Problem using Internal and External addresses with Claim based auth and IFD

Hi All

I'm trying to get my system setup to use IFD for the external addresses and have a separate internal address that internal users use, so that they don't have to authenticate using IFD.

I have followed the new guide for setting up Claims based auth & IFD, and IFD works fine for both internal and extenral users, but I cannot get the internal address working. When I try the Internal address on the local LAN, I get a windows login prompt, and even if I type the users name and password in the in domain\username and username formats it doesn't login.

Anyone have any pointers?

Thanks

Wayne

LVL 10
WayneATaylorAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
petesvendsonConnect With a Mentor Commented:
If you are getting prompted for credentials when attempting to access CRM over the internal access point you need to keep in mind that CRM is redirecting the request to ADFS with a URL indicating that the user has a Kerberos ticket. Meaning Kerberos traffic must resolve.

1. Make sure that your FQDN name for ADFS is in the Intra net site zone in IE (by default IE will only send Kerberos tickets to Intranet sites

2. Ensure that you have a HOST SPN for the ADFS URL under the Machine Account (assuming that KernelMode Auth is turned ON on the ADFS website. (Yes I did mean HOST SPN and not HTTP SPN ADFS need HOST. By default Kernel Mode Int auth should be turned on -- if not then the SPN goes under the SVC account running your ADFS IIS AppPool Account.

Most likely you are running into Issue #1. If not let me know and we can drill further.
0
 
Feridun KadirPrincipal ConsultantCommented:
Did you set up two relying parties in AD FS?  You need two, one specifying the internal address and one specifying the external address.
0
 
WayneATaylorAuthor Commented:
Hi

Yes I did do this. The only difference in the two is the endpoint address, is that correct?

Wayne
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Feridun KadirPrincipal ConsultantCommented:
That is correct.
0
 
WayneATaylorAuthor Commented:
Its still not working for me then, I get connect fine on the External address. I get the ADFS login fine and all works, but when I try and use the Internal address I get the windows login and cannot get into it!

Wayne
0
 
WayneATaylorAuthor Commented:
I actually reinstalled and it seemed to work in  the end!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.