Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Business Central 3 Tie...
Small and medium business | Business Central, N...
Suggested answer

Business Central 3 Tier Installation on 3 Azure VM'S

(0) ShareShare
ReportReport
Posted on by adil.dyna365 5

Hi,

I have configured 3 VM's for the installation as below. 

1: DBSERVER 2: APPSERVER 3: WEBSERVER. 

DB Server acting as a Domain Controller and all VM's joined to a Domain.

Created one Domain Admin user and assign required permission on Database. Installed the Components on Respective VM's and Run the Business Central Instance with the Admin user. 

Server is configured with Access Control Service Authentication and using Self Signed Certificate for the testing purpose , created App registration in Azure and fill the required fields in Azure AD Tab on the Instance. 

After Installing Web Components on 3rd VM , i am not able to access the Business Central. IIS is configured and Authentication is enabled on IIS ( Windows , Anonymous). 

After several failed attempt , i have installed the Web Server on the APPSERVER VM itself and everything is working well from there and we are able to access Business Central using ACS Authentication method. 

It will be really helpful if anyone help me to configure the Web Server on 3rd VM because we have to keep this as an Architecture for several reasons , we cannot keep the Web Server on App server VM due to security reasons. 

Followed all possible steps written in Microsoft Blogs like Registering SPN on the APPSERVER because I was facing delegation issues when i was using Windows Authentication. 

Note : 

Using BC 18 CU 03 On- Premise. 

Thanks in Advance. 

Adil

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Business Central 3 Tier Installation on 3 Azure VM'S

    Hello,

    You mention two things:

    1. you are using AccessControlService as authentication type for NST / IIS

    2. you did configure kerberos authentication, when you put the IIS on a separate machine, you need constrained kerberos delegation

    If the scenario fails when connecting to BC from IIS, the following very old article may apply (it is not very well known in the channel as it seems as we continue keeping requests about it):

    docs.microsoft.com/.../accessing-server-locally-with-fqdn-cname-alias-denied

    Usually I use the BackConnectionHostName registry key.

    Best is to use Azure AD authentication, this will make the scenario less complicated.

    Hope it helps.

    Thank you.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Ramesh Kumar – Community Spotlight

We are honored to recognize Ramesh Kumar as our July 2025 Community…

Congratulations to the June Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
Sohail Ahmed Profile Picture

Sohail Ahmed 2,655

#2
Mansi Soni Profile Picture

Mansi Soni 1,574

#3
YUN ZHU Profile Picture

YUN ZHU 1,453 Super User 2025 Season 1

Last month Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans