locked
Need help with IFD configuration RRS feed

  • Question

  • Hi all,

     

    I am facing issues in IFD deployment too

     

    Now these are the steps I perform -

    1. I go ahead and create new hosts in my DNS Server (under domain.com) for all my organisations. Clear cache in DNS.
    2. I open the CRM IFD tool and give proper App domain and Also perform "Check DNS" and DNS resolves correctly.
    3. I go to my IIS to CRM's website and give a host header value (<orgname>.domain.com) to the default IP of my server.
    4. Reset IIS.
    5. Go open the <orgname>.domain.com from my server -> Now here I need to specify the TCP port number too.

    So "<orgname>.domain.com:5555", and the CRM home page opens up. It doesn't show my the Sign In page like it should.

     

    Please guide me as to what is it I can do to get this sign in page up.

    Also does IFD mean Membership Provider comes into the picture cos of Forms Auth?

     

    Thanks

     

     

    Tuesday, August 26, 2008 5:42 AM

Answers

  • Sanchita,

     

    You have to have a Public IP Address to publish your CRM server on the internet. Is your DNS hosted by a service provider?

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:03 AM
    • Marked as answer by Jim Glass Jr Thursday, February 4, 2010 6:52 PM
    Tuesday, September 16, 2008 10:09 AM

All replies

  • I may be wrong about this but my understanding of the Sign In page is that it only appears for clients that try to connect from a network that is not the local subnet (as defined in the IFD setup).

     

    If you are browsing to your orgname.com from your server are you not connecting internally therefore the signin doesn't appear and you are authenticating using Windows Integrated Authentication?

     

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:01 AM
    Wednesday, August 27, 2008 11:28 AM
    Moderator
  • Yes you are correct about the signin page. I have no ip adresses specified currently in the IFD Internal Network Address - Subnet Mask part.

     

    And yes I am browsing to my - orgname.domain.com from the CRM server, so I always get Windows Integrated authentication. When I try to connect from other computers in the same domain I am still prompted for my windows login and outside the domain it is unable to resolve - orgname.domain.com.

     

    Thanks

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Friday, August 29, 2008 4:34 AM
  •  

    Thanks for the update. With regard to not resolving orgname.domain.com you need to ensure that a record for this has been added to your external DNS zone. You may need to contact your ISP to do this or whoever hosts your external domain.
    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Friday, August 29, 2008 6:20 AM
    Moderator
  • Yes absoultely.

     

    But can you tell me what is the meaning of IFD On Premise. Doesnt it enable forms authentication for a user who is not on the intranet? And if yes how? I mean the user still needs to be an AD user (in IFD forms authentication) from what I know. Please correct me if I am wrong. But is there no way MembershipProvider can be used for this?

     

    Thanks

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Friday, August 29, 2008 8:15 AM
  • IFD+OnPremise means that you want to users to be able to authenticate on the internal network (OnPremise) and from the Internet(IFD).

     

    Choosing this settings makes a number of database, registry and website changes.

     

    All CRM users must be AD users. I'm not familiar with MembershipProvider.

     

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Friday, August 29, 2008 9:05 AM
    Moderator
  • Hi Feridun!

    I'm having a problem with IFD tool too. I also made the ff procedure but unable to browse the CRM login page using IE. Can you give me sample values that i have to enter in the fields on the IFD configuration? Here are the ff values that i entered:

     

    Authentication Strategy: IFD+On Premise

    IFD Internal Network Address and Subnet Mask: 192.168.1.1-255.255.240.0

    IFD App Root Domain/IFD SDK Root Domain: subdomain.domain.com:5555

    AD App Root Domain/ AD SDK Root Domain: SERVERNAME:5555

     

    When i browse IE(using a computer that is outside our domain and using a public intenet) and connect to http://subdomain.domain.com:5555

    A windows pop-up(windows authentication) prompted me to enter username and password.

    I believe that if IFD is working, i should be prompted with the "CRM login page" right?

     

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Friday, August 29, 2008 12:25 PM
  • Try browsing to http://CRMOrgName.subdomain.domain.com:5555

     

    CRM 4.0 can work with multiple organisations so to specify which one you want to connect to you have to specificy it in the external URL.

     

    You must also put an entry in your external DNS so that CRMOrgName.subdomain.com resolves to your CRM server.

     

     

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Saturday, August 30, 2008 6:35 AM
    Moderator
  • Hi all...
    I was looking for a help to me, but this one i think I may help...
    I've found a walktrogh in URL 
    http://support.microsoft.com/kb/948779 (this one is in portuguese...)

    http://support.microsoft.com/kb/948779/en-us/ (this one can be helpfull to most people ... en)

    Hope it helps!
    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Thursday, September 11, 2008 3:55 PM
  •  

    Hey thanks for the link! I had been through it during the configuration. Its a very helpful reference.

     

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Monday, September 15, 2008 7:08 AM
  • Hi All!

     

    Our IFD is now running. I deleted all the Internal IP addresses in the IFD tool and added the Internal IP address/Subnet: ServerIPaddress-255.255.255.255 and it worked. The Microsoft CRM login page(signin.aspx) appeared and our CRM server is up and running using forms authentication. Thanks to all!

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Monday, September 15, 2008 7:19 AM
  • Sanchita,

     

    Just follow the CRM implementation guide by Microsoft(http://www.microsoft.com/downloads/details.aspx?familyid=1CEB5E01-DE9F-48C0-8CE2-51633EBF4714&displaylang=en) and in the IFD tool, enter your CRM server's internal IP address and use the subnet 255.255.255.255

    It worked for me. Now, our CRM server is using Forms Authentication. Kindly try the configuration below:

     

    IFD Tool Configuration:

    -Authentication Strategy: IFD + On Premise

    -Anonymous: ON

    -Key Encryption: ON

    -IFD Internal Netword Address and Subnet Mask: ServerInternalIPadd-255.255.255.255

    -IFD Domain Scheme: HTTP

    -IFD App Root Domain: DomainName.com

    -IFD SDK Root Domain: DomainName.com

    -AD Domain Scheme: HTTP

    -AD App Root Domain: ServerName:5555

    -AD SDK Root Doamin: ServerName:5555

     

    Note: when you create the URL in your DNS, try the format below:

    CRMOrgName.DomainName.com

     

    The CRMOrgName should match the Organization Name you will use in the MSCRM installation.

     

    One more thing, for you to make sure that your DNS resolves, try to ping CRMOrgName.DomainName.com

    and the reply should come from the External/Public IP address that you declared in your DNS.

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Monday, September 15, 2008 7:39 AM
  • Hi doydiaz,

     

    We have tried all the steps pointed out by you. The IP adress just specifies if the computer connecting to the CRM is intranet or not, so I have provided my CRM server's IP. Subnet mask I am not sure about I have tried 255.255.255.255 although.

     

    On my intranet I get the windows logon prompt but I am unable to get the signin page on the internet (orgname.domain.com)

     

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Monday, September 15, 2008 12:00 PM
  • Hi...

     

    Have U checked permissions on IIS?...

     

    Go their and check permissions for website so U can logon without being on Domain.

     

    Good Luck!

    Monday, September 15, 2008 3:06 PM
  • Sanchita,

     

    Here are the settings/configuration i made with our CRM. This might help you.

     

    We have installed(in (1) machine):
    -Windows Server 2003 Enterprise R2 w/ SP2
    -IIS 6.0 and all other required components listed on the “Implementation Guide(Software Requirments)”
    -MS SQL 2005 Enterprise w/ SP2
    -MS Dynamics CRM 4.0 (Enterprise)
    -IFD Tool
    -The Port we used for the CRM Website is: 5555

     

    Others:
    -Machine Name: ServerName (Internal IP: 123.123.1.1 / Subnet: 255.255.240.0)
    -SQL SERVERNAME: ServerName
    -CRM Organization Name: OrgName
    -Domain Name(Hosted DNS): DomainName.com
     
    We have registered the URL below in our DNS provider:
    -http://OrgName.DomainName.com
    ** The URL is mapped to our External IP: 124.123.123.123
    ** The Ext. IP(124.123.123.123) is redirected to Int. IP(IP of “ServerName”): 123.123.1.1 (Configured in our Firewall)

     

    IFD Tool Configuration:
    -Authentication Strategy: IFD + On Premise
    -Anonymous: ON
    -Key Encryption: ON
    -IFD Internal Netword Address and Subnet Mask: 123.123.1.1-255.255.255.255
    -IFD Domain Scheme: HTTP
    -IFD App Root Domain: DomainName.com
    -IFD SDK Root Domain: DomainName.com
    -AD Domain Scheme: HTTP
    -AD App Root Domain: ServerName:5555
    -AD SDK Root Doamin: ServerName:5555

     

    IIS Setting:
    -Go to your CRM website >> Properties >> Directory Security >> Authentication and Access Control >> Anonymous access and Integrated Windows Authentication must be ENABLED.

     

    CRM Server IP Add:
    -IP: 123.123.1.1
    -Subnet Mask: 255.255.240.0
    -Default Gateway: 123.123.6.1

     

    NOTE: With this configuration, all clients(inside/outside your domain) are treated with IFD and should be prompted with the CRM login page "Forms Authentication"(signin.aspx)

     


     

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:03 AM
    Tuesday, September 16, 2008 3:50 AM
  •  doydiaz wrote:

     
    We have registered the URL below in our DNS provider:
    -http://OrgName.DomainName.com
    ** The URL is mapped to our External IP: 124.123.123.123
    ** The Ext. IP(124.123.123.123) is redirected to Int. IP(IP of “ServerName”): 123.123.1.1 (Configured in our Firewall)

     

     

    I think other than this step all the remaining steps are similar to what we have implemented.

    I havent given an External IP address in the DNS.

    Also in IFD when I try to perform "Check DNS" it fails to resolve.

     

    Thanks

    • Proposed as answer by noai Saturday, September 26, 2009 3:02 AM
    Tuesday, September 16, 2008 7:20 AM
  •  rfigueiredo.pt wrote:

    Hi...

     

    Have U checked permissions on IIS?...

     

    Go their and check permissions for website so U can logon without being on Domain.

     

    Good Luck!

     

    Hi

     

    The permissions on IIS seem ok to me.

     

    Anon access is enabled and so is Integrated Windows Auth.

     

    Thanks

    • Proposed as answer by noai Saturday, September 26, 2009 3:03 AM
    Tuesday, September 16, 2008 7:23 AM
  • Sanchita,

     

    You have to have a Public IP Address to publish your CRM server on the internet. Is your DNS hosted by a service provider?

     

    • Proposed as answer by noai Saturday, September 26, 2009 3:03 AM
    • Marked as answer by Jim Glass Jr Thursday, February 4, 2010 6:52 PM
    Tuesday, September 16, 2008 10:09 AM
  • Hi,

    I have a similar issue configuring IFD.

    I have a public IP and i have mapped this IP to the internal IP of the server.

    I have run the IFD tool and setup IFD on the CRM Server. I am able to access the crm server internally and it pops up the signin page.

    But when i try to access from internet it shows page cannot be displayed.

    Can some body provide me a step by step instructions on configuring the IFD setup.  I have already gone through the IFD Scenarious document.

    Thanks,

    Billy
    Monday, January 18, 2010 12:52 PM