Simplifying D365 Finance + Operations On-Premises Deployment with Separate AOS and Service Fabric Certificates
In this post, I'll guide you through updates to the node-topology file for D365 Finance and Operations on-premises deployment with distinct certificates for AOS and Service Fabric Server. Before you begin: always remember to check the On-premises deployment home page on Microsoft Learn for the latest instructions.
We'll be using the following files:
- infrastructure\ConfigTemplate.xml
- infrastructure\D365FO-OP\NodeTopologyDefinition.xml
Configtemplate.xml: This file is detailed in Configure the infrastructure scripts for your Finance + Operations (on-premises) deployment. It contains information about the certificates required to secure communications for on-premises deployment.
In scenarios where you're employing separate certificates for AOS and Service Fabric Server or you have a distinct VM for DMF, updating the NodeTopology file is a good move. This ensures that deployment scripts distribute the correct certificates to their respective VMs, minimizing manual intervention.
Note: All configuration updates must be made during “Describe your configuration” step of deployment stepof deployment
This is a quick example of a distinct AOS certificate in config-template file (infrastructure\ConfigTemplate.xml):
In scenarios where you're employing separate certificates for AOS and Service Fabric Server or you have a distinct VM for DMF, updating the NodeTopology file is a good move. This ensures that deployment scripts distribute the correct certificates to their respective VMs, minimizing manual intervention.
Note: All configuration updates must be made during “Describe your configuration” step of deployment stepof deployment
This is a quick example of a distinct AOS certificate in config-template file (infrastructure\ConfigTemplate.xml):
Updates to NodeTopologyDefinition (infrastructure\D365FO-OP\NodeTopologyDefinition.xml):
1. Locate the AOS node
2. Add AOS Certificate
3. Locate the SSIS node (<NodeTopology purpose="SSIS">):
4. Add the AOS certificate
5. Locate the MR node (<NodeTopology purpose="MR">):
6. Add the AOS certificate
7. Save file
Now you can proceed with infrastructure preparation by executing:
.\Export-Scripts.ps1-ConfigurationFilePath.\ConfigTemplate.xml-D365FOVersion"<Version of Dynamics 365 that you will deploy>"
This command distributes scripts and the necessary certificates to the respective virtual machines.
Note:
Note:
On the step Deploy your Finance + Operations (on-premises) environment from Lifecycle Services you need to disregard the output for SSL (WCF/SOAP) Thumbprint and use AOS certificate instead.
Happy On-premises deployments.
P.S. Here is a quick script that will take care of the NodeTopologyDefinition file updates.
param
(
[string]$XmlPath
)
if (-not (Test-Path -Path $XmlPath))
{
Write-Host "File not found: $XmlPath"
exit
}
$xml = [xml](Get-Content -Path $XmlPath)
$nodes = $xml.SelectNodes("//NodeTopology[@purpose='AOS' or @purpose='MR' or @purpose='SSIS']")
foreach ($node in $nodes)
{
$certificatesElement = $node.SelectSingleNode("Certificates")
$serviceFabricCertificate = $certificatesElement.SelectSingleNode("Certificate[@type='ServiceFabric']")
# Check if a certificate with type 'AOS' and purpose 'AOS' already exists
$existingAosCertificate = $certificatesElement.SelectSingleNode("Certificate[@type='AOS']")
if ($serviceFabricCertificate -ne $null -and $existingAosCertificate -eq $null)
{
$aosCertificate = $serviceFabricCertificate.Clone()
$aosCertificate.SetAttribute("type", "AOS")
$certificatesElement.AppendChild($aosCertificate)
}
}
$xml.Save($XmlPath)
*This post is locked for comments