Dynamics CRM 2011 - TMG Publishing without claims authentication and IFD

Since it is very tricky to setup claims authentication and Internet facing deployment (IFD) with Dynamics CRM Server 2011 (see this question for details) I have following question:
Is it possible (and how) to publish Dynamics CRM 2011 with TMG without configuring claims authentication and IFD? Of course CRM should be available from browsers and Outlook clients through the Internet.
Thanks
fd4uAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Feridun KadirConnect With a Mentor Principal ConsultantCommented:
I think it can work for just the web application but not the CRM client for OUtlook.

You need to get IFD working. IFD really does work. If I get a moment next week I'll have another look at your other question.
0
 
Chinmay PatelConnect With a Mentor Enterprise ArchitectCommented:
Hi fd4u,

I dont think that it is possible to expose CRM to internet[Web might work via port forwarding and using hostheaders] without using IFD.

Regards,
Chinmay.
0
 
fd4uConnect With a Mentor Author Commented:
Thanks for the answers! I haven't found a way to publish it externally for Outlook without IFD, so I guess you are right.
Meanwhile I've resolved the original issue with IFD (simply - by reinstalling everything, and changing something in topology). Now I have problems with publishing everything on TMG, but I'll create the new question with this issue.
Since your answers are simply it-can't-be-done answers, I think that it is fair to give you 150 points each. (If it is possible this way - I still don't know how everything with points work.)
Thanks for helping!
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
fd4uAuthor Commented:
Just one more comment: I'm very disappointed with the fact that Dynamics CRM requires claims authentication and IFD. Is there any meaningful reason for avoiding usual authentication / publishing mechanisms used with SharePoint, Exchange, TFS, etc???
0
 
Feridun KadirPrincipal ConsultantCommented:
I think some of the reasons CRM requires Claims and IFD include:
connecting to CRM is more complex than SharePoint. CRM has several web services and a server can host multiple organization database. Each database is independent of each other
Claims is used because it is a standard and allows for authentication mechanisms other than Active Directory to be used to authenticate users - perhaps partner companies
However, I do agree it is daunting and time consuming to set up.
0
 
fd4uAuthor Commented:
@feridun
With all respect I can't agree with your explanation. First, I don't think that authentication type and background complexity are corelated so tightly. Second, if we are talking about complexity I think that SharePoint can be much more complex than Dynamics CRM in number of databases, services (dozens of them), with enterprise search which includes no just SP resources but also Exchange e-discovery and any other external resources, with filtering results acording to user privilegies.....

Finally, if federation is the reason, they could add claims as an option, but remain other ones also. It would be stupid to make life so complicated for 99% percent of users just to enable feature that will be used in no more than 1% deployments. (I'm not sure if my estimations are correct, but I haven't saw CRM for federated users yet.)
0
 
Feridun KadirPrincipal ConsultantCommented:
Fair enough. Your comments are valid.  Configuring IFD for CRM 4.0 was considerably simpler and did not involve claims at all.
0
 
fd4uAuthor Commented:
After many troubles with configuring IFD I've finally succeeded (details).
But immediately after that I've ran into different problem - publishing IFD on TMG 2010 SP2. After publishing ADFS and IFD, I've got access in browser, but again I was unable to connect Outlook client (???#%$*&@$???). Again I've lost two days in trying different publishing settings (overriding host header or not, changing ports, rechecking certificates, requests from original sender or from TMG, link rewriting or not...) and again with no luck...
Finally I've found this article which states that rollup 2 for TMG 2010 SP2 is needed. I haven't heard about those rollups before because I'm relying on WSUS to get me all new stuff. But rollups 1 - 3 for TMG 2010 SP2 are special, and you need to create an order to get download links to e-mail...
Why everything needs to be so complicated with this Dynamics CRM??? I've spent so much time and energy in setting it up that I doubt I'll ever actually use it.
Thanks
0
 
Feridun KadirPrincipal ConsultantCommented:
I wish I'd remembered to point out this Microsoft document to you,
http://www.microsoft.com/en-us/download/details.aspx?id=3621

It might have helped you.
0
 
fd4uAuthor Commented:
I've grade the answers with "Good" just because these were disappointing for me. But as far as I know at the moment - they are correct.
0
All Courses

From novice to tech pro — start learning today.