Software requirements for Microsoft Dynamics 365 Server
Applies to Dynamics 365 for Customer Engagement apps version 9.x (on-premises)
This topic lists the software and application requirements for this version of Dynamics 365 Server.
Windows Server operating system
This version of Dynamics 365 Server can be installed only on Windows Server 64-bit-based computers. The specific versions and editions of Windows Server that are supported for installing and running this version of Dynamics 365 Server are listed in the following sections.
Supported Windows Server 2016 editions
The following editions of the Windows Server 2016 operating system are supported for installing and running Dynamics 365 Server:
Windows Server 2016 Standard
Windows Server 2016 Datacenter
The following Windows Server versions are not supported for installing and running this version of Dynamics 365 Server:
- Windows Server 2016 Essentials
- Windows Server 2012 family of operating systems
- Windows Server 2012 R2 family of operating systems
- Windows Server 2008 family of operating systems
Server Core installations
With the exception of the Dynamics 365 Help Server and Microsoft Dynamics 365 Reporting Extensions roles, you can install any Dynamics 365 Server server role on a Server Core installation of Windows Server. Server Core is a minimal server installation option for the Windows Server family of operating systems. Server Core provides a low-maintenance server environment with limited functionality. For more information about Server Core as implemented on Windows Server 2016, see Server Core for Windows Server 2016.
To install Dynamics 365 Server on a Server Core Windows Server, you must run Setup in silent mode from the command line.
The Help Server role cannot be installed on a Windows Server running as Server Core.
Microsoft Dynamics 365 Reporting Extensions for SQL Server Reporting Services cannot be installed on Server Core. This is because SQL Server Reporting Services, which is required by Microsoft Dynamics 365 Reporting Extensions for SQL Server Reporting Services, cannot be installed on a Windows Server running Server Core.
Dynamics 365 servers can be deployed in a virtualized environment by using Windows Server 2016 with Hyper-V or virtualization solutions from vendors who participate in the Microsoft Windows Server Virtualization Validation Program (SVVP). You must understand the limitations and best practices of server virtualization before you try to virtualize your installation of Dynamics 365.
Active Directory modes
The computer that Dynamics 365 Server is running on must be a member of a domain that is running in one of the following Active Directory directory service forest and domain functional levels:
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
For more information about Active Directory domain and forest functional levels, see the Active Directory Domains and Trusts Microsoft Management Console (MMC) snap-in Help.
- The computer that Dynamics 365 Server is running on shouldn’t function as an Active Directory domain controller.
- When you use the Add Users Wizard, only users from trusted domains in the current forest will be displayed. Users from trusted external forests aren’t supported and don’t appear in the wizard.
- Installing Dynamics 365 Server in an LDAP directory that is running in Active Directory Application Mode (ADAM) is not supported.
Internet Information Services (IIS)
This version of Dynamics 365 Server supports Internet Information Services (IIS) version 10.
We recommend that you install and run IIS in Native Mode before you install Dynamics 365 Server. However, if IIS is not installed and it is required for a Dynamics 365 server role, Microsoft Dynamics 365 Server Setup will install it.
Dynamics 365 can’t use a website that has more than one HTTP or HTTPS binding. Although IIS supports multiple HTTP and HTTPS bindings, there is a limitation in using additional bindings with Windows Communication Foundation (WCF). WCF is required when you use Microsoft Dynamics 365 for Outlook. Before you install or upgrade, you must remove the additional bindings from the website used for Dynamics 365 or select a different website.
SQL Server editions
Any one of the following SQL Server editions is required, running, and available for Dynamics 365:
- Microsoft SQL Server 2017 Enterprise
- Microsoft SQL Server 2017 Standard
- Microsoft SQL Server 2017 Developer (for non-production use only)
- Microsoft SQL Server 2016 Enterprise, with Cumulative Update 2
- Microsoft SQL Server 2016 Standard, with Cumulative Update 2
- Microsoft SQL Server 2016 Developer, with Cumulative Update 2 (for non-production use only)
- SQL Server Express editions are not supported for use with this version of Dynamics 365 Server.
Accessing Microsoft Dynamics 365 from the internet - Claims-based authentication and IFD requirements
The following items are required or recommended for Internet-facing deployment (IFD). This topic assumes you will be using Active Directory Federation Services (AD FS) as the security token service (STS).
Exposing the Dynamics 365 website to the internet is not supported unless claims-based authentication is used and Dynamics 365 is configured for IFD.
Similarly, Outlook Anywhere (RPC over HTTP) is not supported as a solution to connect Dynamics 365 for Outlook to an on-premises deployment of Dynamics 365 Server over the internet. The on-premises deployment of Dynamics 365 Server must be configured for IFD.
In order for Dynamics 365 for tablets to successfully connect to a new deployment of Dynamics 365 Server, you must run a Repair of Dynamics 365 Server on the server running IIS where the Web Application Server role is installed after the Internet-Facing Deployment Configuration Wizard is successfully completed.
The computer where Dynamics 365 Server is installed must have access to a security token service (STS) service, such as Active Directory Federation Services (AD FS) federation server. Dynamics 365 Server supports the following Active Directory Federation Services (AD FS) versions:
- Active Directory Federation Services (AD FS) 2.1 (Windows Server 2012)
- Active Directory Federation Services (AD FS) Windows Server 2012 R2 AD FS (Windows Server 2012 R2)
- Active Directory Federation Services (AD FS) Windows Server 2016 AD FS.
Note the following conditions for the web components before you configure IFD:
If you are installing Dynamics 365 in a single server configuration, be aware that Active Directory Federation Services 2.0 installs on the default website. Therefore, you must create a new website for Dynamics 365.
When you run the Internet-Facing Deployment Configuration Wizard, Dynamics 365 Server must be running on a website that is configured to use Transport Layer Security (TLS) or Secure Sockets Layer (SSL). Microsoft Dynamics 365 Server Setup will not configure the website for TLS/SSL.
We recommend that the IIS website where the Dynamics 365 web application will be installed requires TLS/SSL.
The website should have a single binding. Multiple IIS bindings, such as a website with an HTTPS and an HTTP binding or two HTTPS or two HTTP bindings, are not supported for running Dynamics 365.
Access to the Active Directory Federation Services (AD FS) federation metadata file from the computer where the Configure Claims-Based Authentication Wizard is run. Note the following:
- The federation metadata endpoint must use the web services trust model (WS-Trust) 1.3 standard. Endpoints that use a previous standard, such as the WS-Trust 2005 standard, are not supported. In Active Directory Federation Services 2.0, all WS-Trust 1.3 endpoints contain /trust/13/ in the URL path.
Encryption certificates. The following encryption certificates are required. You can use the same encryption certificate for both purposes, such as when you use a wildcard certificate:
If you use a certificate that is created by using a custom certificate request, the template that was used must be the Legacy key template. Custom certificate requests created by using the CNG key template are incompatible with Dynamics 365. For more information about custom certificate request templates, see Create a Custom Certificate Request.
Claims encryption. Claims-based authentication requires identities to provide an encryption certificate for authentication. This certificate should be trusted by the computer where you are installing Dynamics 365 Server so it must be located in the local Personal store where the Configure Claims-Based Authentication Wizard is running.
TLS/SSL (HTTPS) encryption. The certificates for TLS/SSL encryption should be valid for host names similar to org.contoso.com, auth.contoso.com, and dev.contoso.com. To satisfy this requirement, you can use a single wildcard certificate (*.contoso.com), a certificate that supports Subject Alternative Names, or individual certificates for each name. Individual certificates for each host name are only valid if you use different servers for each web server role. Multiple IIS bindings, such as a website with two HTTPS or two HTTP bindings, aren’t supported for running Dynamics 365. For more information about available options, contact your certification authority service company or your certification authority administrator.
The CRMAppPool account of each Microsoft Dynamics 365 website must have read permission to the private key of the encryption certificate specified when configuring claims-based authentication. You can use the Certificates Microsoft Management Console (MMC) snap-in to edit permissions for the encryption certificate found in the Personal store of the local computer account.
Software component prerequisites
The following SQL Server components must be installed and running on the computer that is running SQL Server before you install Dynamics 365 Server:
SQL word breakers
This is only required for some Dynamics 365 language editions. For more information about word breaker versions for languages supported by SQL Server, see Configure and Manage Word Breakers and Stemmers for Search.
SQL Server Agent service
SQL Server full-text indexing
The following components must be installed and running on the computer where Dynamics 365 Server will be installed:
To install this service, see the Windows Server documentation.
World Wide Web Publishing
Net.Tcp Port Sharing Service
Windows Data Access Components (MDAC)
Microsoft ASP.NET (Must be registered, but does not have to be running.)
Before you install Dynamics 365 Server, you should understand the following:
SQL Server can be, but is not required to be, installed on the same computer as Dynamics 365 Server.
If Dynamics 365 Server and SQL Server are installed on different computers, both computers must be in the same Active Directory directory service domain.
SQL Server can be installed by using either Windows Authentication or mixed-mode authentication. (Windows Authentication is recommended for increased security and Dynamics 365 will use only Windows Authentication).
The service account that SQL Server uses to log on to the network must be either a domain user account (recommended) or one of the built-in system accounts supported by SQL Server (Network Service, Local Service, or Local System). Installation of Dynamics 365 Server will fail if the SQL Server service account is the local administrator.
The SQL Server service must be started and can be configured to automatically start when the computer is started.
The SQL Server Reporting Services service must be started and configured to automatically start when the computer is started.
The SQL Server Agent service must be started. This service can be configured to automatically start when the computer is started.
Although it is optional, we recommend that you accept the SQL Server default settings for Collation Designator, Sort Order, and SQL Collation. Dynamics 365 supports both case-sensitive and case-insensitive sort orders.
Microsoft Dynamics 365 Server Setup requires at least one network protocol to be enabled to authenticate by using SQL Server. By default, TCP/IP protocol is enabled when you install SQL Server. You can view network protocols in SQL Server Configuration Manager.