Solved

Dynamics CRM 2011 - TMG Publishing without claims authentication and IFD

Posted on 2013-02-01
10
1,496 Views
Last Modified: 2013-02-07
Since it is very tricky to setup claims authentication and Internet facing deployment (IFD) with Dynamics CRM Server 2011 (see this question for details) I have following question:
Is it possible (and how) to publish Dynamics CRM 2011 with TMG without configuring claims authentication and IFD? Of course CRM should be available from browsers and Outlook clients through the Internet.
Thanks
0
Comment
Question by:fd4u
  • 5
  • 4
10 Comments
 
LVL 27

Assisted Solution

by:Chinmay Patel
Chinmay Patel earned 150 total points
ID: 38846465
Hi fd4u,

I dont think that it is possible to expose CRM to internet[Web might work via port forwarding and using hostheaders] without using IFD.

Regards,
Chinmay.
0
 
LVL 29

Accepted Solution

by:
feridun earned 150 total points
ID: 38846537
I think it can work for just the web application but not the CRM client for OUtlook.

You need to get IFD working. IFD really does work. If I get a moment next week I'll have another look at your other question.
0
 

Assisted Solution

by:fd4u
fd4u earned 0 total points
ID: 38847838
Thanks for the answers! I haven't found a way to publish it externally for Outlook without IFD, so I guess you are right.
Meanwhile I've resolved the original issue with IFD (simply - by reinstalling everything, and changing something in topology). Now I have problems with publishing everything on TMG, but I'll create the new question with this issue.
Since your answers are simply it-can't-be-done answers, I think that it is fair to give you 150 points each. (If it is possible this way - I still don't know how everything with points work.)
Thanks for helping!
0
 

Author Comment

by:fd4u
ID: 38847870
Just one more comment: I'm very disappointed with the fact that Dynamics CRM requires claims authentication and IFD. Is there any meaningful reason for avoiding usual authentication / publishing mechanisms used with SharePoint, Exchange, TFS, etc???
0
 
LVL 29

Expert Comment

by:feridun
ID: 38848124
I think some of the reasons CRM requires Claims and IFD include:
connecting to CRM is more complex than SharePoint. CRM has several web services and a server can host multiple organization database. Each database is independent of each other
Claims is used because it is a standard and allows for authentication mechanisms other than Active Directory to be used to authenticate users - perhaps partner companies
However, I do agree it is daunting and time consuming to set up.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:fd4u
ID: 38848443
@feridun
With all respect I can't agree with your explanation. First, I don't think that authentication type and background complexity are corelated so tightly. Second, if we are talking about complexity I think that SharePoint can be much more complex than Dynamics CRM in number of databases, services (dozens of them), with enterprise search which includes no just SP resources but also Exchange e-discovery and any other external resources, with filtering results acording to user privilegies.....

Finally, if federation is the reason, they could add claims as an option, but remain other ones also. It would be stupid to make life so complicated for 99% percent of users just to enable feature that will be used in no more than 1% deployments. (I'm not sure if my estimations are correct, but I haven't saw CRM for federated users yet.)
0
 
LVL 29

Expert Comment

by:feridun
ID: 38848751
Fair enough. Your comments are valid.  Configuring IFD for CRM 4.0 was considerably simpler and did not involve claims at all.
0
 

Author Comment

by:fd4u
ID: 38849677
After many troubles with configuring IFD I've finally succeeded (details).
But immediately after that I've ran into different problem - publishing IFD on TMG 2010 SP2. After publishing ADFS and IFD, I've got access in browser, but again I was unable to connect Outlook client (???#%$*&@$???). Again I've lost two days in trying different publishing settings (overriding host header or not, changing ports, rechecking certificates, requests from original sender or from TMG, link rewriting or not...) and again with no luck...
Finally I've found this article which states that rollup 2 for TMG 2010 SP2 is needed. I haven't heard about those rollups before because I'm relying on WSUS to get me all new stuff. But rollups 1 - 3 for TMG 2010 SP2 are special, and you need to create an order to get download links to e-mail...
Why everything needs to be so complicated with this Dynamics CRM??? I've spent so much time and energy in setting it up that I doubt I'll ever actually use it.
Thanks
0
 
LVL 29

Expert Comment

by:feridun
ID: 38850249
I wish I'd remembered to point out this Microsoft document to you,
http://www.microsoft.com/en-us/download/details.aspx?id=3621

It might have helped you.
0
 

Author Closing Comment

by:fd4u
ID: 38863294
I've grade the answers with "Good" just because these were disappointing for me. But as far as I know at the moment - they are correct.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This is a walkthrough guide I wrote whilst upgrading my on-premise MS Dynamics CRM 3.0 deployment to 4.0. This covers the actual installation of the product to a working level for my system, I ran into a lot of issues that the steps below fixed so h…
For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now