Link to home
Start Free TrialLog in
Avatar of fd4u
fd4u

asked on

Dynamics CRM 2011 - TMG Publishing without claims authentication and IFD

Since it is very tricky to setup claims authentication and Internet facing deployment (IFD) with Dynamics CRM Server 2011 (see this question for details) I have following question:
Is it possible (and how) to publish Dynamics CRM 2011 with TMG without configuring claims authentication and IFD? Of course CRM should be available from browsers and Outlook clients through the Internet.
Thanks
SOLUTION
Avatar of Chinmay Patel
Chinmay Patel
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of fd4u
fd4u

ASKER

Just one more comment: I'm very disappointed with the fact that Dynamics CRM requires claims authentication and IFD. Is there any meaningful reason for avoiding usual authentication / publishing mechanisms used with SharePoint, Exchange, TFS, etc???
I think some of the reasons CRM requires Claims and IFD include:
connecting to CRM is more complex than SharePoint. CRM has several web services and a server can host multiple organization database. Each database is independent of each other
Claims is used because it is a standard and allows for authentication mechanisms other than Active Directory to be used to authenticate users - perhaps partner companies
However, I do agree it is daunting and time consuming to set up.
Avatar of fd4u

ASKER

@feridun
With all respect I can't agree with your explanation. First, I don't think that authentication type and background complexity are corelated so tightly. Second, if we are talking about complexity I think that SharePoint can be much more complex than Dynamics CRM in number of databases, services (dozens of them), with enterprise search which includes no just SP resources but also Exchange e-discovery and any other external resources, with filtering results acording to user privilegies.....

Finally, if federation is the reason, they could add claims as an option, but remain other ones also. It would be stupid to make life so complicated for 99% percent of users just to enable feature that will be used in no more than 1% deployments. (I'm not sure if my estimations are correct, but I haven't saw CRM for federated users yet.)
Fair enough. Your comments are valid.  Configuring IFD for CRM 4.0 was considerably simpler and did not involve claims at all.
Avatar of fd4u

ASKER

After many troubles with configuring IFD I've finally succeeded (details).
But immediately after that I've ran into different problem - publishing IFD on TMG 2010 SP2. After publishing ADFS and IFD, I've got access in browser, but again I was unable to connect Outlook client (???#%$*&@$???). Again I've lost two days in trying different publishing settings (overriding host header or not, changing ports, rechecking certificates, requests from original sender or from TMG, link rewriting or not...) and again with no luck...
Finally I've found this article which states that rollup 2 for TMG 2010 SP2 is needed. I haven't heard about those rollups before because I'm relying on WSUS to get me all new stuff. But rollups 1 - 3 for TMG 2010 SP2 are special, and you need to create an order to get download links to e-mail...
Why everything needs to be so complicated with this Dynamics CRM??? I've spent so much time and energy in setting it up that I doubt I'll ever actually use it.
Thanks
I wish I'd remembered to point out this Microsoft document to you,
http://www.microsoft.com/en-us/download/details.aspx?id=3621

It might have helped you.
Avatar of fd4u

ASKER

I've grade the answers with "Good" just because these were disappointing for me. But as far as I know at the moment - they are correct.