Dynamics CRM 2011 - TMG Publishing without claims authentication and IFD

Posted on 2013-02-01
Last Modified: 2013-02-07
Since it is very tricky to setup claims authentication and Internet facing deployment (IFD) with Dynamics CRM Server 2011 (see this question for details) I have following question:
Is it possible (and how) to publish Dynamics CRM 2011 with TMG without configuring claims authentication and IFD? Of course CRM should be available from browsers and Outlook clients through the Internet.
Question by:fd4u
  • 5
  • 4
LVL 27

Assisted Solution

by:Chinmay Patel
Chinmay Patel earned 150 total points
ID: 38846465
Hi fd4u,

I dont think that it is possible to expose CRM to internet[Web might work via port forwarding and using hostheaders] without using IFD.

LVL 29

Accepted Solution

Feridun Kadir earned 150 total points
ID: 38846537
I think it can work for just the web application but not the CRM client for OUtlook.

You need to get IFD working. IFD really does work. If I get a moment next week I'll have another look at your other question.

Assisted Solution

fd4u earned 0 total points
ID: 38847838
Thanks for the answers! I haven't found a way to publish it externally for Outlook without IFD, so I guess you are right.
Meanwhile I've resolved the original issue with IFD (simply - by reinstalling everything, and changing something in topology). Now I have problems with publishing everything on TMG, but I'll create the new question with this issue.
Since your answers are simply it-can't-be-done answers, I think that it is fair to give you 150 points each. (If it is possible this way - I still don't know how everything with points work.)
Thanks for helping!
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Author Comment

ID: 38847870
Just one more comment: I'm very disappointed with the fact that Dynamics CRM requires claims authentication and IFD. Is there any meaningful reason for avoiding usual authentication / publishing mechanisms used with SharePoint, Exchange, TFS, etc???
LVL 29

Expert Comment

by:Feridun Kadir
ID: 38848124
I think some of the reasons CRM requires Claims and IFD include:
connecting to CRM is more complex than SharePoint. CRM has several web services and a server can host multiple organization database. Each database is independent of each other
Claims is used because it is a standard and allows for authentication mechanisms other than Active Directory to be used to authenticate users - perhaps partner companies
However, I do agree it is daunting and time consuming to set up.

Author Comment

ID: 38848443
With all respect I can't agree with your explanation. First, I don't think that authentication type and background complexity are corelated so tightly. Second, if we are talking about complexity I think that SharePoint can be much more complex than Dynamics CRM in number of databases, services (dozens of them), with enterprise search which includes no just SP resources but also Exchange e-discovery and any other external resources, with filtering results acording to user privilegies.....

Finally, if federation is the reason, they could add claims as an option, but remain other ones also. It would be stupid to make life so complicated for 99% percent of users just to enable feature that will be used in no more than 1% deployments. (I'm not sure if my estimations are correct, but I haven't saw CRM for federated users yet.)
LVL 29

Expert Comment

by:Feridun Kadir
ID: 38848751
Fair enough. Your comments are valid.  Configuring IFD for CRM 4.0 was considerably simpler and did not involve claims at all.

Author Comment

ID: 38849677
After many troubles with configuring IFD I've finally succeeded (details).
But immediately after that I've ran into different problem - publishing IFD on TMG 2010 SP2. After publishing ADFS and IFD, I've got access in browser, but again I was unable to connect Outlook client (???#%$*&@$???). Again I've lost two days in trying different publishing settings (overriding host header or not, changing ports, rechecking certificates, requests from original sender or from TMG, link rewriting or not...) and again with no luck...
Finally I've found this article which states that rollup 2 for TMG 2010 SP2 is needed. I haven't heard about those rollups before because I'm relying on WSUS to get me all new stuff. But rollups 1 - 3 for TMG 2010 SP2 are special, and you need to create an order to get download links to e-mail...
Why everything needs to be so complicated with this Dynamics CRM??? I've spent so much time and energy in setting it up that I doubt I'll ever actually use it.
LVL 29

Expert Comment

by:Feridun Kadir
ID: 38850249
I wish I'd remembered to point out this Microsoft document to you,

It might have helped you.

Author Closing Comment

ID: 38863294
I've grade the answers with "Good" just because these were disappointing for me. But as far as I know at the moment - they are correct.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ms dynamics 2011 7 62
MS Dynamics Partnership 2 74
CRM 2011 Opportunity Bug 18 145
Dynamics CRM - Windows application - How to get field names ? 4 118
On Sep 22nd 2014 Microsoft released Update Rollup 1 for Microsoft Dynamics CRM 2013 Service Pack 1 and back in July Update Rollup 3 was released.  So we now have:   Update Rollup 1Update Rollup 2Update Rollup 3Service Pack 1Update Rollup 1 for S…
For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In an interesting question ( here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question