Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Problem using Internal and External addresses with Claim based auth and IFD

Posted on 2011-03-21
6
Medium Priority
?
2,008 Views
Last Modified: 2012-05-11
Hi All

I'm trying to get my system setup to use IFD for the external addresses and have a separate internal address that internal users use, so that they don't have to authenticate using IFD.

I have followed the new guide for setting up Claims based auth & IFD, and IFD works fine for both internal and extenral users, but I cannot get the internal address working. When I try the Internal address on the local LAN, I get a windows login prompt, and even if I type the users name and password in the in domain\username and username formats it doesn't login.

Anyone have any pointers?

Thanks

Wayne

0
Comment
Question by:WayneATaylor
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 35179216
Did you set up two relying parties in AD FS?  You need two, one specifying the internal address and one specifying the external address.
0
 
LVL 10

Author Comment

by:WayneATaylor
ID: 35179222
Hi

Yes I did do this. The only difference in the two is the endpoint address, is that correct?

Wayne
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 35221686
That is correct.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 10

Author Comment

by:WayneATaylor
ID: 35221736
Its still not working for me then, I get connect fine on the External address. I get the ADFS login fine and all works, but when I try and use the Internal address I get the windows login and cannot get into it!

Wayne
0
 
LVL 1

Accepted Solution

by:
petesvendson earned 1500 total points
ID: 36013681
If you are getting prompted for credentials when attempting to access CRM over the internal access point you need to keep in mind that CRM is redirecting the request to ADFS with a URL indicating that the user has a Kerberos ticket. Meaning Kerberos traffic must resolve.

1. Make sure that your FQDN name for ADFS is in the Intra net site zone in IE (by default IE will only send Kerberos tickets to Intranet sites

2. Ensure that you have a HOST SPN for the ADFS URL under the Machine Account (assuming that KernelMode Auth is turned ON on the ADFS website. (Yes I did mean HOST SPN and not HTTP SPN ADFS need HOST. By default Kernel Mode Int auth should be turned on -- if not then the SPN goes under the SVC account running your ADFS IIS AppPool Account.

Most likely you are running into Issue #1. If not let me know and we can drill further.
0
 
LVL 10

Author Closing Comment

by:WayneATaylor
ID: 37381532
I actually reinstalled and it seemed to work in  the end!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Sep 22nd 2014 Microsoft released Update Rollup 1 for Microsoft Dynamics CRM 2013 Service Pack 1 and back in July Update Rollup 3 was released.  So we now have:   Update Rollup 1Update Rollup 2Update Rollup 3Service Pack 1Update Rollup 1 for S…
Having trouble getting your hands on Dynamics 365 Field Service or Project Service trial? Worry No More!!!
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question