Connecting to Microsoft Dynamics CRM

A Dynamics CRM Organization is required with one of the following versions of Microsoft Dynamics CRM 2011 or later:

● Microsoft Dynamics CRM Online (365)

● Microsoft Dynamics CRM On-premise

● Microsoft Dynamics CRM Partner Hosted, or an Internet Facing Deployment (IFD)

Microsoft Dynamics Web Services is used for all integration tasks. The connection can be made by HTTP or HTTPS. In the case that HTTPS is a requirement by the Organization, the SSL certificate must be valid.

Granting Access

CRM Role

A system administrator user role is needed in order to properly set up the Dynamics environment for the integration.

Firewall Exceptions

Your CRM environment(s) must be accessible by LyntonWeb in order to set up and maintain the integration. The following IP addresses should be allowed for port 80 and 443 access: and As an alternative, you may choose to instead install the On-Premise agent (see below).

Connection Methods

Cloud Agent

A cloud agent is used to connect to Dynamics CRM Online, as well as publicly accessible on-premise environments. 

On-Premise Agent (if unable to allow access to proper IP addresses)

An on-premise agent is recommended for production environments where Dynamics CRM is hosted behind a firewall and the firewall is unable to be opened to allow inbound access from these two IP addresses: and 

Scope of CRM Customizations

You will install a managed package containing field and form customizations on the Lead and Contact entity. All fields added are prefixed with scribe_ in the field name. Customizations may be reverted by uninstalling the managed package. No customizations are needed to the CRM server itself, and all data integration is performed over web services.

Installing On-Premise Agent

The On-Premise Agent facilitates communication between HubSpot and your on-premise data source. It provides secure communications to the integration service without opening security holes in your corporate firewall. This is the most efficient means of integrating with on-premise data and reduces the bandwidth used in an integration.

Check the system configuration

The on-premise agent is supported on computers running the following operating systems:

● Windows Server 2012 Standard or Datacenter Editions (64-bit)

● Windows 8 Enterprise Edition (32-bit or 64-bit)

● Windows Server 2008 R2 Enterprise or Standard Edition (64-bit)

● Windows Server 2008 SP2 Enterprise or Standard Edition (32-bit or 64-bit)

● Windows 7 Enterprise Edition (32-bit or 64-bit)

It is recommended that you install all Windows updates before installing an agent. When setting up your production environment, it is recommended that you install agents in a Windows Server environment.

If your computer is running Windows Server 2008, Windows Server 2008 R2, or Windows 7, the following Microsoft components are also required:

● Microsoft® .NET Framework 4.0 (full version).

● Microsoft Windows Identity Foundation (WIF).

If Microsoft .NET Framework or WIF are not already installed, you will be prompted to install them before you can install the agent. However, the configuration process will run more smoothly if these applications are already available. If your computer is running Windows Server 2012 or Windows 8, Microsoft .NET Framework 4.5 and Windows Identity Foundation (WIF) are automatically installed. Depending on your

environment, you may need to enable WIF 3.5.

To enable WIF:

1. Open the Turn Windows features on or off dialog box.

2. Scroll to and select the checkbox for Windows Identity Framework 3.5.

3. Click OK.

4. Windows will turn WIF 3.5. on

Begin installing the agent

1. From the Welcome to Setup page, click Next.

2. Paste in the Agent Key provided to you (use Ctrl-V), then click Next.

3. Decide where you want to install the on-premise agent. To use the default location, click Next. To select a different location, click Change, browse to the new location, and click Next.

4. Click Install Agent, then click Finish.

5. After you click Finish, the Agent connects with the integration service, which may take a few minutes. When the connection is successful, the following message displays on the Manage Agents: New dialog box:

<Agent_name> available

Where Agent_name is the name of your Agent, based on the name of the computer on which the on-premise agent is installed.

6. Click Close to close the Manage Agents: New dialog box.

Installing An On-Premise Agent With Proxy Servers Or Firewalls

For many networks, security configurations include either proxy servers or firewalls. While Scribe Online is in the Cloud, your On-Premise Agent is installed on a computer, as shown in the following diagram:

If your site uses either proxy servers or firewalls, some additional steps are required to allow the Scribe Online On-Premise Agent access to the cloud.

Symptoms that your On-Premise Agent may be behind a network firewall or proxy are:

● You are unable to establish a connection to

● When installing a Scribe Online On-Premise Agent, you receive the following error:

● When running a Scribe Online Solution, the status displays Starting or In Progress for extended periods of time with no records being processed.

● You cannot create any Connections using your On-Premise Agent or receive a message that No Connectors were found.

● The rolling log for the Scribe Online Agent (..ÄScribe SoftwareÄScribe Online AgentÄlogs) contains the following error message: (407) Proxy Authentication Required

If you encounter any of these issues, or do not know whether your organization uses advanced security measures such as a proxy server or firewall traffic filtering contact your Network Administrator. When using a proxy server, Scribe Online requires that your Scribe Online Agent use Windows Authentication for access through the proxy server; other authentication methods are not currently


Configuring The On-Premise Agent For Proxy Servers

Setting Up Ports And The Active Directory Account

1. Make sure that all of the following TCP ports are open. If needed, talk to your IT Administrator:

● Ports 80 and 443. These ports are required to communicate with the Scribe Online website. If these ports are not open, the Scribe Online Agent is not fully accessible from the Scribe Online website.

● Ports 5671 and 5672, and 9350 through 9355. These ports are used by the Enterprise Service Bus (ESB) to communicate with Agents. While Scribe recommends that you open these ports, they are not required. Depending on your configuration, if the Scribe Online Agent cannot connect with the ESB, any Solutions that use that Agent will not function as expected.

2. Set up an Active Directory account with permissions to go through the proxy that uses these ports on the proxy server.

Editing The Scribe.Core.ProcessorService.Exe.Config File

To configure the Scribe Online On-Premise Agent to use the Active Directory User account when communicating through the proxy, modify the Scribe.Core.ProcessorService.exe.config file on the computer on which the Agent is installed. Use a text editor, such as Notepad, to open the

Scribe.Core.ProcessorService.exe.config file from the Agent installation folder.

The default location for this file is ..ÄProgram Files [(x86)]ÄScribe SoftwareÄScribe Online AgentÄ.

In the Scribe.Core.ProcessorService.exe.config file:

1. Find the section that begins with <basicHttpBinding>, as follows:

2. To the following line:

3. <transport clientCredentialType="None"/>

4. Add:

5. <transport clientCredentialType="None" proxyCredentialType="Windows"/>

6. For example:

7. In the same file, find the appSettings section. After the line that begins:

8. <add key="Agent ID" value="21EC2020-3AEA-1069-A2DD-08002B30309D"/>

9. Add the following line to explicitly state that any calls made through the network by the Scribe Online Agent use TCP:

10. <add key="ServiceBusConnectionMode" value="Tcp"/>

11. For example:

12. Save and close the Scribe.Core.ProcessorService.exe.config file.

Editing Scribe Online Agent Service Properties

After you modify the Scribe.Core.ProcessorService.exe.config file, you need to change the user account

running the service.

1. From the Scribe server, open Windows Services, right-click on Scribe Online Agent service and select Properties .

2. From the Log On tab of the Scribe Online Agent Properties dialog box, change the service to log on as a domain user for which your Network Administrator has granted permissions to have access through the proxy.

3. As a test, log in to the computer as the domain user, and then try to sign in to Scribe Online. Make sure that Internet Explorer is not set up to use a proxy server. If you can access and sign in to, then your user has the necessary permissions.

4. Save the changes you made to the Scribe Online Agent Service properties.

5. Restart the Agent Service.

6. Test your changes by signing into Scribe Online and testing a Connection. If you can successfully test a Connection, then the Agent is functioning properly through the proxy server. In addition to changes for Scribe Online, you may need to make some changes for connectivity to your cloud application, as described below.

Connecting To Microsoft Dynamics CRM Online

Use the following information to connect to Microsoft Dynamics CRM Online from behind extra security.

Dynamics CRM Online Required Exceptions

To allow access to Microsoft Dynamics CRM Online, add exceptions to the firewall for the following sites:

● https://*

● https://*

● https://*

● https://*

● https://*

Dynamics CRM Online IP Addresses

For a list of valid IP address ranges see the following Microsoft Support article: Microsoft Dynamics CRM Online IP Address Ranges

These servers are owned by Microsoft. The IP addresses may change and can be verified by Microsoft at any time.

Scribe strongly recommends that you whitelist all of the IP addresses in the IP address list so that you are less likely to experience a service disruption if Microsoft makes changes to the IP addresses.

Dynamics CRM Online Port


Proxy And Firewall Server Logs

When the Scribe Online Agent attempts to make an external connection to the cloud, a site, or a database and is denied by environmental security, the Proxy and/or Firewall server typically keeps a log of these attempts. These logs are useful for determining if a site you wish to connect to is being blocked. Scribe Technical Support can help you determine which IP addresses to unblock based on your log files.

Whitelisting IP Addresses

You may find the following resources useful for information about whitelisting IP addresses:

● CIDR notation —

● IPv4 subnetting reference —