InstallationPrepare AX Environment

Prepare AX Environment

Set the Business Connector Proxy User

Some components require the .NET Business Connector to be configured to connect to Microsoft Dynamics AX with a proxy account. The use of a proxy enables the .NET Business Connector to connect on behalf of Microsoft Dynamics AX users when authenticating with an AOS instance. The Business Connector proxy is a Microsoft Windows domain account that is configured from the initialization checklist or in the 'Administration > Setup > Security > System service accounts' form.

A new account for the Business Connector must be created before it has been installed.

The account setup recommendations:

  • Must be a Windows domain account;
  • Must be a dedicated account (used only by Business Connector);
  • Must have a password that does not expire;
  • Must be able to log on as a service;
  • Must not be a Microsoft Dynamics AX user.
If a malicious user learns the Business Connector Proxy credentials (name and password), that user could gain unauthorized access to sensitive information and potentially damage the Microsoft Dynamics AX application. For this reason, only Microsoft Dynamics AX administrators should know the proxy credentials.

To set up and configure the Business Connector Proxy the following steps should be performed:

Step 1: Make the SC_BPUser created earlier in the 'Create Domain Accounts' step the member of the 'IIS_IUSRS' group:

  • Go to 'Administrative Tools -> Computer Management -> System Tools -> Local Users and Groups -> Users';
  • Open the 'SC_BPUser Properties' window and go to the tab 'Member Of';
  • Add the IIS_IUSRS group to the list and click 'OK' or 'Apply' to apply the changes.

Step 2: Specify the Business Connector Proxy user in Microsoft Dynamics AX at the following location: Administration > Setup > Security > System service accounts.


Business Connector Proxy Configuration

The Business Connector Proxy user (SC_BPUser) must be granted 'List Folder Contents and Read' permissions on the %windir%\temp folder:

Step 1: Navigate to the %windir%\temp folder, right-click the folder and select 'Properties'.

Step 2: Go to the 'Security' tab and under 'Group or user names' click 'Add'.

Step 3: In the 'Select Users, Computers, or Groups' dialog box, under 'Enter the object names to select' enter the Business Connector Proxy account (SC_BPUser) and click 'OK'.

Step 4: In the 'Permissions' list, in the 'Allow' column make sure that only 'List Folder Contents' and 'Read' are selected and click 'OK'.

 

If you use Windows Server 2008 'Log on as a batch job', rights should be given to the SC_BPUser. In order to do this:

Step 1: Open the 'Microsoft Management Console' (Click 'Start > Run' and run 'gpedit.msc').

Step 2: Go to 'Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment'.

Step 3: Select 'Log on as a batch job' policy.

Step 4: Add the SC_BPUser to the list by clicking the 'Add User or Group' button and selecting this user (you can use the 'Check names' option for quick search for the correct user).

Step 5: Click 'OK' to save the changes. More information about the 'Log on as a batch job' can be found here.

If all steps have been followed and performed then the Business Connector Proxy is configured.

InstallationPrepare AX Environment