How to unblock applications connecting to Dynamics 365
Nick Chin, 14 October 2020
Sometimes when running application like Scheduled Task, Windows Service or SQL Server Integration Jobs (SSIS) on a local network, the access to Microsoft and Dynamics 365 can be blocked. This is because the proxy or firewall rules are blocking access to Dynamics 365.
Identifying the problem
Normally when the application is unable to connect and timeout, you will get one of the following errors:
- “Unable to Login to Dynamics CRM”
- “An error occurred while sending the request”
- “Unable to connect to the remove server”
- “A connection attempt failed because the connected party did not respond after a period of time”
- “Established connection failed because connected host has failed to respond…”.
Firstly, try using a web browser to log into Dynamics 365 from the server that this connection is failing.
The application will need to authenticate with Microsoft Azure AD before being able to connect to Dynamics 365. The login page will usually be “login.microsoftonline.com” on port 443.
Now I recommend running a network tracer like Fiddler on the server to find out what URLs and IP you are accessing. Here you can find what URLs and IPs you are being redirected to.
If there was a problem, you would be able to see if you failed to access Dynamics 365 or if it failed on the redirect to “login.microsoftonline.com”.
Solution
When you have identified where the connection is failing you can now make a network change.
If possible, allow traffic by the domain name, this is because using IPs is more difficult. Your Dynamics 365 instance will have a static IP, however the other URLs like “login.microsoftonline.com” will have an IP range and the IPs vary per region.
When using the Australia datacenter, the “login.microsoftonline.com” has the IP range of 40.126.0.0/18.
This means the “login.microsoftonline.com” can change frequently. When I pinged “login.microsoftonline.com” the IP was 40.126.14.165, then a few minutes later it changed to 40.126.14.166.
Add the appropriate rules to your firewall and/or proxy change to allow access to Dynamics 365 where it fails.
In the past I have worked with network configurations where users use a proxy which will allow access to the domains “*.crm6.dynamics.com” and “login.microsoftonline.com” for port 443. Firewall rules were made on a per server basis to allow network traffic to access Dynamics 365 and the associated URLs.
For the full list of addresses you can go to the Microsoft article: https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges#microsoft-365-common-and-office-online
Number 56 has the “login.microsoftonline.com” domain names and IP ranges:
Hopefully this helps resolve your network issues.
Category List
Filter by Author
Adam Murchison
Alfwyn Jordan
Arthur Mandisodza
Calum Jacobs
Colin Maitland
David Mochrie
Dominic Liu
Gayan Perera
Harshani Perera
Isaac Stephens
Jaime Smith
Jared Johnson
John Barrencechea
John Eccles
Lauren Withers
Paul Nieuwelaar
Roshan Mehta
Roz Millar
Ryan Blaikie
Ryan Ingram
Sarah Coleman
Sean Roque
Shalane Williams