Skip to main content

Notifications

Simplifying D365 Finance + Operations On-Premises Deployment with Separate AOS and Service Fabric Certificates

In this post, I'll guide you through updates to the node-topology file for D365 Finance and Operations on-premises deployment with distinct certificates for AOS and Service Fabric Server. Before you begin: always remember to check the On-premises deployment home page on Microsoft Learn for the latest instructions.
 
We'll be using the following files:
  • infrastructure\ConfigTemplate.xml
  • infrastructure\D365FO-OP\NodeTopologyDefinition.xml
Configtemplate.xml: This file is detailed in Configure the infrastructure scripts for your Finance + Operations (on-premises) deployment. It contains information about the certificates required to secure communications for on-premises deployment.
 
In scenarios where you're employing separate certificates for AOS and Service Fabric Server or you have a distinct VM for DMF, updating the NodeTopology file is a good move. This ensures that deployment scripts distribute the correct certificates to their respective VMs, minimizing manual intervention.
Note: All configuration updates must be made during “Describe your configuration” step of deployment stepof deployment
This is a quick example of a distinct AOS certificate in config-template file (infrastructure\ConfigTemplate.xml):
 
 
Updates to NodeTopologyDefinition (infrastructure\D365FO-OP\NodeTopologyDefinition.xml):
1. Locate the AOS node
 
 
2. Add AOS Certificate
 
3. Locate the SSIS node (<NodeTopology purpose="SSIS">):
4. Add the AOS certificate
5. Locate the MR node (<NodeTopology purpose="MR">):
6. Add the AOS certificate
 7.  Save file
 
 Now you can proceed with infrastructure preparation by executing:
.\Export-Scripts.ps1-ConfigurationFilePath.\ConfigTemplate.xml-D365FOVersion"<Version of Dynamics 365 that you will deploy>"
This command distributes scripts and the necessary certificates to the respective virtual machines.
  
Note:
On the step Deploy your Finance + Operations (on-premises) environment from Lifecycle Services you need to disregard the output for SSL (WCF/SOAP) Thumbprint and use AOS certificate instead.
 
Happy On-premises deployments.
 
P.S. Here is a quick script that will take care of the NodeTopologyDefinition file updates.
param
(
   [string]$XmlPath
)
if (-not (Test-Path -Path $XmlPath))
{
   Write-Host "File not found: $XmlPath"
   exit
}
$xml = [xml](Get-Content -Path $XmlPath)
$nodes = $xml.SelectNodes("//NodeTopology[@purpose='AOS' or @purpose='MR' or @purpose='SSIS']")
foreach ($node in $nodes)
{
   $certificatesElement = $node.SelectSingleNode("Certificates")
   $serviceFabricCertificate = $certificatesElement.SelectSingleNode("Certificate[@type='ServiceFabric']")
   # Check if a certificate with type 'AOS' and purpose 'AOS' already exists
   $existingAosCertificate = $certificatesElement.SelectSingleNode("Certificate[@type='AOS']")
   if ($serviceFabricCertificate -ne $null -and $existingAosCertificate -eq $null)
   {
       $aosCertificate = $serviceFabricCertificate.Clone()
       $aosCertificate.SetAttribute("type", "AOS")
       $certificatesElement.AppendChild($aosCertificate)
   }
}
$xml.Save($XmlPath)
 

Comments

*This post is locked for comments