The IFD team and I just updated Configuring IFD with Microsoft Dynamics CRM 2011 based on reader feedback. Included is a new video by Henning Petersen called Introducing Microsoft Dynamics CRM 2011 Claims-based Authentication:
This is an updated video demonstrating how-to configure the RTM CRM 2011 deployment with Claims based authentication and IFD access. The recording utilizing internally hosted DNS records and signed Certificates from an internal CA. The video is unable to cover purchases of third party certificates, external DNS updates or routing through firewalls as there are too many variations and the CRM Support team are unable to endorse one product over the other.
Hello and thanks for the detailed video.
It sure explains a lot.
I have been trying to set up claims based authentication and IFD in a multiple server environment and I have been facing many difficulties.
I have four servers. Two servers are NLB with the frontend roles, one is a backend server and the other is an SQL server.
CRM 2011 installation works fine. I have set up the necessary accounts and SPNs following the deployment guide by letter.
The problem comes up when I try to set up claims.
I follow your guide, but when I try to open crm after installation, I get a popup window requiring credentials.
If I click cancel, I am prompt with an IIS error page saying that authentication has failed. If I insert credentials I get the same prompt 3 times and then I get an error 401 authentication failed.
I noticed that when I click cancel, the hostname is the address of my adfs server, which means that redirection to adfs works, it just doesn't take me to CRM afterwards.
If I disable claims, CRM works fine.
I am suspecting that it has to do something with the SPNs and the claims authentication. I was getting the same popup for credentials, when I was configuring the SPNs for the NLB setup.
Is there a specific way I should configure claims authentication when having an NLB and on the CRM frontend servers?
Really I have searched everywhere and found nothing, you are my last hope :-)
Thanks in advance.
Jim what about publishing CRM 2011 on UAG firewall
how to do it?
All videos shows sample there SSL is on webserver, not firewall.
Have you asked for this stuff on the CRM Forums at social.microsoft.com/.../dynamics ? We have a lot smarter people there than me who are invested in addressing this kind of feed back. :O)
Well yeah I have tried several paths to resolve this, including a formal support request from Microsoft (we are MSFT partners) but had no help on it.