Deploying CRM 2011 via IFD in one server RRS feed

  • Question

  • Hello all. Current setup of CRM 2011 Rollup 7 is as follows:

    • 1 server in the backend with all roles properly installed. Port used is 5555.
    • 1 server in the frontend with Web role properly installed, using also port 5555.

    Main idea is to deploy frontend server in the DMZ, thus the configuration of IFD comes handy.

    Customer has a strong policy on publish in the DMZ only for ports 80 or 443. Since my CRM 2011 deployment is using port 5555, is it possible to configure IFD to use port 443, since HTTPS is a must, and have ADFS2 properly configured in port 80?


    Guillermo Taylor F.
    IT Pro & Xbox gamer
    My blog

    Wednesday, March 28, 2012 3:50 PM

All replies

  • Theoretically; yes, but with caveats.

    CRM and ADFS must be configured to use HTTPS/SSL, but the ports you use are entirely up to your discretion.  However, configuring HTTPS on port 80 is not only counter-intuitive, I would strongly suggest it would be against the same policies that are restricting you to ports 80 and 443.

    To reiterate, in case it isn't clear - to complete an IFD configuration, ADFS must be configured for HTTPS (not HTTP), regardless of your choice of port (80 or otherwise).

    There are two ways around this:

    1. Install CRM and ADFS on separate servers and configure both on port 443
    2. Install CRM and ADFS on a single multi-homed server, such that CRM and ADFS can "share" port 443; but on different IP addresses - NB: while this is purportedly feasible I am yet to hear of a successful implementation

    --pogo (pat) @ pogo69.wordpress.com

    Wednesday, March 28, 2012 10:38 PM
  • ADFS must use https, and must be on the default website.

    You should be able to setup the server with more than one IP address and then bind the default website to use 443 on one IP address, then the CRM server to another IP.

    Install CRM using an arbitrary port (eg 5555) then reconfigure IIS to bind 443 to the right IP, then change the server properties in deployment manager, set to https and set the URLs (all the same), then configure claims based authentication, then IFD config and finish ADFS config (relying parties for internal and external access).

    Hope this helps. Adam Vero, MCT

    Wednesday, March 28, 2012 11:05 PM
  • Thank you all. I'll test next week and will let you know...


    Guillermo Taylor F.
    IT Pro & Xbox gamer
    My blog

    Tuesday, April 3, 2012 8:30 PM