Setting up Retail Module in Dynamics 365 Finance and Operation running in Local Virtual Machine – Day-3

In our previous blog Day-1 & Day-2, we have successfully install Microsoft Dynamics 365 Finance and Operations in virtual machine on local machine

Introduction

In this post we will setup / configure retail module (Store Commerce) in Dynamics 365 in virtual machine on local machine. To enable retail module, we need to create two app registration in Microsoft Azure. Check Day-2 post for how to get free azure account

• App Registration for Retail Server
• App Registration for POS

Step 1: Creating Registration App for Retail Server

To create Registration App, Login to your Microsoft Azure account, created on Day-2 using URL (https://portal.azure.com) and enter username (rixxan@d355sep2021.onmicrosoft.com) & password (x@gxx7x7) to login

After login you will see below azure dashboard

Search for App registration in Azure dashboard > Click on App registration option

Click on App Registration new option

Give name to app (RetailServer-CSU-43), it could be any name

Choose supported account types (Accounts in this organizational directory only (D365 only – Single tenant) and click on register button

Click on newly created app to open it’s detail page

Click the link Add an Application ID URI at the top right of the page,

click on Application ID URI – add option (see below screenshot)

accept the suggested value by clicking the Save button.
Take a note of this value – you will need it later while registering this Retail Server application within HQ.

Adding Scope

Click on Expose API > Click on Add a Scope (highlight red)

Scope name (user_impersonation), it cloud be any name
Who can consent? (Admins and Users)
Admin consent display name (Access RetailServer)
Admin consent description (Allow the app to access RetailServer API) > Click on Add Scope

Step 2: Creating Registration App for Store Commece / POS

After login you will see below azure dashboard

Search for App registration in Azure dashboard > Click on App registration option

Click on App Registration new option

Give name to app (RetailPOS-43), it could be any name

Choose supported account types (Accounts in this organizational directory only (D365 only – Single tenant) and click on register button

Click on newly created app to open it’s detail page

Click on Redirect URIs link, highlighted red

Redirect URI – Select Single-page application (SPA) in the drop-down list, and then enter your Cloud POS URL i.e (https://usnconeboxax1pos.cloud.onebox.dynamics.com) and (https://dvhd10043vm/StoreCommerce/)

Note: dvhd1043vm is localhost name

Creating Token, Click on token Configuration

• Click on Ad optional claim & select ID and then choose onpram_sid
• Click on Ad optional claim & select Access and then choose onpram_sid

API Permission > Click on API Permision > Click on Add Permission , highlighted red

Click on Add Permission > Click on APIs my organization use > Search for registration app created for retail server > select and click > In next windows

Click on Delegate Permission > Choose Full permission > Click on Add premission Button

Click on Grant on Admin Consent for D365, it should show Granted for D365 aginst each record

Step 2.1: Updating POS Client ID in Dynamics 365 F&O for Identity provider settings in Commerce HQ

navigate to path Commerce HQ → Retail and Commerce IT → Commerce shared parameters → Identity Providers tab

Click on Add > under Identity Providers

• Issuer (https://sts.windows.net/b2623830-bea3-XXXX-8ade-014ef4f0588e/)
• Name (Dynamics Commerce)
• Type (Microsoft Entra ID)

Note: b2623830-bea3-XXXX-8ade-014ef4f0588e is a Tanent ID for Azure

Click on add > under Relying parties

• Client ID (f58f96b8-6daf-41e4-XXXX-701320311c72)
• Type (Public)
• UserType (Worker)
• Name (Store Commerce POS)

Note: f58f96b8-6daf-41e4-XXXX-701320311c72 is Store Commerce POS Client ID from Registration app

Click on Add > Under Server Resource IDs

• Server Resource IDs (api://f2812d2c-85b2-494e-b8ec-7bdd51b2afa2)
• Name (RetailServerAppID)

Note: f2812d2c-xxxx-494e-b8ec-7bdd51b2afa2 is Retail Server Client ID from Registration app

Step 3: Creating Registration App for Async Client App

This app is used by the async client/service to authenticate to HQ (service-to-service). It typically uses certificate-based client credentials (recommended) or client secret for development.

Login to Azure Portal > Search for App Registration > Click on New > Enter Name (CSUAsyncClient-43), Choose Default Option and Click on Register

Upload Certificate created in step 4, same as we upload in Retail Server app registration

Click on Certificate & Secrets > Choose Certificate > Click on Upload Certificate > Choose the certificate created and export at step 4 below and click on add button

API permissions — Async Client must be able to request tokens to call Retail Server resource:

• API permissions → Add a permission → My APIs → select RetailServer Registration App → choose the scope you created (e.g., Legacy.Access.Full) → Add permissions.
• Grant admin consent. (Required so service can call HQ).

Register Async Client in Commerce Headquarters, (so HQ knows which client ID can authenticate)

Navigate to Commerce HQ → System administration → Setup → Microsoft Entra ID Applications → New

Step 4: Create an SSL certificate for a Retail Server CSU & Hardware Station

we need to create a Secure Sockets Layer (SSL) certificate based on the hostname for the CSU website and the Entra ID app authentication.

To create the SSL certificate, follow these steps.

1. Connect to the development machine.
2. Open PowerShell with administrator privileges from Command Prompt.
3. Enter the following command and press enter

$cert = New-SelfSignedCertificate -Subject “CN=$env:computerName” -DnsName $env:computerName,$([System.Net.Dns]::GetHostByName($env:computerName).HostName) -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation “Cert:\LocalMachine\My” -NotBefore (Get-Date) -NotAfter (Get-Date).AddYears(2) -KeyUsage KeyEncipherment,DataEncipherment,CertSign,CRLSign,DigitalSignature -KeyUsageProperty All -FriendlyName “$env:computerName” -KeyExportPolicy Exportable
Export-Certificate -Cert $cert -FilePath “$env:temp\https.cer”
Import-Certificate -CertStoreLocation cert:\LocalMachine\Root -FilePath “$env:temp\https.cer”

Note: run above command for Hardware Station Certificate, Just Change the CN=HWST and Friendly name to “HardwareStationCrt” and rest remain same

Copy the thumbprint value of the new certificate for use later during the CSU install section.

4.1: Convert the SSL certificate you created to the .CER file format

Next, you must convert the SSL certificate you created to the .CER file format.

To add a SSL certificate to the CSU Entra ID app, it must be in the .CER file format.

To convert the SSL certificate you created to the .CER file format, follow these steps.

1. On the development machine, select the Windows logo key + R to open the Run dialog.
2. Enter “MMC” to open the Microsoft Management Console.

1. Select File > Add/Remove Snap-in.
2. Under Available snap-ins, select Certificates, and then select Add.

1. In the Certificates snap-in dialog, select Computer Account, and then select Next.

1. Select Local Computer, and then select Finish.

1. Select OK.
2. Expand Certificates > Personal > Certificates.

1. Locate the SSL certificate you created earlier, right-click the certificate, and then select All Tasks > Export.

1. In the export dialog, select Next.
2. Select No, do not export the private key, and then select Next.

1. Select DER encoded binary X.509 (.CER).

1. Select the C:\temp folder, and then enter “DevBoxSelfSigned” as the file name.
2. Select OK, and then select Save.

4.2: Add the SSL certificate to the existing CSU Entra ID app & Async Client App

we must add the SSL certificate you created and converted to the .CER file format to the existing CSU Entra ID app. This step is required for the CSU to generate an authentication token for communication with Commerce headquarters.

To add the SSL certificate you created to the CSU Entra ID app, follow these steps.

1. In a web browser on the machine where the .CER file was previously saved, go to the Microsoft Entra admin center and edit the CSU Azure App registration you created earlier.
2. For Client Credentials, select Add a certificate or secret.
3. Select the Certificates tab.
4. Select Upload Certificate.

1. From C:\temp, select the DevBoxSelfSigned certificate.
2. For Description, enter “Devbox cert”.
3. For Set Description, enter “Devbox Self-signed Certificate”.
4. Select Add.

Step 5: Update Commerce Headquarters

Enter the application ID (client ID) of the CSU Retail Server Entra ID app

To enter the application ID (client ID) of the CSU Entra ID app in headquarters, follow these steps.

1. Go to System administration > Setup > Microsoft Entra ID Applications.

Copy Client ID from Retail Server app registration from azure

1. Select New
2. In the Client ID column, enter the application ID (client ID) of the Retail Server app from the Entra portal.
3. in the Name column, (RetailServerCSUAppReg).
4. In the User ID column, enter “RetailServiceAccount“.
5. Select Save

Step 6: Create Channel Database Group

To create channel database group, navigate to Retail and Commerce > Headquarter setup > commerce scheduler > channel database group > Click on New > Channel Database group name (ch-db-group) > Description (Channel Database Group) > Channel Schema (AX7) > Working Folder (File Storage) > Channel Database (ch-db-43)

NOTE: Channel Database (ch-db-43) will add automaticall, once we will create channel database in next step

Step 6.1: Create Channel Database in Dynamics 365 F&O

To create channel database, navigate to Retail and Commerce > Headquarter setup > commerce scheduler > channel database > Click on New > Channel Database name (ch-db-43) > Database Group (ch-db-gropu) > add retail channel (Houston) > Save

If system ask for full Sync > Click yes

6.2: Downloading Configuration File

Download Configuration File and Save in C:\Temp folder with name StoreSystemSetup.xml

6.3: Creating Channel Profile

To create channel profile, navigate to Retail and Commerce > Channel Setup > Channel Profile > Click on New > Enter Name (ch-prof-43) and Click on Save

Create following records under Profile Properties, as per screenshot below

• Key (Retail Server URL) > Value (https://dvhd10043vm:446/RetailServer/Commerce)
• Key (Cloud POS URL) > Value (https://dvhd10043vm:446/POS)
• Key (Media Server Base URL) Value (https://usnconeboxax1ret.cloud.onebox.dynamics.com/MediaServer)

6.4: Updating Houston Store with new Channel Database create above

To update houston store, navigate to Retail and Commerce > Channels > Stores > All Stores and Search for Houston and double click to open it’s detail page

Change Channel Profile from (Defualt) to (ch-prof-43) and Live Channel Database from (Default) to (ch-db-43) and Change Closing Method from (Date and Time) to (Shift) and Save

6.5: Setting Up Hardware Profile for Houston Store

To setup hardware profile for Houston store, Open Houston store page and Expend Hardware tab and add follow record

Click on add > Hardware Station (Shared) > Description (Local Hardware) > Port (450) > Hardware Profile (Virtual) > Save

6.6: Adding worker information

To add worker information, navigate to Retail and Commerce > Employee > Workers > Search for Workder (Alexander Eggerer) ID (000160) > Edit >

Open Worker Page and Click on Commerce tab then click on Commerce menu and Click on Clear Identity option

Once click on Clear Identity, following field become empty and need to be updated with following values

• Alias (rizwan)
• UPN (rizwan@d355sep2021.onmicrosoft.com) – Azure admin ID
• External sub identifier (b2623830-bea3-46a5-8ade-014ef4f0588e) – Directory Tanent ID

6.7: Run Full Sync Job (9999) to push all changes to CSU

To run full sync, navigate to Retail and Commerce > Retail and Commerce IT > Distribution schedule > Select Job 9999 All Jobs and Click on Run now > Click on Yes

Step 7: Installing Software for Hardware Station (Pre-Requisits)

Browse to URL (http://monroecs.com/oposccos_current.htm) and Download Windows Installer software and run the setup with default options

Step 8: Install Sealed CSU prerequisites

Before you can run the Sealed CSU installer, you must complete the following steps.

Step 8.1: Verify IIS components installed

To verify that the IIS 6 Management Compatibility (IIS 6 Metabase Compatibility) component is installed on the development machine, follow these steps.

1. Go to Server Manager > Local Server > Manage > Add roles and features.

1. Under IIS, confirm that the Management Tools > IIS 6 Management Compatibility (IIS 6 Metabase Compatibility) component is checked.

Step 8.2: Install .NET Core hosting bundle

Open a web browser and go to https://dotnet.microsoft.com/en-us/download/dotnet/8.0

In the ASP.NET Core Runtime 8.0.X section, select the Hosting Bundle installer for Windows to download it. (check red highlighted)

Run the dotnet-hosting-8.0.x-win.exe installer by double clicking

Step 8.3: Install .NET Desktop Runtime

Open a web browser and go to https://dotnet.microsoft.com/en-us/download/dotnet/8.0

Downlaod .NET Desktop runtime and run the steup

Step 8.4: Download Following Softwares from LCS Shared Library and Store in C:\Temp Folder in VM

To Download required softwares, login to LCS () and Click on Shared Asset Library then click on Retail Self Service Package and Downlaod following softwares

• 10.0.43 – Commerce Peripheral Simulator
  10.0.43 – Hardware Station (SEALED)
  10.0.43 – Commerce Scale Unit (SEALED)
  10.0.43 – Store Commerce

NOTE: We are downloading 10.0.43 because we are using this version on VM. Download as per VM version

Step 8.6: Installing Commerce Peripheral Simulator

Run by double clicking on 10.0.43 – Commerce Peripheral Simulator.msi in VM and follow the default setup

Step 8.7: Installing Commerce Scale Unit (CSU)

CSU combines the Commerce channel database, Commerce Async Client, Retail Server, and Cloud point of sale (POS) components.

Run following command using powershell as admin from C:\Temp folder. Replace the required values

./10.0.43 – Commerce Scale Unit (SEALED).exe install --port 446
–SSLCertThumbprint 1da8d6e1b6e1efdf48a09a3440bfc58740bf1b96 --RetailServerCertThumbprint 1da8d6e1b6e1efdf48a09a3440bfc58740bf1b96
–AsyncClientCertThumbprint 1da8d6e1b6e1efdf48a09a3440bfc58740bf1b96 --AsyncClientAADClientID d4898658-8c48-48c1-b7de-ed82c0649868
–RetailServerAADClientID f2812d2c-85b2-494e-b8ec-7bdd51b2afa2 --CPOSAADClientID f58f96b8-6daf-41e4-b445-701320311c72
–RetailServerAADResourceID api://f2812d2c-85b2-494e-b8ec-7bdd51b2afa2 --Config "c:\temp\StoreSystemSetup.xml"
–SkipSChannelCheck –trustSqlservercertificate

& ‘.\10.0.43 – Commerce Scale Unit (SEALED).exe’ install –port 446 –SSLCertThumbprint 1da8d6e1b6e1efdf48a09a3440bfc58740bf1b96 –RetailServerCertThumbprint 1da8d6e1b6e1efdf48a09a3440bfc58740bf1b96 –AsyncClientCertThumbprint 1da8d6e1b6e1efdf48a09a3440bfc58740bf1b96 –AsyncClientAADClientID d4898658-8c48-48c1-b7de-ed82c0649868 –RetailServerAADClientID f2812d2c-85b2-494e-b8ec-7bdd51b2afa2 –CPOSAADClientID f58f96b8-6daf-41e4-b445-701320311c72 –RetailServerAADResourceID api://f2812d2c-85b2-494e-b8ec-7bdd51b2afa2 –Config “c:\temp\StoreSystemSetup.xml” –SkipSChannelCheck –trustSqlservercertificate

Step 5.4: Download the Commerce Scale Unit channel configuration file

To download the Commerce Scale Unit channel configuration file, follow these steps.

1. In headquarters, go to Retail and Commerce > Headquarters setup > Commerce scheduler > Channel database.
2. In the list of channel databases on the left, select the channel database that you created earlier.
3. On the Action Pane, select Download.
4. On the drop-down menu, select Configuration file.