Link to home
Create AccountLog in
Avatar of WayneATaylor
WayneATaylorFlag for United Kingdom of Great Britain and Northern Ireland

asked on

CRM 2011 Pre Release, getting IFD working

Hi All

I've installed the CRM 2011 pre-release and all is working OK if I access it locally or on a VPN etc, but I want to configure IFD as I did in CRM 4.0.

I'm trying to get my head around using IFD and the AD FS 2.0 service, which I have never used before!

My scenario is that I have a single server CRM2011.LANSYSTEMS.CO.UK that I am using for CRM. I have got an SSL cert for this set up and installed in IIS, and I have installed the AD FS 2.0 service and configured the Federation Metadata type and that seems to be OK.

I have also been through the Claims Based Authentication config in CRM 2011 Deployment Manager and think that is OK.

The problem I have is in the Configure Internet Facing Deployment setup within Deployment Manager in getting my head around what it wants!

In the first three settings Web Application Server Domain, Organisation Web Service Domain and Discovery Web Service Domain I have got the same entry  lansystems.co.uk

Then in the second screen where is asked for the External Domain for Internet Facing servers are located, it says this must be a sub domain of the main one, so I've tried just putting the same name as the server CRM2011.LANSYSTEMS.CO.UK in here although not sure that is correct.

WHen I end that wizard is checks the settings and says everything is OK, but I cannot access CRM when this has completed!

Any ideas?

Wayne

Avatar of WayneATaylor
WayneATaylor
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Also when I try and access the site from the server after doing this I get the following error


Server Error in '/' Application.
--------------------------------------------------------------------------------

Relying Party Certificate was not found.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.Crm.CrmSecurityException: Relying Party Certificate was not found.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.  

Stack Trace:


[CrmSecurityException: Relying Party Certificate was not found.]
   Microsoft.Crm.Authentication.Claims.ClaimsUtility.GetServiceConfiguration() +662
   Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.SetDefaults() +256
   System.Web.HttpApplication.InitModulesCommon() +124
   System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers) +1655
   System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context) +374
   System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context) +178
   System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +371

 
Avatar of Feridun Kadir
I have to agree with you that the wizard is not at all clear as to what is expected. I may some info that will be of help but it's at my office; I won't be back there until the middle of next week.

If you don't get any more replies by then I'll look up what I have and post again.

If I remember correctly the external domain should be organizationname.CRM2011.LANSYSTEMS.CO.UK where organizationname is the name of your CRM organization. For installations with multiple organizations this naming system is used to direct the connecting user to the correct CRM organization.
Thanks for the reply.

If you can send something over that would be great.

This was so easy in CRM 4.0 but the AD FS 2.0 stuff is confusing me somewhat!

I suppose if I can find someone that does have it working would help if they can tell mw what settings they have!

Thanks, Wayne

Hi Feridun...  Just wondered if you got any more info on this for me?

thanks
Wayne
Wayne

Sorry about not replying. I've been rather involved with a project this week.  

Did you download the updated implementation guide? I believe it has better information. It is available at this link:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3f82c6f-c123-4e80-b9b2-ee422a16b91d Although the download link is named beta it is an update to the original beta ig.
Hi

Thanks for this but I have already looked at that and it's not really that helpful in my case?

Have you got IFD working on CRM2011?
If co any chance you could post screen shots of the IFD settings you are using?

Cheers
Wayne

ASKER CERTIFIED SOLUTION
Avatar of Feridun Kadir
Feridun Kadir
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thanks for the last one, after looking at the video and lots of head scrathing I think I'm quite close, but the ADFS part is still confusing me somewhat!!!

I try to go to the website for the CRM (Or at least the URL I think it should be!) it gets redirected to:

https://sts1.lansystems.co.uk/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fshinesystems.lansystems.co.uk%3a444%2fdefault.aspx&wctx=rm%3d1%26id%3d2818ed34-f486-4380-ab9c-f4d318def050%26ru%3dhttps%253a%252f%252fshinesystems.lansystems.co.uk%253a444%252fdefault.aspx&wct=2011-01-27T15%3a15%3a27Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword

But then I get an HTTP 404 error!

The STS1 server is the ADFS server and I can access the Metadata URL correctly at
https://sts1.lansystems.co.uk/federationmetadata/2007-06/federationmetadata.xml
and that works correctly....

Anyone have any ideas?

Wayne





In fact managed to sort it out....

It was just a seting in the rules I had got wrong, I had the federatiomn server URL incorrect!

Thanks
Wayne


Wayne, can I ask what did you enter in the " Enter the external domain where your Internet-facing servers are located" box in the IFD wizard or more to the point what did you make the answer to that box resolve to?

Hi

I basically followed the video at:

http://blogs.msdn.com/b/crm/archive/2011/01/13/configuring-ifd-with-microsoft-dynamics-crm-2011.aspx

But mine was specifically

auth.lansystems.co.uk:444

I had to make sure that this address resolved to the server IP address in DNS.

I must admit that the IFD config for CRM2011 is quite complicated, the part that caught me out was the Federation Services setup, but the attached cideo was very useful...

Wayne