3 Apr 2013 10:29 AM **Update** This change is live and has been tested at this time. Recent security enhancements require the Microsoft Dynamics CRM Online service to use a new certificate to authenticate against the Windows Azure service. Use the steps in this article to change the configuration in your Windows Azure namespace. These changes are necessary, and will allow the messages sent from the Microsoft Dynamics CRM Online service to your Windows Azure service endpoint to be authenticated with both the current certificate and the newer certificate that will be available soon. The go-live date is Thursday, April 25th 2013 for the new certificate. This configuration change should be made before Thursday, April 25th 2013 globally to ensure minimal impact. In order to serve you better, we are consolidating our certificate renewal process. Moving forward, certificate renewals will occur around this time period every other year. Our goal is to help ease any planning efforts and reduce any impact to your business. Note: Do not remove the old certificate until after 4/25/2013, as the new one is not valid until this date. However, both the new and old certificates can exist simultaneously without issues. Note: If you don’t make these changes, any integrations to Microsoft Dynamics CRM that use the Windows Azure Service bus will stop working. Also, if you use PluginRegistration tool to verify authentication, you’ll see an error message similar to this one: “The token provider was unable to provide a security token. The remote server returned an error: (401) Unauthorized”. When you have completed the procedures in this article, your ACS access control will be configured to allow Microsoft Dynamics CRM to continue to send messages with the new certificates. First, retrieve the list of service endpoints. The steps in this article will need to be performed for each of the service endpoints. To find the service endpoints, in Microsoft Dynamics CRM, navigate to Settings, click Customizations, click Customize the System, and select Service Endpoints as shown in the following illustration. Note: If the service endpoint connection mode is "Federated," you also need to repeat the same steps in the following instructions for https://<servicenamespace>.accesscontrol.windows.net/v2/mgmt/web To configure access control for a service namespace: In a web browser, go to https://<servicenamespace>-sb.accesscontrol.windows.net/v2/mgmt/web Note: If you do not have access, contact the solution developer to perform the steps. Under Service settings, click Service Identities. Select the check box next to your Microsoft Dynamics CRM Online service identity. Please note the following items: If your organization URL contains “crm.dynamics.com”, click here to download the public certificate and save it to your disk. Also, select the check box next to “crm.dynamics.com”. If your organization URL contains “crm4.dynamics.com”, click here to download the public certificate and save it to your disk. Also, select the check box next to “crm4.dynamics.com” If your organization URL contains “crm5.dynamics.com”, click here to download the public certificate and save it to your disk. Also, select the check box next to “crm5.dynamics.com”. Click Add just above the list. You’ll see the following screen. Under Type, choose X509, and then click Add. In the Add Credential screen (shown below), browse to the public certificate you previously saved to disk, and click Save. You should now see the current (soon to expire) and new certificates in the Credentials list. Congratulations! You've now configured your namespace so that Microsoft Dynamics CRM can continue to post to the Windows Azure Service Bus successfully!