the Certificates snap-in to edit permissions for the encryption certificate found in the
Personal store of the local computer account.

Specific Microsoft SQL Server Reporting Services editions are used for
reporting functionality.
Any one of the following Microsoft SQL Server editions is required and must
be installed on Windows Server 2008 (x64 SP2 or R2) versions or Windows
Server 2012 64-bit-based computers, running and available for Microsoft
Dynamics CRM:
Microsoft SQL Server 2008, Standard Edition, x64 SP3 or R2 SP2
Microsoft SQL Server 2008, Enterprise Edition, x64 SP3 or R2 SP2
Microsoft SQL Server 2008 Datacenter x64 SP3 or R2 SP2
Microsoft SQL Server 2008 Developer x64 SP3 or R2 SP2 (for non-production environments only)
Microsoft SQL Server 2012, Enterprise, 64-bit SP1
Microsoft SQL Server 2012, Business Intelligence, 64-bit SP1
Microsoft SQL Server 2012, Standard, 64-bit SP1
Important
32-bit versions of Microsoft SQL Server 2008 or Microsoft SQL Server 2012 Reporting Services are
not supported for this version of Microsoft Dynamics CRM.
Microsoft SQL Server 2008 Workgroup, Web, Compact, or Microsoft SQL Server 2008 Express
Edition editions are not supported for use with Microsoft Dynamics CRM 2013 Server.
Running 64-bit Microsoft SQL Server 2008 versions for Itanium (IA-64) systems in conjunction with
Microsoft Dynamics CRM will receive commercially reasonable support. Commercially reasonable
support is defined as all reasonable support efforts by Microsoft Support that do not require Microsoft
Dynamics CRM code fixes.
Microsoft SQL Server 2008 Workgroup is not supported for running the Microsoft Dynamics CRM
Reporting Extensions. This is because Microsoft SQL Server 2008 Workgroup does not support custom
data extensions. Therefore, features such as creating, running, or scheduling Fetch-based or SQL-based
reports will not work.
41
Using a Microsoft SQL Server 2012 Reporting Services server running in SharePoint mode is not
supported with Microsoft Dynamics CRM. For more information about Microsoft SQL Server 2012
Reporting Services SharePoint mode, see Install Reporting Services SharePoint Mode as a Single
Server Farm.
Software component prerequisites

The following SQL Server components must be installed and running on the
computer that is running SQL Server before you install Microsoft Dynamics
CRM 2013 Server:
SQL word breakers
This is only required for some Microsoft Dynamics CRM language editions.
For more information about word breaker versions for languages
supported by SQL Server see Word Breakers and Stemmers.
SQL Server Agent service
SQL Server full-text indexing
The following components must be installed and running on the computer

where Microsoft Dynamics CRM 2013 Server will be installed:
Services
Indexing Service
To install this service, see the Windows Server documentation.
IIS Admin
World Wide Web Publishing
Windows Data Access Components (MDAC) 6.0 (This is the default version of MDAC with Windows
Server 2008.)
Microsoft ASP.NET (Must be registered, but does not have to be running.)
Verify prerequisites
Before you install Microsoft Dynamics CRM 2013 Server, you should
understand the following:
Microsoft SQL Server can be, but is not required to be, installed on the same computer as Microsoft
Dynamics CRM 2013 Server.
If Microsoft Dynamics CRM 2013 Server and Microsoft SQL Server are installed on different
computers, both computers must be in the same Active Directory directory service domain.
42
Microsoft SQL Server can be installed by using either Windows Authentication or mixed-mode
authentication. (Windows Authentication is recommended for increased security and Microsoft
Dynamics CRM will use only Windows Authentication).
The service account that SQL Server uses to log on to the network must be either a domain user
account (recommended) or one of the built-in system accounts supported by SQL Server (Network
Service, Local Service, or Local System). Installation of Microsoft Dynamics CRM will fail if the SQL
Server service account is the local administrator.. Installation of Microsoft Dynamics CRM will fail if
the SQL Server service account is the local administrator.
The SQL Server service must be started and can be configured to automatically start when the
computer is started.
The Microsoft SQL Server Reporting Services service must be started and configured to automatically
start when the computer is started.
The SQL Server Agent service must be started. This service can be configured to automatically start
when the computer is started.
Although it is optional, we recommend that you accept the SQL Server default settings for Collation
Designator, Sort Order, and SQL Collation. Microsoft Dynamics CRM supports both case-sensitive
and case-insensitive sort orders.
Microsoft Dynamics CRM Server Setup requires at least one network protocol to be enabled to
authenticate by using SQL Server. By default, TCP/IP protocol is enabled when you install SQL
Server. You can view network protocols in SQL Server Configuration Manager.
See Also
2013

Reporting Extensions requirements
Microsoft Dynamics CRM Reporting Extensions is not required to run Microsoft
Dynamics CRM 2013. However, to create, use, or schedule reports in
Microsoft Dynamics CRM, you must install Microsoft Dynamics CRM Reporting
Extensions. Additionally, to create an organization or import an organization,
such as when you migrate from Microsoft Dynamics CRM 2011 to Microsoft
Dynamics CRM 2013 by using Deployment Manager, you must install
Microsoft Dynamics CRM Reporting Extensions.
43
In this topic
Microsoft Dynamics CRM Reporting Extensions general requirements
Microsoft Dynamics CRM Reporting Authoring Extension General Requirements
Microsoft Dynamics CRM Reporting Extensions are data processing extensions

that are installed on the Microsoft SQL Server Reporting Services server. The
Microsoft Dynamics CRM Reporting Extensions accept the authentication
information from the Microsoft Dynamics CRM Server 2013 and passes it to
the Microsoft SQL Server Reporting Services server.
Microsoft Dynamics CRM Reporting Extensions Setup includes two data
processing extensions: Fetch data processing extension and SQL data
processing extension. These extensions are installed by default during
Microsoft Dynamics CRM Reporting Extensions Setup.
The Fetch data processing extension is required to create, run, and schedule Fetch-based reports.
The SQL data processing extension is required to run and schedule the default (out-of-box) or SQLbased custom reports in Microsoft Dynamics CRM 2013.
Microsoft Dynamics CRM Reporting Extensions

general requirements
The Microsoft Dynamics CRM Reporting Extensions component has the
following general requirements:
You must complete Microsoft Dynamics CRM Server Setup before you run Microsoft Dynamics CRM
Reporting Extensions Setup.
You can install and run Microsoft Dynamics CRM Reporting Extensions on only one instance of
Microsoft SQL Server Reporting Services on a computer.
Separate deployments of Microsoft Dynamics CRM cannot share one Microsoft SQL Server Reporting
Services server. However, a single deployment of Microsoft Dynamics CRM that has multiple
organizations can use the same Microsoft SQL Server Reporting Services server.
You must run the Microsoft Dynamics CRM Reporting Extensions Setup on a computer that has
Microsoft SQL Server 2008 Reporting Services, Microsoft SQL Server 2008 R2 Reporting Services or
Microsoft SQL Server 2012 Reporting Services installed.
For smaller data sets and fewer users, you can use a single-server deployment or a multiple-server
deployment. With larger datasets or more users, performance decreases quickly when complex reports
are run. Use a multi-server deployment with one computer that is running SQL Server for Microsoft
Dynamics CRM, and another server for Microsoft SQL Server Reporting Services.
44
Microsoft Dynamics CRM Reporting Authoring

Extension General Requirements
The Microsoft Dynamics CRM Report Authoring Extension has the following
general requirements:
Make sure that you install the Microsoft Dynamics CRM Report Authoring Extension on the same
computer that has Business Intelligence Development Studio installed.
If your organization uses Microsoft Office 365, make sure that the computer on which the Microsoft
Dynamics CRM Report Authoring Extension is installed also has the Microsoft Online Services Signin Assistant (MSOSIA) installed on it. Organizations in the Online Service Delivery Platform have
dependency on MSOSIA. If Microsoft Online Services Sign-in Assistant is already installed, check the
registry key SOFTWARE\Microsoft\MSOIdentityCRL and make sure that the TargetDir registry key in
MSOIdentityCRL contains msoidcli.dll.
Additional Microsoft Dynamics CRM Report Authoring Extension

software requirements
If the following components are missing, they will be installed by Microsoft
Dynamics CRM Report Authoring Extension Setup:
Visual Studio 2008 Service Pack 2
Business Intelligence Development Studio
See Also
CRM 2013
SharePoint Document Management

software requirements for Microsoft
Dynamics CRM 2013
If you want to use Microsoft SharePoint document management functionality
in Microsoft Dynamics CRM Server 2013, you have to have one of the
following SharePoint editions installed and running:
Microsoft SharePoint 2013
Microsoft SharePoint 2010 SP1 (all editions)
45
You also have to have at least one site collection configured and available for
To enable the document management functionality, use the Settings area in
the CRM web application.
The user who accesses SharePoint from CRM must have appropriate
permissions on the SharePoint site collection where the document
management components are installed. For more information about how to
grant membership on a site collection, see the SharePoint Help.
Microsoft Dynamics CRM 2011 List

Component for Microsoft SharePoint
To use a list view to display documents in Microsoft SharePoint 2010 or
Microsoft SharePoint 2013, you have to install the Microsoft Dynamics CRM
List Component.
If you dont install the list component, Microsoft SharePoint 2010 displays the
data in a windowless inline floating frame (IFrame). Microsoft SharePoint 2013
displays an error message in Internet Explorer. In Google Chrome, Mozilla
Firefox, or Apple Safari web browsers, no data or error message are
displayed.
Important
There are two versions of the Microsoft Dynamics CRM List Component:
Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint Server 2013. This
version doesnt work with SharePoint 2010.
Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint Server 2010. This
version doesnt work with SharePoint 2013.
You cant use Internet Explorer 7 with Microsoft Dynamics CRM (onpremises) document management deployments that use SharePoint
2013. For more information, see Plan browser support in SharePoint 2013.
See Also
2013
46
Lync and Office Communications

Server integration with Microsoft
Dynamics CRM 2013
If your organization uses Microsoft Lync or Microsoft Office Communications
Server 2007, you may be able to take advantage of some of the features they
offer, like sending instant messages or checking user availability, from within
Microsoft Dynamics CRM or CRM for Outlook. Your organization must have
one of the following products or subscriptions:
Lync Online
Microsoft Lync Server 2013
Microsoft Lync Server 2010
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2
See Also
CRM 2013
Microsoft Dynamics CRM 2013 Email

Router hardware requirements
This section applies to Microsoft Dynamics CRM Online and on-premises
versions of Microsoft Dynamics CRM 2013. The following table lists the
minimum and recommended hardware requirements for Microsoft Dynamics
CRM 2013 Email Router.
Component
*Minimum
*Recommended
Processor (32-bit)
750-MHz CPU or comparable
Multi-core 1.8-GHz
Processor (64-bit)
x64 architecture or compatible 1.5 GHz

processor
Multi-core x64 arch

higher such as AM
systems
47
Memory
1-GB RAM
2-GB RAM or more
Hard disk
100 MB of available hard disk space
100 MB of availabl
*Actual requirements and product functionality may vary based on your

Running Microsoft Dynamics CRM Email Router on a computer that has less
than the recommended requirements may result in inadequate performance.
See Also
2013
Microsoft Dynamics CRM 2013 Email

Router software requirements
Applies to: Microsoft Dynamics CRM 2013 Email Router and Microsoft
Dynamics CRM Online
versions of Microsoft Dynamics CRM 2013. It lists the software and application
software requirements for Microsoft Dynamics CRM 2013 Email Router.
Microsoft Dynamics CRM Email Router Setup consists of two main
components: the Email Router and the Rule Deployment Wizard. The Email
Router component installs the Email Router service and Email Router
Configuration Manager. You use the Email Router Configuration Manager to
configure the Email Router. The Rule Deployment Wizard component deploys
the rules that enables received email messages to be tracked.
Important
Unless specified otherwise, within the Microsoft Dynamics CRM 2013
Support Lifecycle policy, Microsoft Dynamics CRM applications support
the latest version and service pack (SP) for all required components,
such as Windows Server, SQL Server, Microsoft Office, Internet
Explorer, and Exchange Server. However, to fully support the latest
version of a required component you should apply the latest update for
48
You can install the Email Router and Rule Deployment Wizard on any
computer that is running one of the following operating systems, and that has
network access to both Microsoft Dynamics CRM and the email server:
Windows 7 32-bit and 64-bit editions
Windows Server 2008 (x64 versions) or Windows Server 2008 R2
Windows Server 2012 (see requirements below)
Important
After Microsoft Dynamics CRM Server Setup is finished, apply the latest update rollup, if any.
Running Microsoft Dynamics CRM Email Router and Email Router Configuration Manager (32-bit) is
not supported on a Windows Server 64-bit operating system, in Windows-On-Windows (WOW) mode.
Install and run the 64-bit version of the Microsoft Dynamics CRM Email Router.
Rule Deployment Wizard Requires MAPI

The Rule Deployment Wizard requires the Microsoft Exchange Server
Messaging API (MAPI) client runtime libraries. To install the MAPI client
runtime libraries, see Microsoft Exchange Server MAPI Client and Collaboration
Data Objects 1.2.1.
Important
Installing and running the Rule Deployment Wizard on a computer that
has Microsoft Office Outlook installed is not supported. Both
applications use a different version of MAPI that are incompatible.
Note
MAPI versions 6.5.8147 (or later) are supported by Microsoft Exchange
Server 2010.
If you already have a version of the MAPI download installed, you must
uninstall it before installing the new version.
If you are installing the Rule Deployment Wizard on a system that uses
Microsoft Exchange Server 2010 as its email server, you must also have
installed Update Rollup 2 (or later) of Microsoft Exchange Server 2010. For
more information, see Update Rollup 2 for Exchange Server 2010 (KB979611).
In This Topic
Exchange Server
Messaging and transport protocols
49
Exchange Online
Additional Email Router software requirements
Exchange Server
Microsoft Exchange Server is only required if you want to use the Email
Router to connect to an Exchange Server email messaging system. To do this,
you can install the Email Router on any of the supported Windows or Windows
Server operating systems that have a connection to the Exchange Server. The
Email Router supports the following versions of Exchange Server:
Exchange Server 2007 Standard Edition
Exchange Server 2007 Enterprise Edition
Exchange Server 2010 Standard Edition
Exchange Server 2010 Enterprise Edition
Microsoft Exchange Online
Important
Exchange 2000 Server editions arent supported when using these
versions of Microsoft Dynamics CRM Email Router and Rule
Deployment Wizard.
If missing, Microsoft Dynamics CRM Email Router Setup installs the
Microsoft .NET Framework 4 on the computer where you install the
Email Router.
The Rule Deployment Wizard component must be installed on a
computer that is running any of the supported Windows or Windows
Server operating systems and that has the MAPI client runtime libraries
installed.
Download the MAPI client runtime libraries from the Microsoft Download
Center.
Messaging and transport protocols

Microsoft Dynamics CRM Email Router supports a variety of email messaging
and transport options.
50
POP3
POP3-compliant email systems are supported for incoming email message
routing.
Important
When you use the Forward Mailbox option on the User form, the
POP3 email server must provide support where an email message can
be sent as an attachment to another email message.
If you configure the Microsoft Dynamics CRM Email Router to connect to a
POP3-compliant email server, the server must support RFC 1939.
Transport protocols
Both SMTP and Exchange Online with Exchange Web Services (EWS) are
messaging transport protocols that are supported for outgoing email
message routing.
If you configure the Microsoft Dynamics CRM Email Router to use an SMTPcompliant transport service, the server must support RFC 2821 and RFC
2822.
Exchange Online
Microsoft Exchange Online is a hosted enterprise messaging service from
Microsoft. It provides the robust capabilities of Microsoft Exchange Server as
a cloud-based service. To learn more, see Exchange Online.
Additional Email Router software

requirements
If the following components are missing, they will be installed by Microsoft
Dynamics CRM Email Router Setup:
Microsoft .NET Framework 4
Microsoft Visual C++ Redistributable
Microsoft Application Error Reporting
Windows Identity Framework (WIF)
Windows Live ID Sign-in Assistant 6.5
Microsoft Online Services Sign-in Assistant (Required for Microsoft Dynamics CRM Online when you
subscribe through Microsoft Office 365.)
51
See Also
Microsoft Dynamics CRM 2013 for

Outlook hardware requirements
The following table lists the minimum recommended hardware requirements
when you run Microsoft Dynamics CRM 2013 for Microsoft Office Outlook in
either online only or go offline enabled modes.
Component
Online only mode
Go Offline enabled
Processor
2.9 gigahertz (GHz) or faster x86- or x64bit dual core processor with SSE2
instruction set
3.3 gigahertz (G
bit dual core pro
instruction set
Memory
2-GB RAM or more
4-GB RAM or m
Hard disk
1.5 GB of available hard disk space
2 GB of available
7200 RPM or mo
Display
Super VGA with a resolution of 1024 x 768
Note
Actual requirements and product functionality may vary based on your
minimum recommended requirements may result in inadequate
performance. For the best performance, we recommend running 64-bit
versions of Microsoft Windows, Microsoft Office, and CRM for Outlook.
Network requirements
Microsoft Dynamics CRM is designed to work best over networks that have
the following elements:
Bandwidth greater than 50 kbps
52
Super VGA with

1024 x 768
Latency under 150 ms
These values are recommendations and dont guarantee satisfactory

performance.
Note
Successful network installation of CRM for Outlook requires a reliable
and high-throughput network. Otherwise, installation might fail. The
recommended minimum available bandwidth of the network
connection is 300 Kbps.
See Also
Microsoft Dynamics CRM 2013 for

Outlook software requirements
CRM for Outlook works the way that you do by providing a seamless
combination of Microsoft Dynamics CRM features in the familiar Microsoft
Outlook environment. This section lists software and software requirements
for CRM for Outlook and Microsoft Dynamics CRM for Microsoft Office Outlook
with Offline Access.
Any one of the following operating systems is required:
Windows 8 (64-bit and 32-bit versions)
Windows 7 (64-bit and 32-bit versions)
Windows Vista SP2 (6-bit and 32-bit versions)
Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 when running as a Remote
Desktop Services application.
Important
Windows XP editions are not supported for installing and running CRM
2013 for Outlook.
53
Windows Server 2003 editions are not supported for installing and
running CRM 2013 for Outlook as a Remote Desktop Services
application.
In this topic
Microsoft Dynamics CRM for Outlook software feature prerequisites
Additional Microsoft Dynamics CRM for Outlook software requirements
Running Microsoft Dynamics CRM for Outlook on computers that have multiple
versions of Outlook installed
Microsoft Dynamics CRM for Outlook

software feature prerequisites
The following software must be installed and running on the computer before
you run Microsoft Dynamics CRM for Outlook Setup:
Web Browser. One of the following:
Supported versions of Internet Explorer
Supported non-Internet Explorer web browsers
Important
Internet Explorer 7 or earlier versions are not supported for use with
Microsoft Dynamics CRM 2013 for Microsoft Office Outlook.
Microsoft Office. One of the following:
Microsoft Office 2013
Important
Outlook 2003 versions are not supported for installing and running
CRM 2013 for Outlook.
To install and run the 64-bit version of CRM for Outlook, a 64-bit
version of Microsoft Office is required.
Before you run the Configuration Wizard to configure CRM for Outlook,
a Microsoft Office Outlook profile must exist for the user. Therefore,
54
Microsoft Outlook must be run at least once to create the user's

Microsoft Outlook profile.
Both the web application and CRM for Outlook require JavaScript
enabled for certain features, such as Activity Feeds, dashboard areas,
and the display of certain panes or menus. Although the web
application displays error messages when JavaScript is disabled, CRM
for Outlook doesnt. To verify if JavaScript is enabled in Internet
Explorer 9, start Internet Explorer, on the Tools menu click or tap
Internet options. On the Security tab, click or tap Internet, and
then click or tap Custom level. In the Security Settings dialog box
under Scripting, Active scripting must be set to Enable.
The Indexing Service (now known as the Windows Search Service, or
WSS) is required by users who will set up and use CRM for Outlook and
its Help file in offline mode.
Microsoft Dynamics CRM. One of the following editions of Microsoft
Dynamics CRM must be available so that CRM for Outlook can connect to it:
On-premises editions of Microsoft Dynamics CRM Server 2013
Additional Microsoft Dynamics CRM for Outlook

software requirements
If needed, the following software will be installed by Microsoft Dynamics CRM
for Outlook Setup:
Microsoft SQL Server 2008 Express Edition SP1 or *Microsoft SQL Server 2012 Express Edition
Note
Installed for Microsoft Dynamics CRM for Outlook with Offline Access
only.
*Although, Microsoft SQL Server 2012 Express Edition is supported,
Microsoft SQL Server 2008 Express Edition SP1 will be installed
during Setup.
Microsoft .NET Framework 4.
Microsoft Windows Installer 4.5.
MSXML 4.0.
55
Microsoft Visual C++ Redistributable.
Microsoft Report Viewer 2010.
Microsoft Application Error Reporting.
Windows Identity Framework (WIF).
Windows Azure AppFabric SDK V1.0.
Windows Live ID Sign-in Assistant 6.5.
Microsoft Online Services Sign-in Assistant 2.1.
Microsoft SQL Server Native Client.
Microsoft SQL Server Compact 4.0.
Reporting Services Microsoft ActiveX control. If not installed on the computer, the user will be
prompted to install the software at first attempt to print a report. This installer package is named
RSClientPrint.cab and can found on the Microsoft SQL Server Reporting Services server at
<drive>:\Program files\Microsoft SQL Server\<MSSQL>\Reporting Services\ReportServer\bin.
Running Microsoft Dynamics CRM for Outlook on

computers that have multiple versions of Outlook
installed
If you run more than one version of Microsoft Office Outlook on your
computer, CRM for Outlook will only run in the latest version of Outlook. This
behavior is true even if you were previously running Outlook in the earlier
version of Microsoft Office. For example, if you run Outlook in Microsoft
Outlook 2010 and then install Microsoft Outlook 2013 keeping Microsoft
Outlook 2010, CRM for Outlook will only run in Microsoft Outlook 2013. If you
uninstall Microsoft Outlook 2013, CRM for Outlook will switch to running in
Microsoft Outlook 2010 again.
See Also
requirements
56
Web application requirements for

Microsoft Dynamics CRM 2013 web
application requirements
This section lists the hardware and software requirements for the Microsoft
Dynamics CRM 2013 and Microsoft Dynamics CRM Online web and mobile
device client applications.
In This Topic
Microsoft Dynamics CRM web application hardware requirements
Supported non-Internet Explorer web browsers
Supported versions of Microsoft Office
Printing reports
Microsoft Dynamics CRM web application

hardware requirements
The following table lists the minimum and recommended hardware
requirements for the Microsoft Dynamics CRM web application.
Component
Minimum
Recommended
Processor
2.9 gigahertz (GHz) or faster x86- or x64bit dual core processor with SSE2
instruction set
3.3 gigahertz (GHz

processor with SS
MB or more L3 cac
Memory
2-GB RAM
4-GB RAM or mor
Display
Super VGA with a resolution of 1024 x

768
Super VGA with a
recommended requirements may result in inadequate performance.
Network requirements
57
Microsoft Dynamics CRM is designed to work best over networks that have
the following elements:
Bandwidth greater than 400 kbps
Latency under 150 ms
Notice that these values are recommendations and dont guarantee

satisfactory performance.

The following two sections list the supported operating systems and versions
for the Microsoft Dynamics CRM web application when you run Internet
Explorer.
Supported operating systems when you use Internet

Explorer
The following operating systems are supported for the Microsoft Dynamics
CRM web application:
Windows 8 and Windows RT supported when you use Internet Explorer 10
Windows 7 (all versions)
Windows Vista (all versions)
Important
Windows 8.1 has not been tested and isnt fully supported with this
release of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online.

The Microsoft Dynamics CRM web application can run in any of the following
Internet Explorer versions:
*Internet Explorer 10
Internet Explorer 9
Internet Explorer 8
*Internet Explorer 10 that has the new Windows UI optimized for touch
devices is only supported for use with the areas of Microsoft Dynamics CRM
58
that have the modern user interface. For more information about Internet
Explorer 10 browser experience modes, see Internet Explorer 10 on Windows 8.
Important
Internet Explorer 7 isnt supported with Microsoft Dynamics CRM 2013
on-premises versions or Microsoft Dynamics CRM Online.
Using plug-ins or other third-party extensions in your browser can
increase load times on pages with lists of data.
Supported non-Internet Explorer web

browsers
The Microsoft Dynamics CRM web application can run in any of the following
web browsers running on the specified operating systems.
Mozilla Firefox (latest publicly released version) running on Windows 8, Windows 7, or Windows
Vista
Google Chrome (latest publicly released version) running on Windows 8, Windows 7, Windows Vista,
or Nexus 10 tablet
Apple Safari (latest publicly released version) running on 10.8 (Mountain Lion)
To find the latest release for these web browsers, visit the software
manufacturers website.
Important
Using plug-ins or other third-party extensions in your browser can
increase load times on pages with lists of data.
Supported versions of Microsoft Office

To use Microsoft Dynamics CRM with Microsoft Office integration features,
such as Export to Excel and Mail Merge, you must have one of the following
Microsoft Office versions on the computer that is running the Microsoft
Dynamics CRM web application:
59
Important
Microsoft Office 2003 versions arent supported for use with Microsoft
Dynamics CRM 2013.
Printing reports
The Reporting Services Microsoft ActiveX control is required to print reports. If
a user tries to print a report, but the control isnt installed, the user will be
prompted to install it. The installer package is named RSClientPrint.cab and
can found on the Microsoft SQL Server Reporting Services server at
<drive>:\Program files\Microsoft SQL Server\<MSSQL>\Reporting
Services\ReportServer\bin.
See Also
64-bit supported configurations
Microsoft Dynamics CRM 2011 System Requirements and Required Components
Tablet support for Microsoft Dynamics

CRM 2013 and CRM Online
You can access Microsoft Dynamics CRM data from tablet devices in different
ways. Apps for Windows 8 and Apple iPad tablets are available to run
Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online.
Alternatively, CRM can be accessed using the devices preferred browser for
those devices described here. Tablets not specifically mentioned here can
typically use Microsoft Dynamics CRM for phones.
Note
For on-premises deployments of Microsoft Dynamics CRM 2013, the
apps for Windows 8 and Apple iPad require an Internet-facing
deployment that uses claims-based authentication.
The Microsoft Dynamics CRM for Windows 8 app is compatible with
devices that run Windows 8, such as Microsoft Surface. The Microsoft
Dynamics CRM for iPad app is compatible with iPad 3. These apps
arent compatible with other mobile devices such as smartphones
(Windows Phone , iPhone, or Android-based), or other tablet devices,
60
such as Android-based tablets. More information: Set up CRM for

tablets.
In This Topic
Windows 8
Apple iPad
Google Nexus
Windows 8
You can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online on Windows 8 using either the Microsoft Dynamics CRM for Windows 8
app, or by using a supported web browser. For more information about web
browser support, see Web application requirements for Microsoft Dynamics CRM
2013 web application requirements.
CRM for Windows 8 is designed for PCs and tablets that run Windows 8 using
the immersive modern application. However, it isnt a Windows desktop
application and wont run in Windows 8 desktop mode.
Download Microsoft Dynamics CRM for Windows 8 from the Windows 8 Marketplace .
Microsoft Dynamics CRM for Windows 8 minimum

requirements
Operating System
*Windows 8
*Windows RT
Processor
Windows 8 tablets and PCs: 1.8 gigahertz

(GHz) or faster with support for PAE, NX,
and SSE2
Windows RT tablets: ARM-based Dual
Core 1.3 GHz or higher
RAM
Windows 8 tablets and PCs: 4 GB or more

Windows RT tablets: 2 GB or more
Storage
32 GB (64 GB recommended)
Resolution
1366 x 768 resolution with capacitive touch

screen
61
*Not supported in desktop mode.

Important
Windows 8.1 hasnt been tested and isnt fully supported with this
release of Microsoft Dynamics CRM.
Apple iPad
Online on an iPad using either the Microsoft Dynamics CRM for iPad app that
is designed for iOS iPad tablets, or in the latest version of the Apple Safari on
iPad web browser.
Download Microsoft Dynamics CRM for iPad from the Apple Store .
Microsoft Dynamics CRM for iPad minimum

requirements
Device
iPad 3 with Retina display
Operating System
iOS 6
Earlier iOS versions and other iPad models, such as the iPad mini, arent
supported. For those devices, use Microsoft Dynamics CRM for Phones.
Google Nexus
Online in the latest Google Chrome web browser on a Google Nexus 10 tablet
running Android 4.2.2.
Important
Android versions later than 4.2.2 on tablet devices other than Nexus 10
will attempt to run the full CRM web application. However, this
configuration is currently not supported. For those devices, see
Microsoft Dynamics CRM for Phones in this topic.
See Also
requirements
62
Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online
Mobile phone support for Microsoft

Dynamics CRM 2013 and Microsoft
Dynamics CRM Online
Access data from Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM
Online with your mobile phone using one of the following methods.
Microsoft Dynamics CRM phone apps. Download the app for your phone.
Microsoft Dynamics CRM for phones. Use your phones preferred web browser.
In This Topic
CRM phone apps
CRM for phones
CRM phone apps

Several apps are available for popular mobile phones. The following
smartphone operating systems are supported with Microsoft Dynamics CRM
2013 and Microsoft Dynamics CRM Online. More information: Set up CRM
for phones.
CRM for iPhones

iOS version
Example device
iOS 6
iPhone 5
For a list of the supported languages available for this app, see CRM phone app
language support.
CRM for Android

63
Android version
Example device
4.1 and 4.2 (Jelly Bean)
Galaxy S3
4.0 (Ice Cream Sandwich)
Galaxy S3
For a list of the supported languages available for this app, see CRM phone app
language support.
CRM for Windows Phone 8

Windows Phone version
Example device
Windows Phone 8.0
HTC Windows Phone 8X, Nokia Lumia,

Samsung ATIV
BlackBerry
BlackBerry devices dont have an app specific for the device but are
supported for running Microsoft Dynamics CRM by using the
BlackBerrymobile browser. The following tables lists the devices supported to
run Microsoft Dynamics CRM in the BlackBerry mobile browser.
BlackBerry version
Example device
10
BlackBerry Z10
BlackBerry Torch 9860, BlackBerry Curve

9370
BlackBerry Bold 9780, BlackBerry Bold

9900
Many other smartphone operating system versions not mentioned here can
use CRM for phones mode.
64
CRM for phones

In most cases, devices not listed earlier in this topic can use Microsoft
Dynamics CRM for phones mode, which runs in your smartphones web
browser.
CRM for phones comes installed with Microsoft Dynamics CRM Server 2013
and is available with Microsoft Dynamics CRM Online. CRM for phones offers
great device flexibility because it runs on any web browser that supports
common standards, which are HTML 4.0 and JavaScript.
More information: Use CRM for phones
See Also
Tablet support for Microsoft Dynamics CRM 2013 and CRM Online
64-bit supported configurations for

Installing and running Microsoft Dynamics CRM 2013 and connecting to
database, reporting services, and email components running on other 32-bit
computers is generally supported. For example:
Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, or Exchange Server 2013 editions,
which are available only for 64-bit systems, are supported, and can run 64-bit, or 32-bit, editions of the
Microsoft Dynamics CRM Email Router.
CRM for Outlook includes a 64-bit version that can be installed on any of the supported 64-bit
Windows operating systems.
The 32-bit version of CRM for Outlook can be installed and run on a 64-bit Windows operating system
but the version of Microsoft Outlook must be 32-bit.
Important
32-bit versions of Microsoft SQL Server database engine or Microsoft
SQL Server reporting services arent supported with Microsoft
Dynamics CRM 2013. You cant use a computer that is running a
Microsoft SQL Server 32-bit edition as the database server or reporting
services server for Microsoft Dynamics CRM Server 2013. For more
information about the supported versions of Microsoft SQL Server, see
SQL Server editions and SQL Server Reporting Services.
65
See Also
requirements
Microsoft Dynamics CRM 2013 language support

language support
This section describes the supported configurations for different language
versions of a Microsoft Dynamics CRM 2013 system. This section doesnt
include information about Microsoft Dynamics CRM Language Pack support,
but instead explains the supported configurations for the base-language
versions. For more information about Microsoft Dynamics CRM Language
Pack, see Install and deploy a Language Pack.
In This Topic
Microsoft Dynamics CRM Server language requirements
Microsoft Dynamics CRM Server language examples
CRM phone app language support
Microsoft Dynamics CRM Server language

requirements
The following requirements must be met when you run Microsoft Dynamics
CRM with applications such as SQL Server. Note that all available CRM
languages are supported.
Microsoft Dynamics CRM product
Requirement
The base language of Windows Server,

SQL Server, Microsoft .NET Framework,
MDAC, and MSXML must be either the
same language as Microsoft Dynamics
CRM Server 2013 or English. If an
application isnt available in a certain
language, the English version can be
66
used.
Microsoft Dynamics CRM for Microsoft
Office Outlook
The base language of Windows Server,

Microsoft SQL Server 2008 Express
Edition, Internet Explorer, Microsoft Office,
Microsoft .NET Framework, MDAC, and
MSXML dont have to be the same
language as CRM for Outlook.
Each client stack in a single deployment
can be in a different language.
Microsoft Dynamics CRM Server 2013 and

The base language version of Microsoft

Dynamics CRM Server 2013 must match
that of CRM for Outlook.
For example, there cant be some users
who run the German version of CRM for
Outlook while other users run the English
version. For this scenario, we recommend
provisioning the appropriate Microsoft
Dynamics CRM Language Pack.
For example, you could have the following configuration having German as
their base language:
Windows Server 2008
Microsoft SQL Server 2008
Microsoft Exchange Server 2010
MSXML
.NET Framework
As another example, you could have Microsoft Dynamics CRM Server 2013
with Swedish as its base language and it could be configured with the
following applications that have English as their base language:
Windows Server 2008
MSXML
67
.NET Framework
Microsoft Dynamics CRM Server language examples

The following table describes an example of a supported language
configuration for Microsoft Dynamics CRM Server 2013 where all language
editions match.
Program
Language
Windows Server 2008
German
German
German
MSXML
German
.NET Framework
German
German
The following table describes an example of a supported language

configuration for Microsoft Dynamics CRM Server 2013 where not all
language editions match.
Program
Language
Windows Server 2008
English
English
English
MSXML
English
.NET Framework
English
Swedish
CRM phone app language support

The CRM phone apps are available in the following languages.
CRM for Windows 8 Phones
English
68
French
Italian
German
Spanish
Portuguese (Portugal)
Portuguese(Brazil)
Chinese (Simplified)
Chinese (Traditional)
Czech
Danish
Dutch
Finnish
Greek
Hungarian
Japanese
Korean
Norwegian
Polish
Russian
Swedish
CRM for iPhone
English
French
Italian
German
Spanish
69
Chinese Simplified
Chinese Traditional
Japanese
CRM for Android
English
French
German
Italian
Spanish
Chinese Simplified
Chinese Traditional
Japanese
Note
BlackBerry devices dont have a CRM app and are only supported for
running Microsoft Dynamics CRM by using the BlackBerry mobile
browser.
See Also
Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM
Online
Planning Deployment of Microsoft

Dynamics CRM 2013
The deployment architecture you will use depends on your business needs.
This section provides guidelines for planning a Microsoft Dynamics CRM
deployment on four representative computer system architectures: a single70
computer server deployment based on Windows Small Business Server, a

two-server deployment, a five-server deployment, and a multiple-server
deployment involving a minimum of six servers. These deployments are
discussed in detail in Microsoft Dynamics CRM 2013 supported configurations in
this guide.
Use this section as a reference if you have no existing Windows Server
infrastructure, and you are planning a new Microsoft Dynamics CRM
deployment.
If most or all the Windows Server infrastructure already exists, we
recommend that you read this section to make sure that your current
infrastructure meets the prerequisites for a successful Microsoft Dynamics
CRM deployment.
In This Section
Prerequisites and considerations for planning your deployment of Microsoft Dynamics
CRM 2013
Operating system and platform technology security considerations for Microsoft
Dynamics CRM 2013
Security considerations for Microsoft Dynamics CRM 2013
Microsoft Dynamics CRM 2013 supported configurations
Upgrading from Microsoft Dynamics CRM 2011
Related Sections
Prerequisites and considerations for

planning your deployment of
This section contains lists of what you must have before you install Microsoft
Dynamics CRM, such as needed hardware and software. Use this section for
preparing your network and to make sure that all requirements are satisfied
before you run Microsoft Dynamics CRM Server Setup.
71
In this section, the following topics are discussed:
Hardware and software requirements. A brief overview of the computer hardware and software
requirements, and where you can find more information about the requirements.
Active Directory considerations. Supported Active Directory forest and domain modes.
SQL Server and SQL Server Reporting Services installation and configuration. A summary of
how Microsoft SQL Server and Microsoft SQL Server Reporting Services must be deployed and
configured to install Microsoft Dynamics CRM.
Planning Exchange Server or POP3. A summary of how Exchange Server or a POP3-compliant email server must be deployed to install and use the Email Router to send and receive Microsoft
Dynamics CRM e-mail messages.
Security considerations. Information about how you can make the Microsoft Dynamics CRM system
more secure.
Supported configurations. Information about the supported network, domain, and server
configurations for Microsoft Dynamics CRM.
Upgrading from a previous version of Microsoft Dynamics CRM. How Microsoft Dynamics CRM
upgrades your current system and what happens to items such as existing reports and customizations.
See Also
Hardware requirements
Software requirements
SQL Server installation and configuration
Planning email integration
Depending on how you plan to deploy the system, as a single-server solution,
a multiple-server solution, or a clustered solution, the computer hardware
that Microsoft Dynamics CRM and components will run on is important for
acceptable application performance.
72
There are many factors that you must consider that can affect the hardware
requirements. They include the following:
Number of users the Microsoft Dynamics CRM implementation will support and the way the
application will be used, such as for intensive reporting.
Number of servers and how they are configured.
Microsoft SQL Server performance and availability.
Integration of Microsoft Dynamics CRM with the Microsoft Exchange Server or POP3 e-mail servers.
Integration with SharePoint Server.
Performance of your servers and the local area network (LAN).
Whether users will be connecting from untrusted domains and forests or from the Internet.
For a list of the suggested hardware requirements, see these topics.

2013
See Also
CRM 2013
Before you install an on-premises deployment of Microsoft Dynamics CRM
2013, there are several operating system, application, and software features
that must be installed, configured, and running either on the computer where
Microsoft Dynamics CRM Server is running or on another computer on your
network. Some of these operating system and software components include
Windows Server, Microsoft SQL Server, Microsoft SQL Server Reporting
Services, and .NET Framework.
73
For a complete list of the software requirements, see Microsoft Dynamics CRM
2013 system requirements and required technologies in this guide.
See Also
Active Directory and network

requirements for Microsoft Dynamics
CRM 2013
Active Directory Domain Services (AD DS) is a feature of the Windows Server
operating systems. AD DS provides a directory and security structure for
network applications such as Microsoft Dynamics CRM.
As with most applications that rely on a directory service, Microsoft Dynamics
CRM has dependencies that are important for operation, such as use of AD
DS to store user and group information and to create application security.
Microsoft Dynamics CRM should only be installed on a Windows Server that is
a domain member or, if you are installing on Windows Small Business Server,
a domain controller. The domain where the server is located must be running
in one of the following Active Directory modes:
Windows Server 2008 Modes
Windows Server 2012 Modes
For more information about Active Directory domain and forest modes, see:
How to raise Active Directory domain and forest functional levels
Active Directory (Windows Server 2008 R2)
Important
Windows 2000 Server forest and domain modes are not supported with
Microsoft Dynamics CRM 2013.
74
Federation and claims-based

authentication support
When you configure Microsoft Dynamics CRM for Internet-facing access it
requires federated services that support claims-based authentication. We
recommend Active Directory Federation Services (AD FS) in Windows Server
2008 or Windows Server 2012.
Active Directory Federation Services

Active Directory Federation Services (AD FS) is a highly secure, highly
extensible, and Internet-scalable identity access solution that allows
organizations to authenticate users from partner organizations. Using AD FS
in Microsoft Windows Server, you can simply and very securely grant external
users access to your organizations domain resources. AD FS can also simplify
integration between untrusted resources and domain resources within your
own organization.
AD FS is available as a server role in Windows Server 2012 and Windows
Server 2008 R2. In earlier versions of Windows Server 2008, AD FS can be
downloaded and installed (see the Active Directory Federation Services 2.0
RTW download link in the table).
Digital Certificates
Active Directory Federation Services (AD FS) requires two types of digital
certificates:
Claims encryption. claims-based authentication requires identities to provide an encryption certificate

for authentication. This certificate should be trusted by the computer where you are installing
Microsoft Dynamics CRM Server 2013 so it must be located in the local Personal store where the
Configure Claims-Based Authentication Wizard is running.
SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host names similar to
org.contoso.com, auth.contoso.com, and dev.contoso.com. To satisfy this requirement you can use a
single wildcard certificate (*.contoso.com), a certificate that supports subject alternative names, or
individual certificates for each name. Individual certificates for each host name are only valid if you
use different servers for each web server role. Multiple IIS bindings, such as a website with two
HTTPS or two HTTP bindings, isnt supported for running Microsoft Dynamics CRM. For more
information about the options that are available to you, contact your certification authority service
company or your certification authority administrator.
To meet these requirements, your organization should have a public key

infrastructure or a contract with a digital certificate provider such as VeriSign,
GoDaddy, or Comodo.
75
For more information about Active Directory, see the resources in the
following table.
Topic
Link
Active Directory Domain Services
Active Directory Domain Services for Windows

Server 2008 R2
Understanding AD DS Design
Understanding AD DS Design
Designing the Site Topology for Windows

Server 2008 AD DS
Designing the Site Topology
Domain Controller Role Deploment
FSMO placement and optimization on Active

Directory domain controllers
Active Directory Federation Services (AD

FS)
AD FS Deployment Guide
Active Directory Federation Services

2.0AD FS 2.0 RTW Download
Active Directory Federation Services 2.0 RTW
Digital certificates overview
Certificates
Access & Information Protection
IPv6 Support
Microsoft Dynamics CRM 2013 works with IPv6 either alone or together with
IPv4 within environments that have networks where IPv6 is supported.
See Also
SQL Server installation and

configuration
To plan your use of Microsoft SQL Server with Microsoft Dynamics CRM
Server, you must understand how Microsoft Dynamics CRM uses SQL Server,
and what Microsoft Dynamics CRM Server Setup does and does not do:
Microsoft Dynamics CRM Server requires SQL Server 64-bit versions for storing the databases that
contain Microsoft Dynamics CRM data and metadata. For specific details, see SQL Server editions in
76
this guide.
Reports in Microsoft Dynamics CRM depend on Microsoft SQL Server Reporting Services, a feature
in SQL Server. Reporting Services includes two server components that are used to store, display, and
manage reports: Report Server and Report Manager. A third component, Report Designer, is used to
customize reports and write new reports. The Report Designer component is available with Microsoft
Visual Studio and is typically installed on a workstation, instead of on the computer that is running
SQL Server.
Microsoft Dynamics CRM Server Setup does not install SQL Server database engine or Microsoft SQL
Server Reporting Services.
There are many configurations possible based on your expected usage of

Microsoft Dynamics CRM. For information about the licensing implications
when you install Microsoft SQL Server Reporting Services on a separate
computer, see SQL Server 2008 R2 Licensing.
Although we do not recommend it, you can install SQL Server on the same computer as Microsoft
Dynamics CRM Server 2013. For better performance, install and run SQL Server on a separate
dedicated computer. For better performance and improved availability, install and run SQL Server on
separate multiple dedicated computers in a clustered configuration. For more information, see Set
configuration and organization databases for SQL Server 2012 AlwaysOn failover.
Similarly, we recommend that you install Microsoft Dynamics CRM Reporting Extensions on a
separate SQL Server that is running Microsoft SQL Server Reporting Services. However, if needed you
can install Microsoft Dynamics CRM Reporting Extensions on a SQL Server that is running Microsoft
SQL Server Reporting Services but also stores the Microsoft Dynamics CRM databases.
Notice that, when you run the database engine and Reporting Services on
separate SQL Servers, the versions of SQL Server do not have to match.
For example, the SQL Server database engine where the Microsoft
Dynamics CRM databases are stored can be Microsoft SQL Server 2008 R2
and the Reporting Services server where the Microsoft Dynamics CRM
Reporting Extensions are installed can be Microsoft SQL Server 2012.
Although, in a multiple organization deployment of Microsoft Dynamics CRM, you can specify
different Reporting Services servers or server instances when you create or edit an organization, only
one instance of Reporting Services is supported for all organizations in the deployment. For better load
balancing of reports, we recommend configuring Report Server in a Network Load Balancing (NLB)
cluster. For more information, see Configure a Report Server on a Network Load Balancing Cluster.
Multiple Microsoft Dynamics CRM front-end servers that run in a network load balancing cluster can
use the same computer that is running SQL Server. For more information, see Install Microsoft
Dynamics CRM Server 2013 on multiple computers.
In This Section
77
SQL Server deployment

Additional resources for SQL Server
Related Sections
CRM 2013
Planning requirements for Microsoft SQL Server Reporting Services
SQL Server requirements and

recommendations for Microsoft
Dynamics CRM
These requirements apply to new and existing installations of SQL Server:
Microsoft Dynamics CRM requires an instance of Microsoft SQL Server Reporting Services be
installed, running, and available. All installations of the supported SQL Server editions can be used as
the reporting server. However, the Reporting Services edition must match the SQL Server edition.
Microsoft Dynamics CRM 2013 isnt supported on Microsoft SQL Server 2000, Microsoft SQL Server
2005, or 32-bit versions of Microsoft SQL Server 2008 and Microsoft SQL Server 2012.
Microsoft Dynamics CRM Server 2013 is not supported with SQL Server that is running on Windows
Server 2003 or Windows 2000 Server.
When Microsoft Dynamics CRM Server 2013 and SQL Server are installed on different computers,
they must be in the same Active Directory domain.
Microsoft Dynamics CRM Server Setup and Microsoft Dynamics CRM 2013 Deployment Manager
support the default instance or a named instance of SQL Server.
Although you can install SQL Server by using either Windows Authentication or mixed-mode
authentication, Windows Authentication is a prerequisite for Microsoft Dynamics CRM.
The service account that SQL Server uses to log on to the network must be either a domain user
account (recommended) or the Network Service account (you cant use a local user account on the
server). Using a low-privilege account strategy is recommended to help avoid compromising the
security of the server.
The SQL Server service must be started. This service should be configured to automatically start when
the computer is started.
SQL Server Agent must be started. This service should be configured to automatically start when the
computer is started.
78
SQL Server Full-Text Search must be installed and started. This service should be configured to
automatically start when the computer is started.
Microsoft Dynamics CRM Server Setup requires a network library to authenticate SQL Server. By
default, TCP/IP network libraries are enabled when you install Microsoft SQL Server. SQL Server can
use both TCP/IP or Named Pipes for authentication. However, the computer that is running SQL Server
must be configured for at least one of the two network libraries.
We recommend that the computer that is running SQL Server be located on the same local area
network (LAN) as the computer that is running the Microsoft Dynamics CRM Server 2013 Back End
Server roles. For a description of the server roles, see Microsoft Dynamics CRM 2013 server roles.
The computer that is running SQL Server must be configured to have sufficient disk space, memory,
and processing power to support the Microsoft Dynamics CRM environment. For more information,
see Microsoft Dynamics CRM Server 2013 hardware requirements in this guide.
Although its optional, consider accepting the SQL Server default settings for Collation Designator,
Sort Order, and SQL Collation. Microsoft Dynamics CRM supports the following collation orders:
Case-sensitive
Case-insensitive
Accent-sensitive
Accent-insensitive
Binary sort order (such as Latin1_General_100_BIN)
Note
Microsoft Dynamics CRM sets the collation order at the database
level. This setting might differ from that set at the SQL Server level.
Review all SQL Server installation options and be prepared to make the needed selections when you
run Setup. For more information, see Installation for SQL Server 2012.
If you plan to install SQL Server in a location other than the default file location, see File Locations for
Default and Named Instances of SQL Server.
You should also consider where the Microsoft Dynamics CRM databases
are located on the server, and the hard-disk configuration that will support
them.
Note
To achieve the best combination of disk fault tolerance and
performance, consider the many specifications for redundant array
of independent disks (RAID) available from hardware vendors.
Format the disks where the SQL Server database files reside for the
79
fault-tolerance requirements of the application and performance

parameters for the I/O activity occurring on that partition.
If you are using an operating system with regional settings other than English (United States), or if you
are customizing character-set or sort-order settings, review topics on collation settings. For more
information, see International Considerations for SQL Server.
See Also

If your organization uses Microsoft SQL Server for applications other than
Microsoft Dynamics CRM, performance may degrade as resources are
consumed by other applications. If you use a computer that is running SQL
Server that is used for other applications, you must carefully analyze the
effect that Microsoft Dynamics CRM will have on the existing installation of
SQL Server. For information about monitoring SQL Server, see Performance
Monitoring and Tuning How-To Topics.
For best results, we recommend that you install the Microsoft Dynamics CRM
databases on a computer that is running SQL Server and that will support
only Microsoft Dynamics CRM and no other databases or database
applications.
In This Topic
SQL Server deployment considerations
Language locale collation and sort order
Disk configurations and file locations
SQL Server program file location
SQL Server data file location
Microsoft Dynamics CRM database renaming considerations
SQL Server transparent data encryption
80
SQL Server deployment considerations

Microsoft Dynamics CRM is a database-intensive application. Before you
deploy Microsoft Dynamics CRM to an instance of SQL Server, you should
consider the following requirements and database configurations:
Modification of system tables. The SQL Server system tables should not be modified before you
install Microsoft Dynamics CRM Server 2013. Some database applications may modify the SQL
Server system tables. If this occurs, problems with Microsoft Dynamics CRM and data may result.
Indexing. Full-text indexing must be installed. This is required for Microsoft Dynamics CRM
knowledge-base functionality.
Compatibility level. During an upgrade or a new installation, Microsoft Dynamics CRM Server Setup
sets the database compatibility level to 100, which is the compatibility level of Microsoft SQL Server
2008.
Autogrowth. By default, Microsoft Dynamics CRM organization database files are created to have an
autogrowth setting of 256 megabytes. Earlier versions of Microsoft Dynamics CRM used the default
setting of 1 megabyte autogrowth. If you perform intensive database transactions, such as large data
imports, consider increasing the autogrowth value to improve performance. For information about how
to change the autogrowth setting for a database, see the SQL Server Management Studio Help.
Max server memory. We recommend that, if you run SQL Server on a computer that is also running
other applications, that the SQL Server max server memory be set to no more than one half of the
installed RAM. By default, max server memory is set to 2147483647 megabytes in Microsoft SQL
Server 2008 and Microsoft SQL Server 2012, which has demonstrated resource issues with SQL Server
during intensive use of Microsoft Dynamics CRM. More information: Server Memory Options
Max degree of parallelism. We recommend if you experience poor SQL Server performance, which
can occur due to complex index statements, that the SQL Server max degree of parallelism be set to 1
to help improve overall application performance on multiprocessor systems. More information: max
degree of parallelism Option
RCSI. Running Microsoft Dynamics CRM that uses a SQL Server configured for read committed
snapshot isolation (RCSI) will receive commercially reasonable support. Commercially reasonable
support is defined as all reasonable support efforts by Microsoft Customer Support Services that do not
require Microsoft Dynamics CRM code fixes.
Language locale collation and sort order

Installing SQL Server in a language other than English (U.S.) may require
changing the Collation designator. The following table indicates the Collation
designator to use for some of the available languages.
81
Windows Locale
Locale Identifier (LCID)
Collation Designator
Danish
0X406
Danish_Norwegian
Dutch (Standard)
0X413
Latin1_General
English (United States)
0X409
Latin1_General
French (France)
0X40C
French
German (Germany)
0X407
Latin1_General
Italian
0X410
Latin1_General
Portuguese (Brazil)
0X416
Latin1_General
Spanish (Traditional Sort)
0XC0A
Modern_Spanish
Disk configurations and file locations

For the default instance of SQL Server, the default directory for both program
and data files is \Program Files\Microsoft SQL
Server\MSSQL<ver>.MSSQLSERVER\MSSQL\, where <ver> is the major
version of SQL Server, such as 10 for Microsoft SQL Server 2008 or 11 for
Microsoft SQL Server 2012. You can specify a file path other than the default
for both program and data files.
Note
The default locations for program and data files are not necessarily the
best locations. For the best combination of disk fault tolerance and
performance, consider the RAID specifications available from hardware
vendors. You can create the Microsoft Dynamics CRM databases on
your partitions, especially for these files, and specify the existing
databases when you run Microsoft Dynamics CRM Server Setup. The
databases created by Microsoft Dynamics CRM are noted in the
specified data file location. For more information, see SQL Server data
file location later in this topic.
By default, Shared Tools are installed in \Program Files\Microsoft SQL
Server\100\Tools on the system drive. This folder contains the default and
named files shared by all instances of SQL Server. Tools include the T-SQL
command line utility and the OSQL SQL query tool.
Microsoft SQL Server Setup also installs files in the Windows system directory.
The system file location cannot be changed.
82
SQL Server program file location

The SQL Server program files are located in \Program Files\Microsoft SQL
Server\MSSQL<ver>.MSSQLSERVER\MSSQL\Binn.
The binary file location is in the root directory where Setup creates the folders
that contain program files and other files that typically do not change this
path as you use SQL Server. Although these files are not read-only, the
folders do not contain data, logs, back-up files, or replication data. Therefore,
the space requirements for these files should increase only marginally as SQL
Server is used, and over time as updates are applied.
Important
Program files cannot be installed on a removable disk drive.
SQL Server data file location

Each SQL Server database consists of one or more database files and one or
more transaction log files. Microsoft Dynamics CRM creates at least two
databases:
MSCRM_CONFIG. This database contains Microsoft Dynamics CRM metadata, such as

configuration and location information that is specific to each organization database.
OrganizationName_MSCRM. This is the organization database where Microsoft Dynamics CRM

data is stored, such as all records and activities. Microsoft Dynamics CRM Server 2013 supports
multiple organizations so that you can have multiple-organization databases.
Microsoft Dynamics CRM also relies on the SQL Server system databases to
store Microsoft Dynamics CRM configuration information. These databases
include the master and msdb databases. The database files that accompany
a database contain all its data and properties. Transaction log files contain a
record of the write activity in the database, such as when a row is added,
changed, or removed. Transaction log files are binary and cannot be used for
auditing database activity.
The transaction log is used for recovery, if a failure occurs, and to roll back
(undo) transactions (writes) that cannot be finished. You may also periodically
back up the transaction log as a way to perform an incremental backup while
users are working in the application, with very low effect on available server
resources.
To have the best chance of recovery if there is a disk failure, and the best
performance for the application, put the database files and transaction log
files on separate sets of physical disks. The location that you specify for a file
83
does not have to be the original location for data files specified during
Microsoft SQL Server Setup. You can select an alternative location for the
database and transaction log files any time that you create or change the
database. For more information, see the note about disk fault tolerance and
performance in Disk configurations and file locations earlier in this topic.
If the partition that contains a database file has failed and the database has
become unusable, but the partition that contains the transaction log is still
available, you can back up the transaction log for that database. This can be
the last backup in your back-up set. When you restore, this transaction log
backup, made after the failure, will be the last restored backup. If all
transaction log backups in the back-up set are restored successfully, you will
have restored all the committed (100 percent successful) transactions up to
the moment of the failure. This limits the data loss.
When the database files and transaction log files are on separate sets of
disks, performance is optimized. Transaction log files can be write-intensive
during periods when a lot of data is being added, changed, or removed from
the application.
For example, you have a server wherein drive C is the system partition (the
drive where the Windows and program file folders are located).The Windows
pagefile is also located on drive C. Drives D and E are RAID-5 partitions on
separate sets of physical disks. Select the partitioning scheme for the
database files that will give you the combination of performance and disk
fault tolerance that you want. Drive D contains only data files for one or more
databases, and drive E contains only log files for one or more databases. If
you verify that performance will decrease because one database will have
much more hard disk activity than other databases, you should put them all
on separate sets of disks. If you estimate that data will significantly grow over
time, make sure drive D has at least 100 gigabytes (GB) available for the
database files. Because the log files will be truncated every time that a
transaction-log backup is performed, make sure drive E has at least 10 GB
available. Specify the location of the database file to be on drive D and the
transaction log file to be on drive E when you create the database.
Note
It is best to dedicate a partition to SQL Server data files. We
recommend that you do not put a data file on the same partition as a
Windows pagefile because of the degree of fragmentation that will
occur.
84
By default, the directory where all database files and transaction log files are
located is \Program Files\SQL
Server\MSSQL<ver>.MSSQLSERVER\MSSQL\Data. When you run Microsoft
SQL Server Setup, you can specify a different location as the default location
for data files. The data file location is the root directory where Microsoft SQL
Server Setup creates the folders that contain database and log files, in
addition to directories for the System log, back-up, and replication data.
Microsoft SQL Server Setup creates database and log files for the master,
model, tempdb, and msdb databases. If you are selecting different locations
for each file in the application, you do not have to change the default setting.
Note
Data files cannot be installed on a file system that uses compression.
Specifying file paths

Because you can install multiple instances of SQL Server on one computer, an
instance name is used in addition to the user-specified location for program
and data files. For tools and other shared files, instance names are not
required.
Default-instance file path for program and data files

For the default instance of SQL Server, the default SQL Server directory name
(MSSQL.10) is used as the default instance name, with the directory that you
specify.
For example, if you specify the SQL Server default instance to be installed on
D:\MySqlDir, the file paths are as follows:
D:\MySqlDir\MSSQL<ver>.MSSQLSERVER\MSSQL\Binn (for program files)
D:\MySqlDir\MSSQL<ver>.MSSQLSERVER\MSSQL\Data (for data files)
Note
The program and data file locations can be changed, depending on the
drive configuration of the computer that is running SQL Server.
Microsoft Dynamics CRM database

renaming considerations
As described earlier, a Microsoft Dynamics CRM deployment contains the
following databases:
85
A single MSCRM_CONFIG database
One or more (for multi-tenant deployments) ORGANIZATIONNAME_MSCRM databases
The configuration database, MSCRM_CONFIG, cannot be renamed. If the

MSCRM_CONFIG database is renamed, the Microsoft Dynamics CRM system
will not function correctly.
Organization databases, OrganizationName_MSCRM, can be renamed by
following the guidelines and considerations described here.
Organization database names

Microsoft Dynamics CRM organization databases use both a display and a
unique name.
Display name. This is the name that appears in the Microsoft Dynamics CRM application, such as the
upper-right corner of the main application screen. The display name can contain spaces and be up to
250 characters long.
Unique name. This is the name that is used to create the URL to connect to the application and is
appended with _MSCRM. It is also the physical name of the database as it appears in SQL Server
applications, such as Microsoft SQL Server Management Studio. This name cannot contain spaces and
cannot be more than 30 characters long.
Organization database renaming

The display name may be changed by using the Edit Organization Wizard in
Deployment Manager. The basic steps are to disable the organization, and
then run the Edit Organization Wizard. For more information, see the
Deployment Manager Help.
Although we do not recommend it, you can change the name of an
organizations unique database name (ORGANIZATIONNAME_MSCRM). To change
the database unique name, follow these steps:
Warning
Renaming the unique database name for an organization has not been
fully tested by Microsoft and may cause unexpected results. We cannot
guarantee that problems caused by performing this procedure can be
resolved. Rename the organization database unique name at your own
risk.
Important
86
Before you start the following procedure, take a full back up of the
organization database that you want to rename.
The following steps require you to already have a functioning organization
database that was created by Microsoft Dynamics CRM Server Setup or
imported by a supported Microsoft Dynamics CRM method.
1.
Restore the backup of the organization database to your SQL Server that uses the name that you want
and that is supported by SQL Server.
2.
Import the renamed organization database to your existing Microsoft Dynamics CRM deployment by
using the Import Organization Wizard in Deployment Manager.
3.
During the import, enter into the organization database a display name and unique name that are
unrelated to the original database name.
4.
Follow the instructions on your screen to complete the import.
5.
Ensure that Microsoft Dynamics CRM users have the new URL that will be created as a result of the
organization rename.
SQL Server transparent data encryption

The Microsoft SQL Server Transparent Data Encryption feature is supported
for use with Microsoft Dynamics CRM. However, based on test results
conducted internally, using this feature can cause a decrease in overall
performance of approximately 10% when run against a compressed database
with the same workload.
See Also

For more information about how to plan for and install SQL Server, see the
following resources:
Microsoft SQL Server Web site
SQL Server Books Online
Microsoft SQL Server Solution Center
87
See Also
Planning requirements for Microsoft

The Microsoft Dynamics CRM Reporting Extensions are data processing
extensions that are installed on the Microsoft SQL Server Reporting Services
server. Microsoft Dynamics CRM Reporting Extensions accept the
authentication information from the Microsoft Dynamics CRM Server 2013
and passes it to the Microsoft SQL Server Reporting Services server. Microsoft
Dynamics CRM Reporting Extensions Setup includes Fetch data processing
extension and SQL data processing extension.
The Microsoft Dynamics CRM Reporting Extensions are required for all major
reporting tasks in Microsoft Dynamics CRM such as, working with default (outof-box) Microsoft Dynamics CRM reports, uploading custom reports, creating
Report Wizard reports, or scheduling reports. Microsoft Dynamics CRM
Reporting Extensions must also be installed before you import or provision
new organizations.
The Microsoft Dynamics CRM Reporting Extensions Setup does the following:
1.
Installs Fetch data processing extensionand SQL data processing extension on the Microsoft SQL
Server Reporting Services server.
2.
Installs custom assemblies used by default reports and wizard reports on Microsoft SQL Server
Reporting Services server.
3.
Creates default reports (SQL-based) for the default organization both on Microsoft Dynamics CRM
Server 2013 and Microsoft SQL Server Reporting Services server.
The following table explains what reporting options will be available to you if
you install Microsoft Dynamics CRM Reporting Extensions.
What reports will work?
Installed?
Default reports
Custom SQL-base
No
Clean installation:
88
Cannot be sch
Yes
Will not be available.
Will be published for the default organization.
Can be uploade
Important
Microsoft Dynamics CRM Reporting Extensions should not be installed
on an instance of Microsoft SQL Server Reporting Services that is
running under an account that is a member of the SQL Access Group.
This can occur when Microsoft SQL Server Reporting Services is
running under the same account as a Microsoft Dynamics CRM Server
2013 component. This configuration can make the system vulnerable
to certain attacks. During installation, Setup detects this scenario. You
can click Help for information about how to work around the issue.
Note that when you install Microsoft Dynamics CRM Reporting Extensions,
you have the option of installing the component on a different server that is
running Reporting Services. Therefore, by isolating Microsoft Dynamics CRM
Reporting Extensions on a separate instance of SQL Server, which does not
store the Microsoft Dynamics CRM databases, report performance may be
improved.
Microsoft Dynamics CRM Reporting

Extensions requirements
Microsoft Dynamics CRM Reporting Extensions has the following
requirements:
You must complete Microsoft Dynamics CRM Server Setup before you run the Microsoft Dynamics
CRM Reporting Extensions Setup.
You must run the Microsoft Dynamics CRM Reporting Extensions Setup on a computer that has
Microsoft SQL Server 2008 Reporting Services installed. For smaller data sets and fewer users, you
can use either a single-server deployment, or a multiple-server deployment with one computer that is
running SQL Server for Microsoft Dynamics CRM, and another server for Microsoft SQL Server
Reporting Services. With larger datasets or more users, performance will decrease quickly when
complex reports are run.
See Also
89
Can be upload
Dynamics CR
are installed o
Delegation is c

versions of Microsoft Dynamics CRM 2013. To use the Microsoft Dynamics
CRM email routing and tracking features, you must use one or both of the
following software components to integrate your email system with your
Microsoft Dynamics CRM deployment:
The Email Router provides centrally managed email routing for users, queues, and forward mailboxes.
This is frequently the better option for on-premises, partner-hosted Microsoft Dynamics CRM, and
some Microsoft Dynamics CRM Online deployments. With this method, email is routed to Microsoft
Dynamics CRM regardless of whether the recipient is logged on.
Microsoft Dynamics CRM for Microsoft Office Outlook provides email routing capabilities on a single
user basis. This doesnt require the Email Router, and is frequently the better option for smaller
organizations that dont have a full-time IT staff, or for organizations that use Microsoft Dynamics
CRM Online. With this method, the actual email routing for each user occurs only while the user is
logged on. If Microsoft Outlook isnt running, email messages arent processed until Microsoft
Outlook is started again.
Important
If your organization uses email queues, you must use the Email Router.
Queues arent supported in CRM for Outlook.
Microsoft Dynamics CRM Server 2013 can operate without Microsoft
Exchange Server or a POP3 server. However, you wont have Microsoft
Dynamics CRM incoming email tracking capabilities. Also, Microsoft
Dynamics CRM Server 2013 can operate without an SMTP server.
However, you wont have Microsoft Dynamics CRM outgoing email
capabilities.
Depending on your requirements, you may want to implement a solution that
uses both the Email Router and CRM for Outlook. For example, if your
Microsoft Dynamics CRM deployment hosts multiple organizations, or a single
organization that has users who have varying needs, you may want to
configure some users for the CRM for Outlook email routing method, and
configure other users and queues for the Email Router.
See Also
90
Microsoft Dynamics CRM Email Router

The Email Router is an optional interface component that integrates your
email system with Microsoft Dynamics CRM, and routes qualified email
messages to and from your Microsoft Dynamics CRM organization. This
section provides guidelines for analyzing your organizations requirements for
integrating email with Microsoft Dynamics CRM, and outlines the things to
consider when you plan, install, and configure an Email Router deployment.
The Email Router enables you to configure an interface between your
Microsoft Dynamics CRM deployment and one or more servers running
Exchange Server, Exchange Online accounts, or POP3 servers, for incoming
email. For outgoing email, one or more SMTP servers, Exchange Web Services
(EWS), or Exchange Online accounts are supported. Email messages come
into the Microsoft Dynamics CRM system through the Email Router. For more
information, see Microsoft Dynamics CRM 2013 Email Router software requirements
in this guide.
Important
Although it is supported, we do not recommend that you install the
Email Router on a computer that is running Microsoft Exchange Server.
Note
You can deploy and run the Email Router on multiple computers in a
Microsoft cluster to provide high availability and failover functionality.
For more information, see Install E-mail Router on multiple
computers in the Installing Guide.
After you install the Email Router, you must run the Email Router
Configuration Manager, an application that is installed during Microsoft
Dynamics CRM Email Router Setup. You can use the Email Router
Configuration Manager to configure the following:
One or more incoming profiles. An incoming profile contains the information about the email systems
that will be used to process incoming email messages.
One or more outgoing profiles. An outgoing profile contains the information about the email systems
that will be used to process outgoing email messages.
One or more deployments. The Deployments area contains information about the Microsoft Dynamics
CRM deployment and maps to an incoming and outgoing profile.
91
Users, queues, and forward mailboxes. This area contains information about each user that will use the
Email Router for email tracking. You can also configure email routing for queues and define a forward
mailbox.
For more information about the Email Router Configuration Manager, see the
following resources:
Microsoft Dynamics CRM E-mail Router Installation Instructions in the Installing Guide
Email Router Configuration Manager Help
Email systems
The Email Router can connect to one or more email servers running Microsoft
Exchange Server or Exchange Online. The Email Router can also connect to
POP3-compliant servers to provide incoming email routing. For outgoing
email, you can use SMTP and EWS (Exchange Online only). For more
information about the email server versions and protocols that Microsoft
Dynamics CRM supports, see Microsoft Dynamics CRM 2013 Email Router software
requirements in this guide.
Exchange Server is an enterprise messaging system with the versatility to
support various organizations. As with Active Directory and Microsoft
Dynamics CRM, Exchange Server requires planning before it is deployed.
Many documents are available from Microsoft that explain how to plan,
deploy, and operate Exchange Server. For more information, see Additional
resources for Exchange Server in this guide.
Network topology and email traffic

The overall requirements to deploy and configure an effective Microsoft
Dynamics CRM email solution for a small business are similar to those of a
large enterprise. However, a small business might not have an IT department.
As you plan your email solution, consider the details of your particular IT
environment, such as who is responsible for network administration, what is
allowed for Email Router placement, use of forward mailbox and forwarding
rules.
To optimize performance, carefully consider the size, complexity, and
geographical distribution of your network. The location of your email servers,
the number of users who will route email to and from Microsoft Dynamics
CRM, expected traffic levels, and the frequency and size of attachments
should help guide your decisions.
92
For example, an international enterprise-level Microsoft Dynamics CRM

deployment might have user and queue mailboxes in multiple sites, regions,
or countries. Such a deployment may accommodate multiple Microsoft
Dynamics CRM organizations and multiple email server configurations. The
email servers might be located inside or outside the corporate domain,
separated by firewalls.
A small business deployment, on the other hand, will typically have a
relatively small number of users and significantly less email traffic.
Frequently, there will be no full-time IT department to configure and maintain
an Email Router deployment.
Avoid mailbox storage problems

Every organization has its own unique requirements for email message
routing and storage. To avoid problems that can result from overtaxing your
system's storage capacity, consider the following when you plan an Email
Router deployment:
All email messages
Email messages in response to CRM email
Email messages from CRM Leads, Contacts, and Accounts
Email messages from Microsoft Dynamics CRM records that are email enabled
For more information, see E-mail message filtering and correlation in this guide.
What storage quotas should be applied to each mailbox? For more information about how to apply
mailbox storage quotas and managing automated messages that are sent to mailbox owners when their
size limit is exceeded, see the documentation for your email system.
How long should email messages be stored? For more information about automatically archiving or
deleting email messages, see the documentation for your email system.
Like CRM for Outlook, the Microsoft Dynamics CRM Online Email Router lets
you track CRM-related information automatically. The email tracking
functionality in the Email Router operates in the manner described in the CRM
for Outlook section. The Email Router also lets you send and receive emails
through CRM Online.
See Also
E-mail message filtering and correlation
93
E-mail message filtering and

correlation
versions of Microsoft Dynamics CRM 2013. The Email Router can
automatically create e-mail activities in Microsoft Dynamics CRM, which are
based on received e-mail messages. This type of automation is known as email message tracking. Users can select a filtering option that determines
what e-mail messages will be tracked in Microsoft Dynamics CRM. Filtering is
set on the E-mail tab of the Set Personal Options dialog box in the
Microsoft Dynamics CRM client applications. The user filtering options are as
follows:
All e-mail messages. All e-mail messages that are received by the user will have activities created.
E-mail messages in response to CRM e-mail. Only the replies to an e-mail message that is already
tracked will be saved as e-mail activities. This option uses smart matching to relate e-mail messages to
activities.
E-mail messages from CRM Leads, Contacts, and Accounts. Only e-mail messages sent from leads,
contacts, and accounts that exist in the Microsoft Dynamics CRM database are saved as activities.
E-mail messages from Microsoft Dynamics CRM records that are e-mail enabled. E-mail
messages are tracked from any record type, including customized record types, that contain an e-mail
address.
By default, the E-mail messages in response to CRM e-mail option is

enabled. Correlation occurs after an e-mail message is filtered. System
administrators can turn off all message tracking for a particular user by
setting the E-mail Access Type - Incoming value to None on the General
tab on the User form.
Microsoft Dynamics CRM 2013 tracking

tokens
Tracking tokens increase the probability for e-mail identification and
matching. You can use the tracking token feature to improve e-mail message
tracking. A tracking token is an alphanumeric string generated by Microsoft
Dynamics CRM and appended to the end of an e-mail subject line. It matches
e-mail activities with e-mail messages.
You can turn tacking tokens on or off, and configure them to be unique for a
specific Microsoft Dynamics CRM organization. This means that a company
with a deployment that has multiple Microsoft Dynamics CRM organizations
94
(such as for a large conglomerate), can configure tracking tokens that are
unique to each deployment. To configure tracking tokens, do the following:
1.
On the nav bar, click or tap Microsoft Dynamics CRM > Settings. Then click or tap Administration
> System Settings.
2.
Click the E-mail tab.
Tracking tokens add an additional correlation component to smart matching.

When Microsoft Dynamics CRM generates an outgoing e-mail activity, a
resulting e-mail response arriving in the Microsoft Dynamics CRM system is
then correlated to the originating activity.
By default, for new installations of Microsoft Dynamics CRM 2013, Microsoft
Dynamics CRM 2011, and upgraded Microsoft Dynamics CRM 4.0
organizations, the tracking token feature is turned on. The following figure
and table show a tracking token and the parts that make up a tracking token.
Tracking token structure

The following table lists tracking-token parts and descriptions.
Part
Description
Prefix
Configurable. Default value = CRM. This

can be unique for an organization or for a
particular Microsoft Dynamics CRM
deployment in an organization with
multiple Microsoft Dynamics CRM
deployments. We recommend that
different Microsoft Dynamics CRM
deployments use unique prefixes.
Online-offline designator
Not configurable. One digit. 0 for Online. 1

95
for Offline. This part indicates if the user

was online or offline when the e-mail
activity was created.
ID
Configurable. Default range is three (3)

digits. This is a numeric identifier for the
Microsoft Dynamics CRM user who
generated the e-mail activity.
Number
Configurable. Default range is four (4)

digits. This is a numeric identifier for the email activity (not the individual messages
that the activity contains). If you configure
Microsoft Dynamics CRM to generate a
token with a four-digit number, it will
increment the number through 9999, and
then restart the number at 0000. You can
use a larger order of digits to reduce the
possibility of assigning duplicate tokens to
active e-mail threads.
For more information about how to configure the tracking token, see the
Microsoft Dynamics CRM Help.
Smart matching
When an incoming e-mail message is processed by the Email Router, the
system extracts information that is associated with the e-mail message
subject, sender address, and recipient's addresses that link the e-mail activity
to other Microsoft Dynamics CRM records. This correlation process, also
known as smart matching, uses the following criteria to match received email message information to e-mail activities:
Subject matching. Prefixes, such as RE: or Re:, and letter case are ignored. For example, e-mail
message subjects with RE: HELLO and HELLO would be considered a match.
Sender and recipient matching. The system calculates the number of exact sender and recipient email addresses in common.
When the matching process is complete, the system selects the owner and
the object of the incoming e-mail message.
By default, smart matching is turned on for new installations of Microsoft
Dynamics CRM Server 2013 and Microsoft Dynamics CRM Server 2011, and
96
for installations of Microsoft Dynamics CRM Server 2011 that have been
upgraded from Microsoft Dynamics CRM 4.0 Server.
Note
You can disable, enable, and tune smart-matching settings in the
System Settings area of the Microsoft Dynamics CRM application.
See Also
Forward mailbox vs. individual mailboxes
System Settings dialog box - Email tab
Forward mailbox vs. individual

mailboxes
versions of Microsoft Dynamics CRM 2013. For incoming e-mail messages,
you can configure the Email Router to monitor either of the following:
A forward mailbox, also known as a sink mailbox
Each user's or queue's mailbox
Important
If your e-mail system does not allow rules where an e-mail message
can be forwarded as an attachment, you must select Individual
Mailbox Monitoring during Microsoft Dynamics CRM Email Router
Setup. If you are using Microsoft Exchange Server, we recommend that
you select Forward Mailbox Monitoring.
Configuring the Email Router to use a forward mailbox gives Microsoft
Dynamics CRM one central mailbox to monitor, instead of monitoring the
mailbox of each user who needs Microsoft Dynamics CRM e-mail capabilities.
Organizations that have to monitor a large number of mailboxes should
consider using a forward mailbox to reduce the administrative effort.
Monitoring many mailboxes can sometimes require maintaining access
credentials in many incoming configuration profiles. For more information,
97
see Access credentials in Configure the E-mail Router in the Installing

Guide.
By using a forward mailbox, you shift the administrative effort to the task of
deploying a server-side forwarding rule to each user mailbox. The forwarding
rule forwards all incoming e-mail messages as attachments to the centralized
forward mailbox. For Exchange Server only, you can use the Rule Deployment
Wizard (installed with the Email Router) to deploy forwarding rules. This can
significantly reduce administration and maintenance requirements because
the Rule Deployment Wizard can deploy forwarding rules to multiple Microsoft
Dynamics CRM users at the same time.
Important
To use a forward mailbox with a Microsoft Dynamics CRM deployment
that interfaces with a POP3-compliant e-mail system, the e-mail system
must be able to forward e-mail messages as attachments. Also, for
POP3 e-mail servers and Exchange Online, you cannot use the Rule
Deployment Wizard. Instead, you must create the rules manually. For
instructions, see Create the rule manually in Configure the E-mail
Router in the Installing Guide.
You can configure users and queues in different ways within the same
Microsoft Dynamics CRM deployment. For example, you may want to
configure some user or queue mailboxes to be monitored directly on one email server, and configure others to use a forward mailbox on a different email server.
Forward mailbox monitoring

When you use forward mailbox monitoring, incoming messages are processed
by Microsoft Exchange Server or the POP3 server and the Email Router in the
following sequence:
1.
A message is received by a Microsoft Dynamics CRM user or queue mailbox, on either the Exchange
Server or the POP3 server.
2.
A rule in the user's mailbox sends a copy of the message to the Microsoft Dynamics CRM forward
mailbox.
3.
The Email Router retrieves the message from the Microsoft Dynamics CRM forward mailbox and
sends it to the computer that is running Microsoft Dynamics CRM Server 2013.
98
See Also
E-mail message filtering and correlation
Microsoft Dynamics CRM user options

versions of Microsoft Dynamics CRM 2013. This section describes the options
available in Microsoft Dynamics CRM user records for sending and receiving
e-mail messages.
Incoming e-mail messaging options

The available incoming e-mail configurations that you can use when a user or
a queue receives Microsoft Dynamics CRM e-mail messages are as follows:
None. Use this option for users or queues that do not use Microsoft Dynamics CRM to track received
e-mail messages.
Microsoft Dynamics CRM for Outlook. This option is available for users and requires that Microsoft
Office Outlook be installed on the user's computer. This option does not require the Email Router
component and is not available for queues.
Server-Side Synchronization or E-mail Router. When you select this option, the server-side
synchronization or Email Router will process Microsoft Dynamics CRM e-mail messages directly
from the user's or queue's inbox, without using a forward or a sink mailbox. Although this option does
not require a sink mailbox, it does make troubleshooting server-side synchronization or Email Router
issues more complex for larger user bases (10 or more users) because each incoming e-mail message is
processed by the server-side synchronization or Email Router in every user's mailbox instead of in a
single dedicated mailbox.
Forward Mailbox. To use this option, you must install the Email Router. This option requires a sink
mailbox, which is a dedicated mailbox that collects e-mail messages transferred from each Microsoft
Dynamics CRM user's mailbox by a server-side rule. Although this option does not require users to run
Microsoft Outlook, it does require that the rule be deployed for each user. You use the Rule
Deployment Wizard to deploy rules to each Microsoft Dynamics CRM user mailbox.
Outgoing e-mail messaging options

The available outgoing e-mail configurations that you can use when users or
queues send Microsoft Dynamics CRM e-mail messages are as follows:
None. Use this option for users or queues that do not use Microsoft Dynamics CRM to send e-mail
messages.
99
Microsoft Dynamics CRM for Outlook. This option is available for users and requires that Microsoft
Office Outlook be installed on the user's computer. This option does not require the Email Router
component and is not available for queues.
Server-Side Synchronization or E-mail Router. This option delivers Microsoft Dynamics CRM email messages by using the server-side synchronization or Email Router component. The e-mail
system must be SMTP-compliant. The server-side synchronization or Email Router can be installed on
the SMTP server or on a different computer that has a connection to the SMTP server.
See Also
Forward mailbox vs. individual mailboxes
Additional resources for Exchange Server
Additional resources for Exchange

Server
For more information about how to plan to install Microsoft Exchange Server
2007, see the following:
Exchange Server 2007 Planning
For more information about how to plan to install Microsoft Exchange Server
2010, see the following:
Planning for Exchange 2010
See Also
Dynamics CRM 2013
Operating system and platform

technology security considerations
for Microsoft Dynamics CRM 2013
In the broadest sense, security involves planning and considering tradeoffs
between threats and access. For example, a computer can be locked in a
vault and available only to one system administrator. This computer may be
100
secure, but it is not very usable because it is not connected to any other
computer. If your business users need access to the Internet and your
corporate intranet, you must consider how to make the network both secure
and usable.
The following sections contain links to information about how you can make
your computing environment more secure. Ultimately, Microsoft Dynamics
CRM data security largely depends on the security of the operating system
and the required and optional software components.
In This Topic
Securing Windows Server
Securing SQL Server
Securing Exchange Server and Outlook
Securing mobile devices
Securing Windows Server

Windows Server, the foundation of Microsoft Dynamics CRM, provides
sophisticated network security. The Kerberos version-5 authentication
protocol that is integrated into Active Directory and Active Directory
Federation Services (AD FS) allows you to federate Active Directory domains
by using claims-based authentication. Both give you powerful standardsbased authentication. These authentication standards let users input a single
user name and password logon combination for resource access across the
network. Windows Server also includes several features that help make the
network more secure.
The following links take you to information about these features. You can
learn how to help make your deployment of Windows Server more secure:
Windows Server 2012
Secure Windows Server 2012
Windows Server 2012 Security Baseline
Windows Server 2008
Secure Windows Server
101
Windows Server 2008 Security Guide
Windows Server 2008 R2 Security Baseline and Windows Server 2008 Security Baseline
Windows error reporting

Microsoft Dynamics CRM requires the Windows Error Reporting (WER) service,
which Setup will install if it is missing. The WER service collects information,
such as IP addresses. These are not used to identify users. The WER service
does not intentionally collect names, addresses, e-mail addresses, computer
names, or any other form of personally identifying information. It is possible
that such information may be captured in memory or in the data collected
from open files, but Microsoft does not use it to identify users. In addition,
some information that is transmitted between the Microsoft Dynamics CRM
application and Microsoft may not be secure. For more information about the
type of information that is transmitted, see Privacy statement for the Microsoft
Error Reporting Service.
Important
By default, automatic error reporting is not enabled in Microsoft
Dynamics CRM. For more information about how to enable automatic
error reporting for Microsoft Dynamics CRM, see Enable Windows
Error Reporting.
Virus, malware, and identity protection

To help protect your identity and your system against malware or viruses, see
the following resources:
Microsoft Security. This page is an entry point for tips, training, and guidance about how to keep your
computer up-to-date and prevent your computer from being susceptible to exploitation, spyware, and
viruses.
Security TechCenter. This page has links to technical bulletins, advisories, updates, tools, and guidance
designed to make computers and applications up-to-date and more secure.
Update management
Microsoft Dynamics CRM updates include security, performance, and
functional improvements. Making sure that your Microsoft Dynamics CRM
applications have the latest updates helps make sure that your system is
running as efficiently and reliably as it can.
For information about how to manage updates, see the following:
Windows Server Update Services
102
Update Management in System Center Essentials
Managing Software Updates in Windows Small Business Server 2008
Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New
Generation of WSUS
Securing SQL Server

Because Microsoft Dynamics CRM relies on SQL Server, make sure that you
take the following measures to improve the security of your SQL Server
database:
Make sure that the latest operating system and SQL Server service packs (SP) and updates are applied.
Check the Microsoft Security Web site for the latest details.
Make sure that all SQL Server data and system files are installed on NTFS partitions for file systemlevel security. You should make the files available only to administrative or system-level users through
NTFS permissions. This helps to safeguard against users who access those files when the
MSSQLSERVER service is not running.
Use a low-privilege domain account. Or, you can specify the Network Service or the Local System
Account for SQL Server services. However, we do not recommend that you use these accounts because
Domain User accounts can be configured with less permission to run the SQL Server services. The
Domain User account should have minimal rights in the domain and should help contain (but will not
stop) an attack on the server if there is a compromise. In other words, this account should have only
local user-level permissions in the domain. If SQL Server is installed by using a Domain Administrator
account to run the services, a compromise of SQL Server will lead to a compromise of the entire
domain. If you have to change this setting, use SQL Server Management Studio to make the change,
because the access control lists (ACLs) on files, the registry, and user rights will be changed
automatically.
SQL Server authenticates users who have either Windows Authentication or SQL Server credentials.
We recommend that you use Windows Authentication for single sign-on ease of use and to provide the
most secure authentication method.
By default, the auditing of the SQL Server system is disabled so that no conditions are audited. This
makes intrusion detection difficult and aids attackers with covering their tracks. At a minimum, you
should enable auditing of failed logins.
Report Server administrators can enable RDL Sandboxing to restrict access to the Report Server. More
information: Enabling and Disabling RDL Sandboxing
Each SQL login is configured to use the master database as the default database. Although users should
not have rights to the master database, as a best practice, you should change the default for every SQL
login (except those with the SYSADMIN role) to use OrganizationName_MSCRM as the default
database. More information: Securing SQL Server
103
Securing Exchange Server and Outlook

The following considerations are for Microsoft Exchange Server, and some are
specific to Exchange Server in a Microsoft Dynamics CRM environment:
Exchange Server contains a rich series of mechanisms for precise administrative control of its
infrastructure. In particular, you can use administrative groups to collect Exchange Server objects, such
as servers, connectors, or policies, and then modify the ACLs on those administrative groups to make
sure that only certain users can access them. You may, for example, want to give Microsoft Dynamics
CRM administrators some control over servers that directly affect their applications. When you
implement efficient use of administrative groups, you can make sure that you give Microsoft Dynamics
CRM administrators only the rights that they require to perform their jobs.
Frequently, you may find it convenient to create a separate organizational unit (OU) for Microsoft
Dynamics CRM users, and give Microsoft Dynamics CRM administrators limited administrative rights
over that OU. They can make the change for any user in that OU, but not for any user outside it.
You should make sure that you adequately protect against unauthorized e-mail relay. E-mail relay is a
feature that lets an SMTP client use an SMTP server to forward e-mail messages to a remote domain.
By default, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft
Exchange Server 2010 are configured to prevent e-mail relay. The settings that you configure will
depend on your message flow and configuration of your Internet service provider's (ISP) e-mail server.
However, the best way to approach this problem is to lock down your e-mail relay settings and then
gradually open them to allow e-mail to flow successfully. For more information, see the Exchange
Server Help.
If you use forward mailbox monitoring, the Email Router requires an Exchange Server or POP3compliant mailbox. We recommend that the permission on this mailbox be set to prevent other users
from adding server-side rules. For more information about Exchange Server mailboxes, see Mailbox
Permissions.
The Microsoft Dynamics CRM Email Router service operates under the Local System Account. This
enables the Email Router to access a specified user's mailbox and process e-mail in that mailbox.
For more information about how to make Exchange Server more secure, see
the following:
Microsoft Exchange Server 2013 or Microsoft Exchange Server 2010, see the Deployment Security
Checklist.
Microsoft Exchange Server 2007, see Security and Protection.
Securing mobile devices

As organizations move to support an increasingly mobile workforce, strong
security remains essential. The following resources provide information and
best practices for mobile devices, such as smartphones and tablets:
104
How to Manage Mobile Devices by Using Configuration Manager and Windows Intune
Windows Phone for business
Security Considerations (Microsoft Surface)
iOS in Business (iPad and iPhone)
See Also
Security considerations for Microsoft

Dynamics CRM 2013
Microsoft Dynamics CRM 2013 introduces several improvements that help
make your deployment more secure. This section provides information and
best practices for the Microsoft Dynamics CRM application. For more
information, see Overview of security for Microsoft Dynamics CRM.
In This Topic
Minimum permissions required for Microsoft Dynamics CRM Setup and services
What kind of service account should I choose?
Microsoft Dynamics CRM installation files
Minimum permissions required for

Microsoft Dynamics CRM Setup and
services
Microsoft Dynamics CRM is designed so that its features can run under
separate identities. By specifying a domain user account that is granted only
the permissions necessary to enable a particular feature to function, you help
secure the system and reduce the likelihood of exploitation.
This topic describes the minimum permissions that are required by the user
account for Microsoft Dynamics CRM services and features.
105
Microsoft Dynamics CRM Server Setup

The user account used to run Microsoft Dynamics CRM Server Setup that
includes the creation of databases requires the following minimum
permissions:
Be a member of the Active Directory Domain Users group. By default, Active Directory Users and
Computers adds new users to the Domain Users group.
Be a member of the Administrators group on the local computer where Setup is running.
Have Local Program Files folder read and write permission.
Be a member of the Administrators group on the local computer where the instance of SQL Server is
located that will be used to store the Microsoft Dynamics CRM databases.
Have sysadmin membership on the instance of SQL Server that will be used to store the Microsoft
Dynamics CRM databases.
Have organization and security group creation permission in Active Directory. Alternatively, you can
use a Setup XML configuration file to install Microsoft Dynamics CRM Server 2013 when security
groups have already been created. For more information, see Use the Command Prompt to Install
Microsoft Dynamics CRM in the Installing Guide.
If Microsoft SQL Server Reporting Services is installed on a different server, you must add the Content
Manager role at the root level for the installing user account. You must also add the System
Administrator Role at the site-wide level for the installing user account.
Services and CRMAppPool IIS application pool identity

permissions
The user account that is used for the Microsoft Dynamics CRM services and
IIS application pools require the following permissions:
Important
Microsoft Dynamics CRM services and application pool (CRMAppPool) identity accounts must not be
configured as a Microsoft Dynamics CRM user. Doing so can cause authentication issues and
unexpected behavior in the application for all Microsoft Dynamics CRM users. For more information,
see Problems in CRM when the CRMAppPool user account is a CRM user.
Managed service accounts, introduced in Windows Server 2008 R2, arent supported for running
Microsoft Dynamics CRM services.
Microsoft Dynamics CRM Sandbox Processing Service
Domain Users membership.
That account must be granted the Logon as service permission in the Local Security Policy.
106
Folder read and write permission on the Trace, by default located under \Program Files\Microsoft
Dynamics CRM\Trace, and user account %AppData% folders on the local computer.
Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM subkey in

the Windows registry.
The service account may need an SPN for the URL used to access the website that is associated with it.
To set the SPN for the Sandbox Processing Service account, run the following command at a command
prompt on the computer where the service is running.
SETSPN a MSCRMSandboxService/<ComputerName> <service account>
Microsoft Dynamics CRM Asynchronous Processing Service and

Microsoft Dynamics CRM Asynchronous Processing Service
(maintenance) services
PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and
appropriate membership is granted during Microsoft Dynamics CRM Server Setup.
Performance Log Users membership.
Folder read and write permission on the Trace folder, by default located under \Program
Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.
Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService subkeys
in the Windows registry.
To set the SPN for the Asynchronous Service account, run the following command at a command
prompt on the computer where the service is running.
SETSPN a MSCRMAsyncService/<ComputerName> <service account>
Microsoft Dynamics CRM Monitoring Service
Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
SQLAccessGroup membership. By default, this group is created and appropriate membership is

granted during Microsoft Dynamics CRM Server Setup.
107
Microsoft Dynamics CRM VSS Writer service
Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM
Deployment Web Service (CRMDeploymentServiceAppPool

Application Pool identity)
Local administrator group membership is required to perform organization database operations (such
as create new or import organization) only if the following conditions are true:
The Microsoft SQL Server specified for the organization database is on the same computer as the
Deployment Web Service server role.
The Web Application Server server role is running on the same computer as the Deployment Web
Service server role.
Local administrator group membership on the computer where the Deployment Web Service is
running.
Local administrator group membership on the computer where SQL Server is running.
Sysadmin permission on the instance of SQL Server to be used for the configuration and organization
databases.
Folder read and write permission on the Trace and CRMWeb folders, by default located under
\Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local
computer.

CRM_WPG group membership. This group is used for IIS worker processes. The group is created and
the membership is added during Microsoft Dynamics CRM Server Setup.
108
Application Service (CRMAppPool IIS Application Pool identity)
Member of the Active Directory Domain Users group.
Member of the Active Directory Performance Log Users group.
Folder read and write permission on the Trace and CRMWeb folders, by default located under
\Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local
computer.

CRM_WPG group membership. This group is used for IIS worker processes. The group is created and
the membership is added during Microsoft Dynamics CRM Server Setup.
IIS Application Pool identities running under Kernel-Mode

authentication and SPNs
By default, IIS 7.0 and IIS 7.5 websites are configured to use Kernel-Mode
authentication. When you run the Microsoft Dynamics CRM website by using
Kernel-Mode authentication, you might not need to configure additional
service principal names (SPNs) for the CRMAppPool identities.
To determine whether your IIS deployment requires SPNs, see Service Principal
Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5 .
What kind of service account should I

choose?
When you specify an identity to run a Microsoft Dynamics CRM service, you
can choose either a domain user account or the Network Service account.
If the service interacts with network services, accesses domain resources like
file shares or if it uses linked server connections to other computers, you can
use a minimally-privileged domain account. Many server-to-server activities
can be performed only with a domain user account and can provide the most
secure option. This account should be pre-created by domain administration
in your environment.
Note
109
When you configure a service to use a domain account, you can isolate
the privileges for the application, but must manually manage
passwords or create a custom solution for managing these passwords.
Many server applications use this strategy to enhance security, but this
strategy requires additional administration and complexity. In these
deployments, service administrators spend a considerable amount of
time on maintenance tasks such as managing service passwords and
service principal names (SPNs), which are required for Kerberos
authentication. In addition, these maintenance tasks can disrupt
service.
The Network Service account is a built-in account that has more access to
resources and objects than members of the Domain Users group. Services
that run as the Network Service account access network resources by using
the credentials of the computer account in the format
<domain_name>\<computer_name>$. The actual name of the account is NT
AUTHORITY\NETWORK SERVICE.
Microsoft Dynamics CRM installation files

If you plan to install Microsoft Dynamics CRM from a location on the network,
such as a network share, you must make sure that the correct permissions
are applied to the folder, preferably on an NTFS volume, where the
installation files are located. For example, you may want to allow only
members of the Domain Admins group permissions for the folder. This
practice can help to reduce the risk of attacks on the installation files that
may compromise or alter them. For more information about how to set
permissions on files and folders on the Windows operating system, see
Windows Help.
See Also
Microsoft Dynamics CRM 2013 server roles
Dynamics CRM 2013
Security best practices for Microsoft Dynamics CRM
Administration best practices for on-premises deployments of Microsoft Dynamics
CRM
Network ports for Microsoft Dynamics CRM
Known risks and vulnerabilities
110
Microsoft Dynamics CRM standards compliance and certification
Security best practices for Microsoft

Dynamics CRM
Internet Information Services (IIS) is a mature web service that is included
with Windows Server. Microsoft Dynamics CRM depends on an efficient and
secure IIS web service. Consider the following:
In the machine.config and web.config configuration files you can determine whether debugging is
enabled, and also if detailed error messages are sent to the client. You should make sure that debugging
is disabled on all production servers, and that a generic error message is sent to the client if a problem
occurs. This avoids unnecessary information about the web server configuration being sent to the
client.
For file system level security, we recommend that you install the IIS web root on an NTFS partition
that doesnt contain the operating system files. For example, C:\Inetpub is on a typical system
partition that contains operating system files, whereas D:\Inetpub is not.
Make sure that the latest operating system and IIS service packs and updates are applied. For the latest
information, see the Microsoft Security website.
Microsoft Dynamics CRM Server Setup creates application pools called CRMAppPool and
CRMDeploymentServiceAppPool that operate under user credentials that you specify during Setup.
To facilitate a least-privileged model, we recommend that you specify separate domain user accounts
for these application pools instead of using the Network Service account. Additionally, we recommend
that no other ASP.NET-connected application be installed under these application pools. For
information about the minimum permissions required for these components, see Minimum
permissions required for Microsoft Dynamics CRM Setup, services, and components in Security
considerations for Microsoft Dynamics CRM 2013 in this guide.
Important
All websites that are running on the same computer as the Microsoft Dynamics CRM website can also
have access to the CRM database.
If you use a domain user account, before you run Microsoft Dynamics CRM Server Setup, you may
need to verify that the service principal name (SPN) is set correctly for that account, and if necessary,
set the correct SPN. For more information about SPNs and how to set them, see How to use SPNs
when you configure Web applications that are hosted on IIS.
111
Service principal name management in

The service principal name (SPN) attribute is a multivalued, nonlinked
attribute that is built from the DNS host name. The SPN is used during mutual
authentication between the client and the server hosting a particular service.
The client finds a computer account based on the SPN of the service to which
it is trying to connect.
The Microsoft Dynamics CRM Server 2013 installer deploys role-specific
services and web application pools that operate under user credentials
specified during Setup. To review the complete list of these roles and their
permission requirements, see Minimum permissions required for Microsoft
Dynamics CRM Setup and services.
When you deploy a hosted Microsoft Dynamics CRM infrastructure, two of
these roles may require additional consideration:
Deployment Web Service
Application Service
In web farm scenarios, as is the case for a hosted offering, the

recommendation is to leave kernel-mode authentication enabled. In addition,
you should closely consider using separate domain user accounts to run
these services because:
Having separate service accounts for these server roles facilitates being able to implement hardware
load balancing.
The Deployment Web Service server role requires elevated permissions to provision organizations in
the CRM database. If you want to adhere to a least-privileged model, the safest approach for
implementing SPNs in a hosted Microsoft Dynamics CRM infrastructure involves having the
Deployment Web Service run under a different domain user account than the Application Service.
If you follow this suggestion to use separate domain accounts for these
server roles, you should check to make sure that the SPN is correct for each
account before you start Microsoft Dynamics CRM Server Setup. This will
make it easier for you to set the correct SPN when necessary.
If kernel-mode authentication is enabled, the SPNs will be defined for the
machine account, regardless of the specified service account. When you
implement a web farm, enable kernel-mode authentication and change the
local ApplicationHost.config file.
112
If application and deployment web services are running on the same system,
and kernel-mode authentication is disabled, you could configure both services
to run under the same domaikuser account to prevent duplicate SPN issues. If
you cant enable kernel-mode authentication, install the Application and
Deployment web services on separate systems. The SPNs may still need to be
created manually since kernel-mode authentication is disabled.
For more information about SPNs and how to set them, see Service Principal
Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5
See Also
Administration best practices for on-premises deployments of Microsoft Dynamics
CRM
Administration best practices for onpremises deployments of Microsoft

Dynamics CRM
By following some simple rules of administration, you can significantly
improve the security of your Microsoft Dynamics CRM on-premises
deployment.
Typically, there is no need for CRM users to have administrative privileges over the domain.
Therefore, all CRM user accounts should be restricted to Domain Users membership. Also, following
the principle of least-privilege, anyone who uses the CRM system should have minimal rights. This
starts at the domain level. A domain user account should be created and used to run CRM. Domain
Administrator accounts should never be used to run CRM.
Limit the number of Microsoft Dynamics CRM Deployment Administrator and System Administrator
roles to a few people who are responsible for rule changes. Others who are SQL Server, Microsoft
Exchange Server, or Active Directory administrators do not have to be members of the CRM users
group.
Make sure that at least two or three trusted people have the Deployment Administrator role. This
avoids system lockout if the primary Deployment Administrator is unavailable.
In some organizations it is a common practice to reuse passwords across systems and domains. For
example, an administrator responsible for two domains may create Domain Administrator accounts in
each domain that use the same password, and even set local administrator passwords on domain
computers that are the same across the domain. In such a case, a compromise of a single account or
computer could lead to a compromise of the entire domain. Passwords should never be reused in this
113
manner.
It is also common practice to use Domain Administrator accounts as service accounts for common
services such as back-up systems. However, it is a security risk to use Domain Administrator accounts
as service accounts. The password can easily be retrieved by anyone who has administrative rights
over the computer. In such a case, the compromise could affect the entire domain. Service accounts
should never be Domain Administrator accounts, and they should be limited in privilege as much as
possible.
A domain user account that is specified to run a Microsoft Dynamics CRM service must not also be
configured as a CRM user. This can cause unexpected behavior in the application.
See Also
Security best practices for Microsoft Dynamics CRM
Microsoft Dynamics CRM security model
Network ports for Microsoft Dynamics

CRM
This section describes the ports that are used for Microsoft Dynamics CRM.
This information is helpful as you configure the network when users connect
through a firewall.
In This Topic
Network ports for the Microsoft Dynamics CRM web application
Network ports for the Asynchronous Service, Web Application Server, and Sandbox
Processing Service server roles
Network ports for the Deployment Web Service server role
Network ports that are used by the SQL Server that runs the SQL Server and
Microsoft Dynamics CRM Reporting Extensions server roles
Network ports for the Microsoft Dynamics

CRM web application
The following table lists the ports used for a server that is running a Full
Server installation of Microsoft Dynamics CRM. Moreover, except for the
Microsoft SQL Server role, and the Microsoft Dynamics CRM Reporting
Extensions server role, all server roles are installed on the same computer.
114
Protocol
Port
Description
TCP
80
HTTP
TCP
135
MSRPC
TCP
139
NETBIOS-SSN
TCP
443
HTTPS
TCP
445
Microsoft-DS
UDP
123
NTP
UDP
137
NETBIOS-NS
UDP
138
NETBIOS-dgm
UDP
445
Microsoft-DS
UDP
1025
Blackjack
Important
Depending on your domain trust configuration, additional network
ports may need to be available for Microsoft Dynamics CRM to work
correctly. More information: How to configure a firewall for domains and
trusts
115
Network ports for the Asynchronous

Service, Web Application Server, and
Sandbox Processing Service server roles
The following table lists the additional ports that are used for a deployment
where the Sandbox Processing Service is running on a separate computer.
Protocol
Port
Description
Explanation
TCP
808
CRM server role communication
The Asynchronous Service and We

Service through this channel. The d
adding the DWORD registry value
HKEY_LOCAL_MACHINE\SOFTW
Network ports for the Deployment Web

Service server role
The following table lists the additional port that is used by the Deployment
Web Service server role.
Protocol
Port
Description
TCP
808
Used for Fetch-based rep
Network ports that are used by the SQL

Server that runs the SQL Server and
Microsoft Dynamics CRM Reporting
Extensions server roles
The following table lists the ports that are used for a computer that is running
SQL Server and has only SQL Server and the Microsoft Dynamics CRM
Reporting Extensions (SRS Data Connector) server roles installed.
116
Protocol
Port
Description
TCP
135
MSRPC
TCP
139
NETBIOS-SSN
TCP
445
Microsoft-DS
TCP
1433
ms-sql-s
UDP
123
NTP
UDP
137
NETBIOS-NS
UDP
138
NETBIOS-dgm
UDP
445
Microsoft-DS
UDP
1025
Blackjack
Important
In addition to the ports listed previously, UDP port 1434 (SQL Server
Browser Service) on the SQL Server is required by Microsoft Dynamics
CRM Server Setup to return a list of the computers that are running
SQL Server during the installation of Microsoft Dynamics CRM Server.
To work around this, specify the SQLSERVER\INSTANCENAME during Setup.
See Also
Microsoft Dynamics CRM security model

This topic describes the risks and vulnerabilities that may exist when you use
Microsoft Dynamics CRM. Mitigations and workarounds are also described
when applicable.
117
In This Topic
Risks when users connect to CRM over an unsecured network
Security recommendations on server role deployments
Anonymous authentication
Isolate the HelpServer role for Internet-facing deployments
Claims-based authentication issues and limitations
Secure the <notLocalizable
xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">web.config</notLoca
lizable> file
Outbound Internet calls from custom code executed by the Sandbox Processing
Service are enabled
Secure server-to-server communication
DNS rebinding attacks
Risks when users connect to CRM over an

unsecured network
Issues that can occur when you run Microsoft Dynamics CRM without using
Secure Sockets Layer (SSL) (HTTPS) are as follows:
Microsoft Dynamics CRM user provided data, including Visual chart definitions, can be altered over
an unsecured HTTP connection by using "man in the middle" type attacks. To mitigate this
vulnerability, configure Microsoft Dynamics CRM to only use SSL. For more information about how
to configure Microsoft Dynamics CRM Server 2013 to use SSL, see Make Microsoft Dynamics
CRM client-to-server network communications more secure.
Security recommendations on server role

deployments
The following recommendations can help make your Microsoft Dynamics CRM
deployment more reliable and secure.
Server role
Recommendation
Sandbox Processing Service
Install this role to a dedicated server on a

separate virtual LAN (VLAN) from other
118
computers that are running Microsoft

Dynamics CRM roles. Then, if there is a
malicious plug-in running in the sandbox
that exploits the computer, the network
isolation from a separate VLAN can help
protect other CRM resources from being
compromised.
Help Server
Install this role on a separate computer for

both IFD and internally-facing
deployments. For more information, see
Isolate the HelpServer role for Internet-facing
deployments later in this topic.
Anonymous authentication
Microsoft Dynamics CRM Internet-facing deployment (IFD) requires
anonymous authentication enabled on IIS for claims-based authentication.
Notice that the claims-based authentication token doesnt contain raw
credentials or the connection string to Microsoft Dynamics CRM Server.
However, the web.config file does contain configuration information about the
authentication mode. For more information, see Secure the <notLocalizable
xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">web.config</notLoca
lizable> file later in this topic. To secure the Microsoft Dynamics CRM website,
use SSL.
Isolate the HelpServer role for Internetfacing deployments

Microsoft Dynamics CRM Internet-facing deployment (IFD) require anonymous
authentication. Because anonymous website authentication is used, the
virtual directory used by the Microsoft Dynamics CRM Help site can be
targeted for denial of service (DoS) attacks.
To isolate the Microsoft Dynamics CRM Help pages, and help protect the other
Microsoft Dynamics CRM 2013 roles from potential DoS attacks, consider
installing the Help Server role on a separate computer.
For more information about the options for installing Microsoft Dynamics CRM
roles on separate computers, see Microsoft Dynamics CRM 2013 server roles.
For more information about reducing the risk of DoS attacks, see Improving
Web Application Security: Threats and Counter-measures .
119
Claims-based authentication issues and

limitations
This topic describes issues and limitations when you use claims-based
authentication with Microsoft Dynamics CRM.
Verify that the identity provider uses a strong

password policy
When you use claims-based authentication, we recommend that you verify
that the identity provider that is trusted by the security token service (STS)
and, in turn, Microsoft Dynamics CRM, enforces strong password policies.
Microsoft Dynamics CRM itself doesnt enforce strong passwords. By default,
when it is used as an identity provider, Active Directory enforces a strong
password policy.
AD FS federation server sessions are valid up to 8

hours even for deactivated or deleted users
By default, Active Directory Federation Services (AD FS) server tokens
allocate a web single sign-on (SSO) cookie expiration of eight (8) hours.
Therefore, even when a user is deactivated or deleted from an authentication
provider, such as AD FS 2.0, as long as the user session is still active the user
can continue to be authenticated to secure resources.
To work around this issue, choose from the following options.
Disable the user in Microsoft Dynamics CRM and in Active Directory. For information about how to
disable a user in Microsoft Dynamics CRM, see Enable or disable a user record. For information about
how to disable a user in Active Directory, see the Active Directory Users and Computers Help.
Reduce the web SSO lifetime. To do this, see the Active Directory Federation Services (AD FS)
Management Help.
Secure the
The web.config file that is created by Microsoft Dynamics CRM does not
contain connection strings or encryption keys. However, the file does contain
configuration information about the authentication mode and strategy,
ASP.NET view state information, and debug error message display. If this file
is modified with malicious intent it can threaten the server where Microsoft
Dynamics CRM is running. To help secure the web.config file, we recommend
the following:
Grant permissions to the folder where the web.config file is located to include only those user accounts
120
that require it, such as administrators. By default, the web.config file is located in the <drive:>Program
Files\Microsoft Dynamics CRM\CRMWeb folder.
Limit the number of users who have interactive access to CRM servers, such as console logon
permission.
Disable directory browsing on the CRM website. By default, this is disabled. For more information
about how to disable directory browsing, see Internet Information Services (IIS) Manager Help.
Outbound Internet calls from custom code

executed by the Sandbox Processing
Service are enabled
By default, outbound calls from custom code executed by the Microsoft
Dynamics CRM Sandbox Processing Service that access services on the
Internet are enabled. For high-security deployments of Microsoft Dynamics
CRM, this could pose a security risk. If you do not want to allow outbound
calls from custom code, such as CRM plug-ins or custom workflow activities,
you can disable outbound connections from custom code executed by the
Sandbox Processing Service by following the procedure here.
Instead of blocking all outbound calls, you can enforce web access
restrictions on sandboxed plug-ins. More information: Plug-in Isolation,
Trusts, and Statistics
Notice that disabling outbound connections for custom code includes
disabling calls to cloud platforms such as Windows Azure and Windows Azure
SQL Database.
Disable outbound connections for custom code on the computer
that is running the sandbox processing service
1. On the Windows Server computer where the Microsoft Dynamics CRM Sandbox Processing
Service server role is installed, start Registry Editor and locate the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSCRM
2. Right-click MSCRM, point to New, click DWORD Value, type
SandboxWorkerDisableOutboundCalls, and then press ENTER.
3. Right-click SandboxWorkerDisableOutboundCalls, click Modify, type 1, and then press
ENTER.
4. Close Registry Editor.
5. Restart the Sandbox Processing Service. To do this, click Start, type services.msc, and then
121
press ENTER.
6. Right-click Microsoft Dynamics CRM Sandbox Processing Service, and then click
Restart.
7. Close the Microsoft Management Console (MMC) Services snap-in.
Secure server-to-server communication

By default, Microsoft Dynamics CRM server-to-server communication, such as
communication between the Web Application Server role and the server that
is running Microsoft SQL Server, isnt executed over a security channel.
Therefore, information that is transmitted between servers may be
susceptible to certain attacks, such as man-in-the-middle attacks.
We recommend that you implement Internet Protocol security (IPsec) to help
protect information that is transmitted between servers in your organization.
IPsec is a framework of open standards for protecting communications over
Internet Protocol (IP) networks through the use of cryptographic security
services. More information: IPsec
DNS rebinding attacks

Like many web-based applications, Microsoft Dynamics CRM may be
vulnerable to DNS rebinding attacks. This exploit involves misleading a web
browser into retrieving pages from two different servers thereby trusting that
the servers are from the same domain and subsequently breaking the Same
Origin Policy. Using this technique, an attacker can tamper with CRM data by
using the victims identity through cross-site scripting attacks on CRM pages.
For more information about how to help protect against such attacks, see
Protecting Browsers from DNS Rebinding Attacks .
See Also
Network ports for Microsoft Dynamics CRM
122
Microsoft Dynamics CRM standards

compliance and certification
The topics in this section contain information about Microsoft Dynamics CRM
Server 2011 compliance with security standards and certification.
Security standards compliance

Compliance can affect many organizations, large and small, either through
regulatory requirements or organizational policies.
FIPS 140-2 compliance

Microsoft Dynamics CRM can be configured to be compliant with the Federal
Information Processing Standard (FIPS) 140-2, which is a publication titled
"Security Requirements for Cryptographic Modules." It specifies which
encryption algorithms and hashing algorithms can be used, and how
encryption keys are to be generated and managed. For more information
about how to configure Microsoft Dynamics CRM Server 2011 for FIPS 140-2
compliance, see FIPS 140-2 Compliancy with Microsoft Dynamics CRM 2011.
Certification
Microsoft Dynamics CRM Server 2011 is certified for Windows Server 2008
R2. For a list of issues that were identified during logo certification, see
MicrosoftDynamicsCRM2011WindowsLogo.doc on the Microsoft
Dynamics CRM 2011 Implementation Guide download page.
See Also

supported configurations
This section describes the supported network, domain, and server
configurations for Microsoft Dynamics CRM, which supports multiple domains
in either a native- or interim-mode environment.
123
Active Directory requirements

The Active Directory requirements are as follows:
The computers that run Microsoft Dynamics CRM Server 2013 roles and the computer that runs SQL
Server, where the Microsoft Dynamics CRM databases are located, must be in the same Active
Directory domain.
The Active Directory domain where a Microsoft Dynamics CRM Server 2013 role is located must run
in Windows Server 2003 interim, Windows Server 2003 native, or any Windows Server 2008 or
Windows Server 2012 domain modes.
The Active Directory forest where a Microsoft Dynamics CRM Server 2013 role is located can run in
Windows Server 2003 interim, Windows Server 2003, Windows Server 2008, or Windows Server 2012
forest functional levels.
The user account that is used to run a Microsoft Dynamics CRM service must be in the same domain
as the computer that is running the Microsoft Dynamics CRM Server 2013 role.
The Microsoft Dynamics CRM security groups (PrivUserGroup, SQLAccessGroup, ReportingGroup,

and PrivReportingGroup) must be in the same domain as the computer that is running Microsoft
Dynamics CRM. These security groups can be located in the same organizational unit (OU) or in
different OUs. To use security groups that are located in different OUs, you must install Microsoft
Dynamics CRM Server 2013 by using an XML configuration file and specify the correct distinguished
name for each pre-existing security group within the <Groups> element. More information: Sample
server XML configuration file for installing with pre-created groups
Important
Direct user account membership to the Microsoft Dynamics CRM
privusergroup security group is required and group membership
nesting under privusergroup currently is not supported. For
example, if you add a security group named mycrmprivgroupusers
to privusergroup, members of mycrmprivgroupusers will not resolve
as privusergroup members. This includes the CRMAppPool or the
SQL Server Reporting Services service identities, which if granted
membership to privusergroup through another security group, can
cause system-wide failures in the Microsoft Dynamics CRM web
application and reporting features.
For users who access Microsoft Dynamics CRM from another domain and are not using claims-based
authentication, a one-way trust must exist in which the domain where the Microsoft Dynamics CRM
Server 2013 is located trusts the domain where the users are located.
For users who access Microsoft Dynamics CRM from another forest and are not using claims-based
authentication, a two-way trust must exist between the forests.
Important
124
When you add multiple users who are located in a domain that is a different one than the domain where
the Microsoft Dynamics CRM Server is located, you must have one of the following conditions:
A one-way trust in which the domain where the users are located trusts the domain where the
Microsoft Dynamics CRM Server is located.
A two-way trust between the users domain and the domain where the Microsoft Dynamics CRM
Server is located.
The user information will not appear on the User form when you add users to Microsoft Dynamics
CRM who are located in a remote domain that does not have a trust to the domain where Microsoft
Dynamics CRM Server is located. More information: The user information is not automatically
populated in the required fields when you add a user to Microsoft Dynamics CRM
Single-server deployment
For small user bases, a Microsoft Dynamics CRM Server (any edition) can be
deployed in a single-server configuration, with Microsoft Dynamics CRM
Server 2013, SQL Server, Microsoft SQL Server Reporting Services, and
optionally Microsoft Exchange Server installed and running on the same
computer.
Single-server deployments are not recommended for best experience in
application performance and disaster recovery.
There is one limitation to single-server deployments: the server where
Microsoft Dynamics CRM Server 2013 is installed cannot also function as a
domain controller, unless it is running Windows Small Business Server. If the
computer is a member server (not functioning as a domain controller), you
can deploy a single-server Microsoft Dynamics CRM solution on any other
supported version of Windows Server.
Important
Except for Windows Small Business Server, Microsoft Dynamics CRM is
not supported when you install it on an Active Directory domain
controller.
See Also
Microsoft Dynamics CRM multiple-server deployment
125
Microsoft Dynamics CRM multipleserver deployment

Microsoft Dynamics CRM Server 2013 deployments can include multiple
servers, which provide additional performance and scaling benefits. However,
with Microsoft Dynamics CRM Workgroup Server 2013, server roles cannot be
installed on separate computers. Therefore, all server roles are installed on
every computer where you install Microsoft Dynamics CRM Server 2013.
Install server roles by running Microsoft

Dynamics CRM Server Setup
During Microsoft Dynamics CRM Server Setup, you can select to install a
server role:
Individually.
As one of the three predefined groups of server roles.
As a full server installation that includes all roles.
Server roles let you increase flexibility and scalability of the Microsoft
Dynamics CRM deployment. Note that all server roles must be running and
available on the network to provide a fully functioning Microsoft Dynamics
CRM system.
Install server roles by running Microsoft Dynamics

CRM Server 2013 at the command prompt
You can install Microsoft Dynamics CRM Server roles and Microsoft Dynamics
CRM Reporting Extensions from their respective installation disks or file
download location unattended by using the command prompt. The required
setup information is provided to the Setup program both as command-line
parameters and as an XML configuration file that the Setup program
references. More information: Use the Command Prompt to Install

placement
For improved application performance, the computer or computers that run
the Microsoft Dynamics CRM Server 2013 roles and the computer that is
126
running SQL Server should be on the same LAN. This is because of the large
amount of network traffic passing between the computers. This is also
recommended with Active Directory where the computer or computers on
which Microsoft Dynamics CRM Server 2013 and the Active Directory domain
controller are running should be on the same LAN to guarantee efficient
Active Directory access to Microsoft Dynamics CRM.
SQL Server and Active Directory domain

controller placement
For each organization, Microsoft Dynamics CRM stores all customer
relationship management data in a SQL Server database. Make sure that the
computer on which SQL Server is running that maintains the Microsoft
Dynamics CRM databases is located near the Microsoft Dynamics CRM Server
2013. This means there should be a high-speed, permanent network
connection between the Microsoft Dynamics CRM Server 2013 and the
computer that is running SQL Server. A network communications failure
between these computers can result in data loss and service becoming
unavailable.
The same is true for Active Directory because Microsoft Dynamics CRM
depends on it for security information. If communication with Active Directory
is lost, Microsoft Dynamics CRM will not function correctly. If communication
with Active Directory is inefficient, Microsoft Dynamics CRM performance will
be affected. Therefore, it is important to put an Active Directory domain
controller on the same high-speed, permanent network connection as the
Microsoft Dynamics CRM and SQL Server computers.
See Also
Microsoft Dynamics CRM 2013 server roles
Microsoft Dynamics CRM 2013 server

roles
In Microsoft Dynamics CRM Server 2013, you can install specific server
functionality, components, and services on different computers. These
components and services correspond to specific server roles. For example,
customers who have larger user bases can install the Front End Server role on
127
two or more servers that run Internet Information Services (IIS) to increase
throughput performance for users. Or, a Full Server role can be installed on
one computer and Microsoft Dynamics CRM Reporting Extensions on another.
If a server role is missing, Deployment Manager displays a message in the
Messages area.
Use one of the following options to install server roles:
Run the Microsoft Dynamics CRM Server Setup Wizard to select one or more server role groups or
one or more individual server roles. If Microsoft Dynamics CRM Server 2013 is already installed, you
can use Programs and Features in Control Panel to add or remove server roles.
Configure an XML Setup configuration file and then run Setup at the command prompt to specify a
server role group or one or more individual server roles. You cannot explicitly select the SQL Server
"role" for installation during Microsoft Dynamics CRM Server Setup. This is a logical role that SQL
Server sets when you specify a particular instance of SQL Server, either local or on another computer
(recommended) for use in the Microsoft Dynamics CRM deployment. For more information, see
Microsoft Dynamics CRM 2013 Server XML configuration file.
Note
At any time after the initial installation of server roles, you can add or
remove server roles in Control Panel. For more information, see
Uninstall, change, or repair instructions.
Important
If you have a Microsoft Dynamics CRM deployment that includes one or
more Front End Server and Back End Server roles, the Language Pack
must be installed on the computer that has the Front End Server role. If
you have deployed individual server roles, the Language Packs must
be installed on the computers that are running the Web Application
Server and the Help Server roles.
In This Topic
Available group server roles
Available individual server roles
Scope definition
Installation method definition
Microsoft Dynamics CRM Server role requirements
128
Available group server roles

Although these server role groups are recommended for most deployments,
any individual server role may be installed during Setup.
All server roles must be running in your organizations network to provide a
fully functioning system.
Server Role Group
Description
Scope
Full Server
Contains all roles from Front End Server, Back

End Server, and Deployment Administration
Server. By default, Microsoft Dynamics CRM
Server Setup deploys the system as Full Server.
In a Full Server deployment, server roles are not
listed separately in Control Panel. To view the
installed roles or make changes, right-click
Microsoft Dynamics CRM Server 2013, click
Uninstall/Change, and then click Configure.
Deploym
Front End Server
Enables the server roles for running client

applications and applications developed with the
Microsoft Dynamics CRM SDK.
Deploym
Back End Server
Includes the server roles that handle processing

asynchronous events, such as workflows and
custom plug-ins, database maintenance, and
email routing. These roles are usually not exposed
to the Internet.
Deploym
For a list of server roles that are included in this

group, see the following table.
Deployment Administration Server
Enables the server roles for components that are

used to manage the Microsoft Dynamics CRM
deployment either by using the methods described
in the Microsoft Dynamics CRM SDK or the
deployment tools. Also includes the interface for
database disaster recovery support.
For a list of server roles that are included in this
group, see the following table.
129
Deploym
Available individual server roles

Server Role
Description
Server Group
Discovery Web Service
Finds the organization that a user belongs to in

a multi-tenant deployment.
Front End Server
Organization Web Service
Supports running applications that use the

methods described in the Microsoft
Dynamics CRM SDK.
Front End Server
Web Application Server
Runs the Web Application Server that is used to

connect users to Microsoft Dynamics CRM
data. The Web Application Server role requires
the Organization Web Service role.
Front End Server
Help Server
Makes Microsoft Dynamics CRM Help available

to users.
Front End Server
Asynchronous Service
Processes queued asynchronous events, such

as workflows, bulk e-mail, or data import.
Back End Server
Sandbox Processing Service
Enables an isolated environment to allow for

the execution of custom code, such as plug-ins.
This isolated environment reduces the
possibility of custom code affecting the
operation of the organizations.
Back End Server
Email Integration Service
Handles sending and receiving of email

messages by connecting to an external email
server.
Back End Server
Deployment Web Service
Manages the deployment by using the methods

described in the Microsoft
Dynamics CRM SDK.
Deployment Adminis
Deployment Tools
Consists of the Deployment Manager and

Windows PowerShell cmdlets. Microsoft
Dynamics CRM administrators can use the
Windows PowerShell cmdlets to automate
Deployment Manager tasks.
Deployment Adminis
Deployment Manager is a Microsoft

Management Console (MMC) snap-in that
system administrators can use to manage
organizations, servers, and licenses for
130
Microsoft Dynamics CRM VSS

Writer
The Microsoft Dynamics CRM VSS Writer

service provides an interface to backup and
restore Dynamics CRM data by using the
Windows Server Volume Shadow Copy Service
(VSS) infrastructure.
Deployment Adminis
Microsoft Dynamics CRM

Reporting Extensions
Provides reporting functionality by interfacing

with the Microsoft Dynamics CRM system and
Microsoft SQL Server Reporting Services.
N/A
SQL Server
Installs the MSCRM_CONFIG database on the

SQL Server.
N/A
Scope definition
Deployment. Each instance of the server role services the entire deployment.
Organization. Each instance of the server role services an organization. Therefore, you can use a
different server role instance for a given organization.
Installation method definition
Individual, Group, or Full. During Microsoft Dynamics CRM Server Setup, you can install a server
role individually, install one of the three predefined groups of server roles, or perform a Full Server
installation that includes all roles. Or, you can select multiple individual server roles.
srsDataConnectorSetup.exe. Install this role on the computer where Microsoft SQL Server Reporting
Services is running by using Microsoft SQL Server Reporting Services Setup.
For more information about Microsoft Dynamics CRM server roles and
multiple server deployment, see Install Microsoft Dynamics CRM Server 2013 on
multiple computers in the Microsoft Dynamics CRM Planning Guide.
Microsoft Dynamics CRM Server role

requirements
The following table describes the components necessary for each Microsoft
Dynamics CRM Server role. An "X" indicates the component is required for the
Microsoft Dynamics CRM Server role to install and function. Notice that, in
most cases if a component is not already installed, Microsoft Dynamics CRM
Server Setup will install it.
131
Microsoft Dynamics CRM Server Role Prerequisites

Component
Back End Server
Front End Server
Microsoft SQL Server Reporting Services

ReportViewer control
SQL Server Native Client
Microsoft Application Error Reporting Tool
Microsoft Visual C++ Runtime Library
Windows Identity Foundation (WIF)

Framework
Windows Server 2008 Web Server Role
Indexing Service
Microsoft .NET Framework 4
Microsoft Chart Controls for Microsoft .NET

Framework
Windows Azure platform AppFabric SDK
X
X
Windows PowerShell
Microsoft URL Rewrite Module for IIS
File Server Resource Manager
The following table describes the group membership for the Active Directory
that is used by Microsoft Dynamics CRM. An X indicates the group
membership required for the service to function.
Group Membership Requirements
Service
PrivUserGroup
SQLAccessGroup
Deployment Web Service service

account
Web Application Service*
Asynchronous Service service

account
Sandbox Processing Service service

account**
132
SQL Server service account
Microsoft SQL Server Reporting

Services server account
Email Router service account
Installing User/Service account

Individual user accounts in Microsoft
Dynamics CRM
Unzip Service service account
Microsoft Dynamics CRM VSS Writer

service account
* The Web Application Service identity is applied to the CRMAppPool

application pool. Subsequently, this identity is used by the Organization
Service, Web Application, and Microsoft Dynamics CRM platform.
** The Sandbox Service does not need any Microsoft Dynamics CRM group
membership.
Note
Email Router runs as a local system.
Important
The Installing user should be a separate service account, but it should not be used to run any services.
If any of the service accounts are created as users in Microsoft Dynamics CRM, you may encounter
various problems, some of which are potential security issues.
See Also
Support for Microsoft Dynamics CRM multiple-server topologies
Support for Microsoft Dynamics CRM

multiple-server topologies
This section provides examples of various multiple-server topologies.
133
In This Topic
Six-server topology
Multi-forest and multi-domain with Internet access Active Directory topology
Six-server topology
The six-server topology is for small to midsize user bases, typically 25 or
fewer users concurrently using Microsoft Dynamics CRM. The following
example depicts a possible configuration running a supported version of
Windows Server and the required and optional software technologies. It also
includes a Full Server deployment of Microsoft Dynamics CRM Server that is
configured for an Internet-facing deployment (IFD). For a complete list of the
supported versions of these components, see Software requirements for
A five server topology can consist of the following configuration:
Server 1: Running on Microsoft Windows Server as a functioning domain controller.
Server 2: Running on Windows Server as a secondary domain controller.
Server 3: Running on Windows Server, running IIS with a Full Server installation of Microsoft
Dynamics CRM, where all Microsoft Dynamics CRM server roles are installed on the same computer.
Server 4: Running on Windows Server with an instance of Microsoft SQL Server and running
Microsoft Dynamics CRM Reporting Extensions.
Server 5: Running on Windows Server with Microsoft Exchange Server for email message routing.
Server 6: Running on Windows Server with Active Directory Federation Services (AD FS) (required
for Microsoft Dynamics CRM IFD).
CRMClient, tablet and phone devices. These computers and devices are running applications that are
available, such as CRM for Outlook, Microsoft Dynamics CRM for tablets, and Microsoft Dynamics
CRM for phones.
134
Basic Microsoft Dynamics CRM 2013 six-server topology
Multi-forest and multi-domain with

Internet access Active Directory topology
For very large user bases that span multiple domains and, in some cases,
forests, the following configuration is supported. The following example
depicts a possible configuration running a particular version of Windows
Server and required software such as SQL Server and Microsoft SharePoint.
The text and diagram show a possible deployment that lets users access
Microsoft Dynamics CRM 2013 through the Internet by implementing Active
Directory Federation Services (AD FS) supported by Front End Server roles
that are isolated from user and resource domains on a perimeter network
(also known as DMZ, demilitarized zone, and screened subnet) model.
135
For a complete list of the supported versions of these software technologies,

see Software requirements for Microsoft Dynamics CRM Server 2013.
Forest X: Domain A: Perimeter subnet
Network Load Balanced (NLB) virtual server consisting of the following two nodes.
Front End Server: Running Windows Server and Microsoft Dynamics CRM Server with the Front
End Server role.
Front End Server: Another Windows Server running Microsoft Dynamics CRM Server with the
Front End Server role.
Active Directory Federation Services (AD FS) Server: Running on Windows Server as the Internetfacing claims-based authentication security token service.
Forest X: Domain A: Intranet
NLB virtual server consisting of the following two nodes.
Windows Server, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM
Reporting Extensions for SQL Server Reporting Services (Server X).
Windows Server, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM
Reporting Extensions for SQL Server Reporting Services (Server Y).
NLB virtual server consisting of the following nodes.
Front End Server: Running Windows Server and Microsoft Dynamics CRM Server with the Front
End Server role.
Front End Server: Another Windows Server running Microsoft Dynamics CRM Server with the
Front End Server role.
Microsoft SQL Server failover cluster running the following two nodes.
Windows Server, SQL Server database engine (Server X).
Windows Server, SQL Server database engine (Server Y).
Windows Server running the Asynchronous Service server role.
Windows Server running the Sandbox Processing Service server role.
Windows Server running the Active Directory Federation Services (AD FS) Windows Server role.
Windows Server running Microsoft SharePoint (required for document management).
Forest Y: Domain B: Intranet
Exchange Server failover cluster consisting of the following two nodes.
136
Windows Server running Exchange Server (Server X).
Windows Server running Exchange Server (Server Y).
Internet access to Microsoft Dynamics CRM 2013 topology example
See Also
137
Upgrading from Microsoft Dynamics

CRM 2011
The only supported upgrade path to Microsoft Dynamics CRM 2013 is from
Microsoft Dynamics CRM 2011. This section provides guidelines for preparing
for an upgrade to Microsoft Dynamics CRM 2013. Performing these tasks in
advance can help minimize system downtime and ensure a successful
upgrade. Also, this section describes how Microsoft Dynamics CRM 2013
upgrades your current system and what happens to items such as existing
reports, customizations, and solutions.
Microsoft Dynamics CRM 2011 server roles are not compatible with a
Microsoft Dynamics CRM 2013 deployment. Therefore, after you upgrade the
first Microsoft Dynamics CRM 2011 server, other Microsoft Dynamics CRM
2011 servers that are running in the deployment will become disabled. As
each server is upgraded, the corresponding server will be enabled.
You can upgrade Microsoft Dynamics CRM 2011 server roles in any order.
However, to have a fully functioning Microsoft Dynamics CRM deployment, all
servers and server roles must be upgraded.
For an overview of the upgrade process, see the whitepaper: How to Prepare
for the Upgrade to Microsoft Dynamics CRM 2013
In This Topic
Recommended upgrade steps
Microsoft Dynamics CRM Server upgrade options
Microsoft Dynamics CRM 2011 Server versions supported for upgrade
Microsoft Dynamics CRM 2011 for Outlook versions supported for upgrade
Microsoft Dynamics CRM software and components not supported for in-place
upgrade
Upgrade product key
User permissions and privileges
Sharing a SQL Server
Tips for a successful upgrade
Next steps
138
Recommended upgrade steps

To ease the upgrade process and minimize downtime, we recommend that
you use the following order when you upgrade Microsoft Dynamics CRM 2011
to Microsoft Dynamics CRM 2013.
1.
Make sure all Microsoft Dynamics CRM 2011 for Outlook clients are running Microsoft Dynamics
CRM 2011 Update Rollup 12 or a later update rollup. Doing so provides Microsoft Dynamics CRM
2011 for Outlook the capability to connect and use Microsoft Dynamics CRM Server 2013.
2.
Upgrade all Microsoft Dynamics CRM 2011 servers and organizations to Microsoft Dynamics CRM
Server 2013.
3.
Upgrade Microsoft Dynamics CRM 2011 for Outlook to Microsoft Dynamics CRM 2013 for
Microsoft Office Outlook. Upgrading to CRM 2013 for Outlook provides Go offline capability.
Microsoft Dynamics CRM Server upgrade

options
There are three different upgrade options:
Migrate by using a new instance of SQL Server. We recommend this option for upgrading from
Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. Although this option requires a
different computer for Microsoft Dynamics CRM 2013 and a different instance of SQL Server, it
provides the least amount of potential downtime for Microsoft Dynamics CRM users since the
Microsoft Dynamics CRM 2011 deployment can remain functioning until the upgrade is completed
and verified.
Migrate by using the same instance of SQL Server. This option requires a different computer for
Microsoft Dynamics CRM Server 2013, but will upgrade in-place the configuration and default
organization databases using the same instance of SQL Server. If issues occur during the upgrade, you
must roll back to Microsoft Dynamics CRM 2011 to avoid significant downtime.
In-place upgrade. Although this option does not require a different computer for Microsoft Dynamics
CRM Server 2013 or a different instance of SQL Server, it poses the greatest risk if upgrade issues
occur because a roll back and reinstall of Microsoft Dynamics CRM will be required to avoid potential
downtime.
For detailed procedures for each of these options, see the Upgrade from
Microsoft Dynamics CRM 4.0 topics in the Installing Guide.
For the latest product information, see the Microsoft Dynamics CRM 2013 and
Microsoft Dynamics CRM Online Readme.
Important
Always run a full backup of the Microsoft Dynamics CRM databases
before you upgrade to a new version of the product. For information
139
about database backups, see Backing Up the Microsoft Dynamics CRM

System in the Operating and Maintaining Guide.
During an in-place upgrade, only the organization that you specify to
upgrade to Microsoft Dynamics CRM 2011 is upgraded. If the Microsoft
Dynamics CRM 2011 deployment contains additional organizations,
those organizations are disabled and are not upgraded. You must
upgrade those organizations using Deployment Manager. For more
information, see Deployment Manager Help.
For each organization that you upgrade, we recommend that the
volume have free space that is at least three times the size of the
organization database file (organizationName_MSCRM.mdf) and four
times the size of the log file (organizationName_MSCRM.ldf). For
example, if a single organization database and log file are located on
the same volume where the mdf file is 326 MB and the ldf file is 56 MB,
the recommended available space should be at least 1.2 GB to allow
for growth ((326 x 3) + (56 x 4)). Notice that the database files that
expand during upgrade do not reduce in size after the upgrade is
complete.
As part of organization upgrade, all ENTITYNAMEBase and
ENTITYNAMEExtensionBase tables will be merged into a single table. To
reduce downtime, consider deferring the table merge of large
organization databases that are highly customized so that the table
merge process can be run as a separate upgrade operation. For more
information, see Run the Base and Extension table merge as a
separate operation.
Microsoft Dynamics CRM 2011 Server

versions supported for upgrade
The following Microsoft Dynamics CRM 2011 update rollup versions are
supported for upgrade to Microsoft Dynamics CRM Server 2013. All other
update rollup versions will receive an error message resembling the following
and will not be upgraded.
The installed version of Microsoft Dynamics CRM Server cannot be upgraded
to Microsoft Dynamics CRM 2013. For more information, see the Microsoft
Dynamics CRM Implementation Guide.
Microsoft Dynamics CRM 2011 Update Rollup 14 or later update rollup.
Microsoft Dynamics CRM 2011 Update Rollup 6 (Not recommended).
140
Microsoft Dynamics CRM 2011 for Outlook

versions supported for upgrade
The following Microsoft Dynamics CRM 2011 update rollup versions are
supported for upgrade to Microsoft Dynamics CRM 2013 for Microsoft Office
Outlook.
Microsoft Dynamics CRM 2011 Update Rollup 12
Microsoft Dynamics CRM 2011 Update Rollup 6 (Not recommended).
Microsoft Dynamics CRM software and

components not supported for in-place
upgrade
The following products and solutions are not supported by Microsoft
Dynamics CRM 2013 and will not be upgraded during Microsoft Dynamics
CRM Setup. If you upgrade a Microsoft Dynamics CRM 2011 system that
includes the product or solution listed below, or you install these components
after you install Microsoft Dynamics CRM, these products or solutions may not
function correctly. We recommend that you uninstall or manually remove the
component before you upgrade.
Microsoft Dynamics CRM 2011 Reporting Extensions
Microsoft Dynamics CRM 2011 Email Router
Microsoft Dynamics CRM List Component for SharePoint Server
Connector for Microsoft Dynamics
Important
Microsoft Dynamics CRM 4.0 is not supported for upgrade. However,
you can upgrade Microsoft Dynamics CRM 4.0 Server to Microsoft
Dynamics CRM Server 2011 by using a trial product key, and then
upgrade to Microsoft Dynamics CRM Server 2013. For instructions
about how to migrate from Microsoft Dynamics CRM 4.0 to Microsoft
Dynamics CRM 2013, see Migrate from Microsoft Dynamics CRM
4.0 Server to Microsoft Dynamics CRM 2013 Server.
141
Upgrade product key

Before the upgrade, obtain the product key that you will enter during the
upgrade. In Microsoft Dynamics CRM 2013, the server and client keys are
combined so that you enter only one key.
For more information, see Microsoft Dynamics CRM editions and licensing in this
guide.
If you want to make system changes that require changes to your existing
Microsoft Dynamics CRM licensing agreement, see How to buy Microsoft
Dynamics.
User permissions and privileges

To perform a successful upgrade, the user who runs Microsoft Dynamics CRM
Setup must:
Have an account in the same Active Directory domain as the server or servers that are being upgraded.
Be a member of both the Deployment Administrator Role and the Microsoft Dynamics CRM System
Administrator Role.
Have administrator rights on the SQL Server and Reporting Services server associated with the
deployment that is being upgraded.
Have sufficient permissions to create new security groups in the Active Directory organizational unit
that contains the existing Microsoft Dynamics CRM groups.
Sharing a SQL Server

Only one Microsoft Dynamics CRM deployment per instance of SQL Server is
supported. This is because each Microsoft Dynamics CRM deployment
requires its own MSCRM_CONFIG database, and multiple instances of the
MSCRM_CONFIG database cannot coexist on the same instance of SQL Server.
If you have multiple SQL Server instances running on the same computer,
you can host the databases for multiple Microsoft Dynamics CRM deployment
on the same computer. However, this might decrease system performance.
Tips for a successful upgrade

The following issues, if applicable to your current Microsoft Dynamics CRM
2011 deployment, should be resolved before you start the upgrade.
142
Maximum number of attributes exceeded

If you have more than 1023 attributes defined for an entity, you must delete
the additional attributes before you run the upgrade. The upgrade will fail
with the following message if you have more than 1023 attributes.
CREATE VIEW failed because column 'column_name' in view 'view_name'
exceeds the maximum of 1024 columns.
Remove custom database objects

The Microsoft Dynamics CRM databases often change from one major release
to the next because of database redesign.
We suggest that, if you have added custom database objects such as
triggers, statistics, stored procedures, and certain indexes, you remove those
objects from the configuration and organization databases. In many cases,
Microsoft Dynamics CRM Server Setup displays a warning when these objects
are detected.
Remove the ignorechecks registry subkey

If you have manually added the ignorechecks registry subkey on the Microsoft
Dynamics CRM Server 2011 remove it before you start the upgrade. For more
information, see You cannot deploy Microsoft Dynamics CRM by using an account
that does not have local administrator permissions on Microsoft SQL Server .
If you are upgrading from Microsoft Dynamics CRM

2011 Update Rollup 6, indexes will be added during
upgrade
Microsoft Dynamics CRM 2011 Update Rollup 12 introduced new indexes for
entities in the Quick Find Search Optimization feature. Therefore, if you
upgrade from Microsoft Dynamics CRM 2011 Update Rollup 6, these indexes
will be created during Microsoft Dynamics CRM Server 2013 Setup and you
may notice that part of the upgrade will take longer to complete. The reason
for this is that the indexes need to be populated and based on the size of
your dataset the completion time will vary. Additionally, if you have existing
custom indexes in the organization database that use the same index name,
they will be overwritten during upgrade. For more information including a list
of the indexes added, see Indexes added with Microsoft Dynamics CRM 2011
Update Rollup 12.
143
Consider rescheduling base and extension table

merge
By default, during an organization upgrade, every base and extension table
will become merged. For large organization databases that are highly
customized the merging may take several hours to complete. For more
information, see Run the Base and Extension table merge as a
separate operation.
Next steps
Read more about upgrade in the following topics:
Before you upgrade: issues and considerations
Upgrade the Microsoft Dynamics CRM Deployment
Upgrade Microsoft Dynamics CRM for Outlook
See Also
Upgrade Microsoft Dynamics CRM for Outlook
Before you upgrade: issues and

considerations
This section describes the changes and known issues that occur as a result of
upgrading from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM
2013. This section also describes the things that may impact your
deployment after the upgrade is complete.
In This Topic
What has changed in supported products and technologies?
End of support for outdated programmability features
Delete connections to enable use of access teams
Changes to duplicate detection
Microsoft Lync presence not supported in some areas
144
Update your customizations for the new user interface
What has changed in supported products

and technologies?
In support of the latest technologies and in compliance with the Microsoft
Support Lifecycle, obsolete platform products and technologies will no longer
be supported in the next major release of Microsoft Dynamics CRM. For more
information, see Whats changing in the next major release.
End of support for outdated

programmability features
There are several Microsoft Dynamics CRM 4.0 features that will be removed
or will no longer be supported after the upgrade to Microsoft Dynamics CRM
2013. For more information, see Whats changing in the next major release.
You can use the Custom Code Validation Tool to examine your web resources
and show you where there might be some problems. The issues that are
flagged are either using unsupported coding processes or using the Microsoft
Dynamics CRM 4.0 objects and functions. Download this tool and extract the
contents. Within the contents, you will find instructions about how to install
and use the tool. For more information about this tool, read this blog: Check
your JavaScript code to prepare for your upgrade.
Delete connections to enable use of

access teams
To be able to add users who have opportunity connections to access teams,
the connections must be deleted before you upgrade. If there are connections
in your existing Microsoft Dynamics CRM deployment configured between
Opportunity and User entities, you should delete them before you upgrade.
Deleting these connections will let you add those users to teams that use the
Access team type, typically used for team selling. After the upgrade is
complete you can re-create the prior connections and, if needed, add those
users to access teams. For more information about access teams, see About
team templates in the Customer Center.
To find all opportunity and user connections, start Advanced Find and set the
following query.
1.
In the Look for list select Connections.
145
2.
Click or tap Select and then click or tap Connected From (Opportunity)
3.
Click or tap Select and then click or tap Connected To (User)
4.
Click or tap Results.
Changes to duplicate detection

To facilite auto-save on forms, duplicate detection during create and update
operations will not be supported in the forms for Microsoft Dynamics CRM
updated user interface entities. For more information, see Duplicate Detection
during Record Create and Update Operations Not Supported . You can find sample
code for adding this support to your forms in the Microsoft
Dynamics CRM SDK download package.
Microsoft Lync presence not supported in

some areas
Microsoft Lync presence will not be supported on the updated user interface
entity forms and in Activity Feeds. Lync will be present in grids and subgrids.
Update your customizations for the new

user interface
After the upgrade, supported customizations to menus and forms from your
previous version will continue to work, though they may appear slightly
different to simplify the transition to the new user experience. The forms for
entities that are updated to the new user interface have a similar layout as
the Microsoft Dynamics CRM 2011 forms. To display the forms in the new
layout, system customizers can edit each new form and choose Bring in
another form from the ribbon. For more information, see Upgrading
Forms.
See Also
Upgrading from Microsoft Dynamics CRM 4.0
146
Upgrade the Microsoft Dynamics CRM

Deployment
Microsoft Dynamics CRM 2013 presents a significant advancement in features
and functionality from Microsoft Dynamics CRM 2011. As such, existing
features, solutions, and extensions may be affected as a result of the
upgrade. This topic provides a best practices process to minimize downtime
while helping determine issues that may occur as a result of the upgrade.
In This Topic
The upgrade process
Prepare to upgrade
Establish the test environment
Upgrade and validate the test environment
What to do when you cannot successfully upgrade or migrate?
The upgrade process

The Microsoft Dynamics CRM Server upgrade process can be distilled down
into four main areas:
1. Prepare to upgrade.
2. Establish a test environment.
3. Upgrade and validate the test environment.
4. Upgrade and validate the production site.
There are two separate environments as part of the upgrade process:
Test environment. The test environment represents a restricted deployment of Microsoft Dynamics
CRM that is used to validate the upgrade. The test environment must mirror the production
environment as closely as possible whereby there are substantial similarities in hardware (processor,
disk, memory, and so on), technology platform (Windows Server, SQL Server, and so on), topology (1server, 2-server, 5-server, and so on) and data Microsoft Dynamics CRM databases). To create an
appropriate environment for testing, it may require setting up Windows Network Load Balancing
(NLB) or clustering, installing and configuring Microsoft Dynamics CRM components and
applications, such as Email Router, workflows, customizations, and connectors, as well as installing
147
any additional add-ons, plug-ins, or solutions particular to the deployment. Establishing a test
environment that is running and configured wholly or in part by using virtualization technology, such
as Windows Server Hyper-V, can greatly facilitate this process. In this test environment, the
administrator performs the upgrade, optimizes for performance, may introduce upgraded code, and
tests that the system is running well.
Production deployment. This deployment represents the deployment of Microsoft Dynamics CRM
that is used by all Microsoft Dynamics CRM users in the organization. In the production deployment,
the upgrade is performed, and the administrator may use strategies that optimize upgrade performance.
The upgrade administrator may move upgraded code from the development or test environment to the
production environment. The administrator then brings the production environment online, validates
that the system is running well, and deploys CRM for Outlook for users as needed.
Prepare to upgrade
Make sure you have enough staff, resources, and time to dedicate to the
upgrade. As part of this phase, you must determine who will be involved in
the upgrade, designate the test deployment hardware and software that will
be used to validate the upgrade, and plan for potential failures.
You should also assess the current production environment for upgrade
suitability. This requires reviewing the Microsoft Dynamics CRM 2013
documentation.
Important
Only Microsoft Dynamics CRM Server 2011 with at least Microsoft
Dynamics CRM 2011 Update Rollup 14 (recommended) or Microsoft
Dynamics CRM 2011 Update Rollup 6 can be upgraded to Microsoft
Additionally, you must determine the acceptance criteria that will be used to
decide whether to go forward with the production upgrade.
Tip
Microsoft Dynamics Sure Step is available to Microsoft Dynamics
Partners to help reduce risk and guide you through the tasks
associated with deployment and configuration of Microsoft Dynamics
solutions. For more information about Microsoft Dynamics Sure Step,
including training, methodology, and tool downloads, visit the
PartnerSource website.
Determine the upgrade strategy
To determine the upgrade strategy, you need to answer the following
questions:
148
What will be upgraded? Upgrading the Microsoft Dynamics CRM server may require that you upgrade
platform components such as Windows Server or SQL Server. It will also require that other Microsoft
Dynamics CRM applications such as CRM for Outlook and Email Router be upgraded.
When? What is the timeline for the upgrade?
How? For example, will you upgrade in-place or will you migrate to new hardware before the
upgrade? This should also include how the upgrade will be rolled out. Who will validate the upgrade?
Will there be a pilot or phased rollout? Based on the outcome of the test upgrade you may need to
modify or mitigate your strategy and perform corrective actions to ensure functionality. For example, if
some workflows cannot be upgraded, you must plan to re-create those workflows and test them.
Plan for failure, backup, and recovery

Some components, such as custom reports, workflows, custom JavaScript, or
third-party extensions may cause the upgrade to fail or not function correctly.
These items should be documented and a contingency plan be established
for each issue. Additionally, custom JavaScript and third-party extensions may
need to be removed before the upgrade.
Therefore, you must be prepared to quickly and completely rollback the
system. If you will recover from any scenario, you must back up all needed
information and store a copy offsite. A backup plan should be created and
rehearsed for all Microsoft Dynamics CRM components and services to make
sure that, if a failure occurs, the maximum amount of data is recoverable. To
understand the failure-recovery procedures, you must examine several
different scenarios to learn how restoration occurs in each case.
For more information about how to back up or recover Microsoft Dynamics
CRM data, see Data protection and recovery.
Review appropriate planning and prerequisite documentation
Product documentation is instrumental in helping you scope the amount of
preparation required before you upgrade. The documentation to review
should include:
Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online Readme
This guide and the Installing Guide for Microsoft Dynamics CRM 2013, which are part of the
Microsoft Dynamics CRM 2013 Implementation Guide. Of particular importance are the Upgrading
from Microsoft Dynamics CRM 2011, Microsoft Dynamics CRM 2013 system requirements and
required technologies, and Microsoft Dynamics CRM 2013 supported configurations topics.
Also, if you will be installing additional components, such as CRM for Outlook or Microsoft
Dynamics CRM Email Router, download and review the following documents:
Microsoft Dynamics CRM 2013 for Microsoft Office Outlook Readme
149
Microsoft Dynamics CRM Email Router Readme
Ensure you have the latest technologies

For best results, verify that you have applied the latest service packs and
update rollups not only for Microsoft Dynamics CRM but for other dependent
technologies such as Windows Server, SQL Server, and Exchange Server.
Determine an upgrade plan and checklists
In this task you will determine how to evaluate the overall functionality and
production readiness of the upgraded environment. The purpose of these
tasks is to validate a production ready and fully operational system suitable
for rolling out to the user base.
Use the following steps as a checklist for the tasks that are required leading
up to the production upgrade or "go-live" day.
Verify that the system is functional after the upgrade by performing these
basic tests:
Review the Setup log files for issues that may have occurred during the upgrade. By default, Setup
creates these files in the C:\Documents and Settings\<username>\Application
Data\Microsoft\MSCRM\Logs folder on the computer where Setup is run and where <username> is
the name of the user account who ran Setup.
Review the Event Viewer log files. Microsoft Dynamics CRM Server 2013 events are recorded under
the sources that begin with MSCRM in Event Viewer.
Start Deployment Manager and verify that all Microsoft Dynamics CRM servers are enabled and that
the default organization is enabled. Depending on whether you migrated or performed an in-place
upgrade, additional Microsoft Dynamics CRM 2011 organizations are upgraded by using the Import
Organization Wizard or the Upgrade Organization Wizard in Deployment Manager.
Start Internet Explorer and connect to the Microsoft Dynamics CRM server. After you have performed
the previous tasks, perform a user acceptance test. The following is an example of some of the features
to test in a typical organization:
Validate reports against previous version reports.
Print reports in Microsoft Dynamics CRM.
Validate applicable data in the Microsoft Dynamics CRM system, such as creating, editing,
deleting, and promoting/converting records for the following entities:
Accounts
Contacts
150
Opportunities
Cases
Activities
Custom Entities
Verify workflows against previous workflows. Update any workflow items affected by
configuration or data model modifications.
Test all custom code, JavaScript, and custom reports (if applicable).
Test all integration processes (if applicable).
Test of third party applications or extensions.
Establish the test environment

We strongly recommend that you plan to run at least one test upgrade before
you upgrade your production environment. After you run a test upgrade,
verify the product configuration by performing operations that you would
typically use in your production environment. For example, for a service
organization, you may want to create an e-mail activity related to a case, and
then verify the functionality by sending a test e-mail that contains text from
an existing case. If you receive any errors while you are using Microsoft
Dynamics CRM in a test environment, make sure that you resolve them
before you upgrade your production environment.
Tip
Virtual machine software, such as Windows Server Hyper-V, can ease
the deployment time to establish the test environment as well as limit
the amount of hardware resources that are required to emulate the
production deployment.
Determine which computers you will use, or, if you are using virtual machine
technology, which virtual machine you will use.
Migrate by using a new instance of SQL Server
We recommend this upgrade option because it lets you maintain a Microsoft
Dynamics CRM 2011 deployment at the same time that a new Microsoft
Dynamics CRM 2013 system is being deployed. This reduces application
down time as the new deployment can be installed, organizations imported,
and then verified without effecting the production Microsoft Dynamics CRM
2011 deployment in the event of an issue.
151
Important
The Migrate by using a new instance of SQL Server option
provides the least amount of potential downtime in the event of an
issue as the result of the upgraded deployment.
1.
Establish a new instance of SQL Server. You can use an existing instance but it must not be the same
instance where the Microsoft Dynamics CRM 2011 configuration database is located.
2.
Run Microsoft Dynamics CRM Server 2013 Setup on a new 64-bit computer that does not already
have Microsoft Dynamics CRM Server 2011 installed.
3.
Back up the production Microsoft Dynamics CRM 2011 configuration and organization databases and
restore them to the new instance of SQL Server.
4.
Run the Import Organization Wizard to import one or more Microsoft Dynamics CRM 2011
organizations to the newly installed Microsoft Dynamics CRM 2013 system. During the import, the
Microsoft Dynamics CRM 2011 organization database will be upgraded.
5.
If you have additional organizations or if you are using a new SQL Server for the migration, you must
import the organization databases to the new system. To do this, on the computer where Microsoft
Dynamics CRM Server 2013 is installed and running, start Microsoft Dynamics CRM Deployment
Manager, right-click Organizations, click Import Organization, and then select the newly restored
Microsoft Dynamics CRM 2011 OrganizationName_MSCRM database.
6.
If customizations were made to .NET assemblies or configuration files, you must copy those
customized files to the new system. By default, these files are located under the <drive>:\Program
Files\Microsoft Dynamics CRM\Server\bin\assembly\ folder on the existing Microsoft Dynamics
CRM 2011 server.
Upgrade and validate the test

environment
Verify the newly upgraded Microsoft Dynamics CRM 2013 environment for
stability and operation. This includes having a select set of users connect by
using the Microsoft Dynamics CRM web application and use the system to
perform all normal day-to-day tasks. Make sure workflows and reports are
functioning correctly. Test that new features from the upgrade are functioning
as well.
Run acceptance criteria and checklists
Execute the previously mentioned tasks on the new deployment. Based on
the tests, a decision will be made to either implement or not implement the
upgrade to the production environment.
User acceptance testing
152
After the test checklist is completed and the quality of the tasks is within
acceptable limits, user acceptance testing can start. This involves a subset of
all users and typically can involve key users that carry out their normal dayto-day tasks against the system. These key users report any issues or
unexpected behavior to the Microsoft Dynamics CRM administration team for
action.
Go live
After user acceptance testing has successfully completed, bring the Microsoft
Dynamics CRM 2013 server online. This may require removing the Microsoft
Dynamics CRM 2011 server before joining the Microsoft Dynamics CRM 2013
server to the domain, configuring the IIS bindings to use the same bindings
as the Microsoft Dynamics CRM 2011 website, and updating DNS records as
necessary to correctly resolve to the new Microsoft Dynamics CRM 2013
website.
What to do when you cannot successfully

upgrade or migrate?
If, after following the guidelines in this section, you cannot successfully
upgrade the production deployment or migrate, use the following resources
to help resolve the issue.
Self support
Use the Event Viewer to view events that can help you troubleshoot the issue. Microsoft Dynamics
CRM Server 2013 events are recorded under the sources that begin with MSCRM in the Event Viewer.
Turn on platform tracing. For instructions, see the tracing topics under Monitor and troubleshoot
Browse or search for knowledge base articles for Microsoft Dynamics CRM in the Microsoft
Dynamics CRM Solution Center.
Visit the CustomerSource or the PartnerSource website.
Assisted support
Contact Microsoft Customer Support Services. For a complete list of Microsoft
Customer Support Services telephone numbers and information, visit the
Microsoft Customer Support page.
153
Upgrade Microsoft Dynamics CRM for

Outlook
Microsoft Dynamics CRM for Microsoft Office Outlook is a Microsoft Office
Outlook add-in that lets Microsoft Dynamics CRM users complete CRM tasks
in the familiar Microsoft Outlook environment.
In This Topic
Microsoft Dynamics CRM for Outlook upgrade requirements
Cross-architecture upgrade of Microsoft Dynamics CRM for Outlook
Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM
2013 Server

upgrade requirements
A system capable of running Microsoft Dynamics CRM 2013 for
Microsoft Office Outlook. For the best performance when you run CRM
2013 for Outlook, make sure your PC is running 64-bit Windows and Microsoft
Office, has sufficient hard disk and RAM, and all the prerequisite software,
such as Microsoft Office and Internet Explorer. For information about the
hardware and software requirements for CRM 2013 for Outlook, see Microsoft
Dynamics CRM 2013 for Outlook hardware requirements and Microsoft Dynamics
CRM 2013 for Outlook software requirements.
Make sure you have at least Microsoft Dynamics CRM 2011 Update
Rollup 12 applied. Only Microsoft Dynamics CRM 2011 for Outlook with
Microsoft Dynamics CRM 2011 Update Rollup 12 or later update rollup is
compatible with Microsoft Dynamics CRM Server 2013.
Important
Although you can connect to Microsoft Dynamics CRM Server 2013
with Microsoft Dynamics CRM 2011 for Outlook with Microsoft
Dynamics CRM 2011 Update Rollup 12 or later update rollup, you
cannot take data offline by using Go offline. To take data offline,
upgrade to CRM 2013 for Outlook.
Although Microsoft Dynamics CRM 2011 for Outlook with Microsoft
Dynamics CRM 2011 Update Rollup 6 is supported for upgrade to CRM
154
2013 for Outlook, Microsoft Dynamics CRM 2011 for Outlook with
Microsoft Dynamics CRM 2011 Update Rollup 6 is incompatible with
All other Microsoft Dynamics CRM 2011 for Outlook update rollup
versions are not supported for upgrade.
Admin permission required. To install or upgrade CRM for Outlook, you
must have local administrator permission on the computer where you
perform the installation or upgrade.
Base languages must match. To upgrade Microsoft Dynamics CRM 2011
for Outlook, the base language of CRM 2013 for Outlook must match the base
language of Microsoft Dynamics CRM 2011 for Outlook.
Cannot upgrade when you are in Go offline mode. You cannot upgrade
Microsoft Dynamics CRM 2011 for Outlook when it is in Go offline mode. You
must bring Microsoft Dynamics CRM 2011 for Outlook online before you can
upgrade to CRM 2013 for Outlook.
Upgrade is required to continue offline access after server upgrade.
After the Microsoft Dynamics CRM Server 2011 deployment has been
upgraded to Microsoft Dynamics CRM Server 2013, users must upgrade to
CRM 2013 for Outlook to continue accessing data offline (Go offline). For
example, a particular user runs Microsoft Dynamics CRM 2011 for Outlook
and accesses data offline. This user's organization is upgraded from Microsoft
Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. Although there now
exists a client-server mismatch, users can still connect to the server and
access data online if they run Microsoft Dynamics CRM 2011 with at least
Microsoft Dynamics CRM 2011 Update Rollup 12. However, to go offline again,
the user must upgrade to CRM 2013 for Outlook.
Cross-architecture upgrade of Microsoft

Dynamics CRM for Outlook
If you intend to change to a different architecture (move from 32-bit to 64-bit)
while upgrading, note the following.
In-place cross-architecture upgrade is not supported. If you are running Microsoft Dynamics CRM
2011 for Outlook 32-bit, you can perform an in-place upgrade only to 32-bit CRM 2013 for Outlook.
This also applies to Microsoft Office: If you are running and intend to retain a 32-bit version of
Microsoft Office, you can upgrade only to 32-bit CRM 2013 for Outlook.
Cross-architecture upgrade requires uninstalling and reinstalling. If you have a 64-bit PC running
155
a 64-bit version of Microsoft Windows, you can change from 32-bit to 64-bit CRM 2013 for Outlook
by performing the following steps in the order listed.
a.
Make sure that your PC has a 64-bit version of Windows. How to determine whether a computer is
running a 32-bit version or 64-bit version of the Windows operating system.
b.
Uninstall Microsoft Dynamics CRM 2011 for Outlook.
c.
Uninstall Microsoft Office.
d.
Install a 64-bit edition of Microsoft Office.
e.
Install the 64-bit edition of CRM 2013 for Outlook.
For more information about installing CRM 2013 for Outlook, see Task 1:
Install Microsoft Dynamics CRM for Outlook.
Microsoft Dynamics CRM 2011 for Outlook

compatibility with Microsoft Dynamics
CRM 2013 Server
Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011
Update Rollup 12 or later update rollup is compatible with Microsoft Dynamics
CRM Server 2013. This compatibility eases the upgrade timeline to allow
administrators to do a phased rollout without work stoppages for Microsoft
Dynamics CRM 2011 for Outlook users who have not been upgraded to CRM
2013 for Outlook.
Important
Only Microsoft Dynamics CRM 2011 for Outlook with Microsoft
Dynamics CRM 2011 Update Rollup 12 or a later update rollup is
compatible with Microsoft Dynamics CRM Server 2013.
See Also
Before you upgrade: issues and considerations
156
Planning Deployment of Microsoft

Dynamics CRM 2013 Advanced Topics
Before you plan a deployment of Microsoft Dynamics CRM for an enterprise
business, such as an Internet-facing deployment (IFD) or multi-organization
deployment, read through the topics referenced here.
In This Section
Advanced deployment options for Microsoft Dynamics CRM Server 2013
See Also
Advanced deployment options for Microsoft Dynamics CRM for

Outlook
Installing Guide for Microsoft Dynamics CRM 2013 and Microsoft
Dynamics CRM Online
Advanced deployment options for

This section describes advanced deployment options for Microsoft Dynamics
CRM Server 2013.
Update Setup files by using a local

package
The update Setup feature can indicate if you have the latest updates to
Microsoft Dynamics CRM before you run Setup. With this feature, you can
specify where Setup locates the MSP package that is applied to the Setup
files. This gives you additional control over the update, and also lets you
apply the update package locally without the need of an Internet connection.
To specify the location, you must edit the XML configuration file <Patch>
element and then run Setup from the command prompt. For more
information, see Use the Command Prompt to Install Microsoft
Dynamics CRM.
157
Add or remove server roles

Use one of the following options to install server roles:
Run the Microsoft Dynamics CRM Server Setup Wizard to select one or more server role groups or
one or more individual server roles. If Microsoft Dynamics CRM Server 2011 is already installed, you
can use Programs and Features in Control Panel to add or remove server roles. For more information,
see Microsoft Dynamics CRM 2013 server roles.
Configure an XML configuration file and then run Setup at the command prompt to specify a server
role group or one or more individual server roles. For more information, see Install Microsoft
Dynamics CRM Server 2013 roles.
Use Windows Powershell to perform

deployment tasks
You can use Windows Powershell to perform many Microsoft Dynamics CRM
deployment tasks. For more information, see Administer the deployment
using Windows PowerShell.
See Also
Configure a Microsoft Dynamics CRM Internet-facing deployment
Configure a Microsoft Dynamics CRM

Internet-facing deployment
You can deploy Microsoft Dynamics CRM so that remote users can connect to
the application through the Internet. The following Internet-facing
deployment (IFD) configurations are supported:
Microsoft Dynamics CRM for internal users only
Microsoft Dynamics CRM for internal users and IFD access
Microsoft Dynamics CRM for IFD-only access
Configuring an IFD enables access to Microsoft Dynamics CRM from the

Internet, outside the company firewall, without using a virtual private network
(VPN) solution. Microsoft Dynamics CRM configured for Internet access uses
claims-based authentication to verify credentials of external users. When you
158
configure Microsoft Dynamics CRM for Internet access, integrated Windows

Authentication must remain in place for internal users.
To let users access the application over the Internet, the server that is
running Internet Information Services (IIS) where the Microsoft Dynamics CRM
application is installed must be available over the Internet.
For more information, see Accessing Microsoft Dynamics CRM from the Internet Claims-based authentication and IFD requirements .
In This Topic
About claims-based authentication
Internet-facing server best practices
Configure IFD
About claims-based authentication

The claims-based security model extends traditional authentication models to
include other directory sources that contain information about users. This
identity federation lets users from various sources, such as Active Directory
Domain Services (AD DS), customers via the Internet, or business partners,
authenticate with native single sign-on.
The claims-based model has three components: the relying party, which
needs the claim to decide what it is going to do; the identity provider, which
provides the claim; and the user, who decides what if any information they
want to provide. Microsoft provides a claims-based access solution called
Active Directory Federation Services (AD FS). AD FS enables Active Directory
Domain Services (AD DS) to be an identity provider in the claims-based
access platform.
AD FS consists of the following components:
AD FS Framework provides developers pre-built .NET security logic for building claims-aware
applications, enhancing either ASP.NET or WCF applications.
Active Directory Federation Services (AD FS) is a security token service (STS) for issuing and
transforming claims, enabling federations, and managing user access. Active Directory Federation
Services (AD FS) supports the WS-Trust, WS-Federation, and Security Assertion Markup Language
(SAML) protocols. Active Directory Federation Services (AD FS) can also issue manage information
cards for AD DS users.
For more information about AD FS, see:

159
Identity & Access
Active Directory Federation Services Overview (Windows Server 2012 AD FS 2.1)
Download AD FS 2.0 for Windows Server 2008: AD FS 2.0 RTW
Internet-facing server best practices

Implement a strong password policy
To reduce the risk of "brute-force attacks" we strongly recommend that you
implement a strong password policy for remote users who are accessing the
domain where Microsoft Dynamics CRM is installed. For more information
about how to implement a strong password policy in Windows Server, see
Creating a Strong Password Policy on Microsoft TechNet and the "Understanding
User Accounts" topic in Active Directory Users and Computers Help.
Internet connection firewall

The Windows Server 2012 and Windows Server 2008 operating systems
provide firewall software to prevent unauthorized connections to the server
from remote computers. For more information about how to configure the
Internet connection firewall for Internet Information Services (IIS) Manager,
see the IIS Help.
For information about how to make a Web site available on the Internet, see
the "Domain Name Resolution" topic in the IIS Help.
Proxy/firewall server
If you do not have a secure proxy and firewall solution on your network, we
recommend that you use a dedicated proxy and firewall server, such as
Forefront Unified Access Gateway (UAG). Forefront UAG can act as a gateway
between the Internet and Microsoft Dynamics CRM Server. Forefront UAG
protects your IT infrastructure while providing users with fast and secure
remote access to applications and data. For more information, see Forefront
Unified Access Gateway 2010.
Configure IFD
Use the following steps as configuration guidelines.
160
Step 1: Configure Microsoft Dynamics CRM Server

2013 for Internet access
You can configure Microsoft Dynamics CRM Server 2013 for Internet access.
To do this, run the Configure Claims-Based Authentication Wizard, and then
run the Internet-Facing Deployment Configuration Wizard where Microsoft
Dynamics CRM Server 2013 the Deployment Administration Server role is
installed. For more information, see the Deployment Manager Help.
Step 2: Configure Microsoft Dynamics CRM for

Outlook to connect to the Microsoft Dynamics CRM
Server 2013 by using the Internet
For Microsoft Dynamics CRM for Microsoft Office Outlook to be able to access
the Microsoft Dynamics CRM Server 2013 over the Internet, you must specify
the external Web address that will be used to access the Internet-facing
Microsoft Dynamics CRM Server 2013. To do this, you must install CRM for
Outlook, and then run the Configuration Wizard. Then, during configuration,
type the external Web address in the External Web address box. If you
install server roles, this Web address must specify where the Discovery Web
Service role is installed. For more information about how to configure CRM for
Outlook, see Task 2: Configure Microsoft Dynamics CRM for Outlook.
See Also
Key management in Microsoft Dynamics CRM
Key management in Microsoft

Dynamics CRM
To verify the identity of people and organizations, and to guarantee content
integrity, Microsoft Dynamics CRM generates digital certificates. These
electronic credentials bind the identity of the certificate owner to a pair of
electronic keys (public and private) that can be used to digitally encrypt and
sign information. The credentials ensure that the keys actually belong to the
person or organization specified.
In This Topic
Key types
161
Key regeneration and renewal

Key-management logging
Key storage
How to encrypt Microsoft Dynamics CRM keys
Key types
Microsoft Dynamics CRM uses two kinds of private encryption keys for
deployments accessed over the Internet:
Web remote procedure call (WRPC) token key. This key is used to generate a security token, which
helps make sure that the request originated from the user who made the request. This security token
decreases the likelihood of certain attacks, such as a cross-site request forgery (one-click) attack.
CRM e-mail credentials key. This key encrypts the credentials for the Email Router, an optional
component of Microsoft Dynamics CRM.
Key regeneration and renewal

CRM ticket keys are automatically generated and renewed and then
distributed, or deployed, to all computers running Microsoft Dynamics CRM or
running a specific Microsoft Dynamics CRM Server 2013 role. These keys are
regenerated periodically and, in turn, replace the previous keys. By default,
key regeneration occurs every 24 hours.
Key-management logging
Microsoft Dynamics CRM records encryption-key events in the Application log.
By using the Event Viewer, you can filter on the Source column and look for
MSCRMKeySERVICENAME entries, where SERVICENAME is the key management
service, such as MSCRMKeyArchiveManager or MSCRMKeyGenerator.
Key storage
Cryptographic keys are stored in the Microsoft Dynamics CRM configuration
database (MSCRM_CONFIG).
Warning
By default, encryption keys are not stored in the configuration
database in an encrypted format. We strongly recommend that you
specify encryption when you run Setup as described below.
162
How to encrypt Microsoft Dynamics CRM

keys
Before you run Microsoft Dynamics CRM Setup, you can add the
<encryptionkeys> entry in the XML configuration file, and then run Microsoft
Dynamics CRM Server Setup at the command prompt. During the installation,
Setup creates a server master key and database master key, which are used
to encrypt Microsoft Dynamics CRM certificates.
For more information, see the <encryptionkeys> element in the Microsoft
Dynamics CRM 2013 Server XML configuration file topic.
See Also
Multi-organization deployment
Multi-organization deployment
Deployment Manager is a Microsoft Management Console (MMC) snap-in that
deployment administrators can use to manage organizations, servers, and
licenses for deployments of Microsoft Dynamics CRM. Deployment Manager is
installed with the Full Server, Deployment Administration Server or
Deployment Tools server roles.
In the Organizations area of the Deployment Manager, you import, create,
update, enable, disable, or remove organizations. For more information about
organization management in Microsoft Dynamics CRM, see the Deployment
Manager Help.
Alternatively, you can perform Microsoft Dynamics CRM deployment tasks,
such as organization management, using Windows PowerShell. For more
information about PowerShell, see Administer the deployment using
Windows PowerShell.
Important
There are several names that cannot be used to name an organization.
To view a list of reserved names, open the ReservedNames table in the
MSCRM_CONFIG database, and review the names in the ReservedName
column or use the following SQL query.
163
USE MSCRM_CONFIG SELECT ReservedName FROM ReservedNames
See Also
Advanced deployment options for Microsoft Dynamics CRM for

Outlook
Accessibility in Microsoft Dynamics

CRM
Administrators and users who have administrative responsibilities typically
use the Settings area of the Microsoft Dynamics CRM web application to
manage Microsoft Dynamics CRM Online. A mouse and keyboard are the
typical devices that administrators use to interact with the application.
Users who dont use a mouse can use a keyboard to navigate the user
interface and complete actions. The ability to use the keyboard in this way is
a result of support for keyboard interactions that a browser provides.
For more information, see the following Microsoft Dynamics CRM web
application accessibility topics:
Use Keyboard Shortcuts
Accessibility for People with Disabilities
Administrators and other users who have administrative responsibilities for

on-premises deployments of Microsoft Dynamics CRM 2013 also use Microsoft
Dynamics CRM Deployment Manager, a Microsoft Management Console
(MMC) application, to manage on-premises deployments of Microsoft
For more information, see the following Microsoft Management Console
(MMC) accessibility topics:
Navigation in MMC Using the Keyboard and Mouse
MMC Keyboard Shortcuts
164
Accessibility features in browsers

The following table contains links to documentation about web browser
accessibility.
Browser
Documentation
Internet Explorer
Accessibility in Internet Explorer

Language Support and Accessibility Features
Mozilla Firefox
Accessibility features in Firefox
Apple Safari
Safari
Google Chrome
Accessibility Technical Documentation
See Also
Microsoft Accessibility Resource Center
165

Microsoft Dynamics CRM 2013 System Requirements Document

Uploaded by

Copyright:

Available Formats

Microsoft Dynamics CRM 2013 System Requirements Document

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Microsoft Dynamics CRM 2013 System Requirements Document

Uploaded by

Copyright:

Available Formats

What are the main sections covered in the document?

What are the main sections covered in the document?

What are the system requirements outlined for Microsoft Dynamics CRM?

What are the system requirements outlined for Microsoft Dynamics CRM?

Microsoft Dynamics CRM 2013

This document is provided "as-is". Information and views expressed in this

Microsoft Dynamics CRM Server 2013 hardware requirements......................19

Messaging and transport protocols..............................................................34

SQL Server deployment considerations.......................................................60

Microsoft Dynamics CRM 2013 server roles.................................................101

Changes to duplicate detection.................................................................120

Key management in Microsoft Dynamics CRM.............................................133

Planning Guide for Microsoft

Send us your comments about this

Planning Your Deployment of

Customization technical staff. Responsible for implementing the planned customizations.

Project manager. Responsible for managing an enterprise-wide implementation project.

Resources for planning Microsoft

Microsoft Dynamics SureStep

Manage your Microsoft Dynamics CRM Online

Microsoft Dynamics CRM editions and

Editions and licensing for on-premises

Client Access License Types

Microsoft Dynamics CRM Online licensing

What's new in Microsoft Dynamics

Whats changed in this release?

New in both Microsoft Dynamics CRM

New Microsoft Dynamics CRM Online

Expanded licensing plans

New Microsoft Dynamics CRM 2013 (onpremises) features

Volume Shadow Service (VSS) support

Microsoft Dynamics CRM 2013 Best Practices Analyzer

Defer the base and extension table merge as part of

What's new for administrators in Microsoft Dynamics CRM 2013 and

Microsoft Dynamics CRM 2013 system

Microsoft Office Outlook (optional).

Microsoft Dynamics CRM 2013 on-premises versions have a much larger

Microsoft Windows Server

A Microsoft Windows Server Active Directory infrastructure

An Internet Information Services (IIS) website

Microsoft SQL Server 2008 or Microsoft SQL Server 2012

Microsoft Exchange Server or access to a POP3-compliant email server (optional)

SharePoint Server (required for document management)

Claims-based security token service (required for Internet-facing deployments)

Microsoft Office Outlook (optional).

Microsoft Dynamics CRM 2013 Email Router hardware requirements

Microsoft Dynamics CRM Server 2013

x64 architecture or compatible dual-core 1.5

Quad-core x64 arc

8-GB RAM or more

paging, hibernation, and dump files.

* Actual requirements and product functionality may vary based on your

Microsoft SQL Server hardware

x64 architecture or compatible dual-core

Quad-core x64 arc

SAS RAID 5 or RAID 10 hard disk array

* Actual requirements and product functionality may vary based on your

Software requirements for Microsoft

Windows Server operating system