locked
CRM 2016 IFD Setup Redirecting to AUTH - "This page can’t be displayed" RRS feed

  • Question

  • Well I thought I was going to make it through an IFD setup without issue, but no such luck.  I am not seeing the FORM sign-in page no matter what I try.  More specifically I am getting redirected to the following url;

    https://adfs.domain.net/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fcrm2016.domain.net%2f&wctx=rm%3d1%26id%3d5b8a8601-f93b-4755-ae1f-ef4f51ef3b25%26ru%3dhttps%253a%252f%252fcrm2016.domain.net%252fMYORG%252fmain.aspx&wct=2016-04-21T13%3a25%3a12Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword

    IE is saying "This page can’t be displayed".  

    MORE DETAILS ----

    This is my first time trying CRM2016, Windows 2012 R2 and ADFS 3.0 together.  My setup includes separate CRM, SQL and ADFS servers.  I followed a combination of instructions including this one,

    https://blogs.msdn.microsoft.com/niran_belliappa/2014/01/16/step-by-step-configuring-crm-2013-internet-facing-deployment-ifd/ - detailing separate ADFS / CRM servers but not 2016, R2 or ADFS 3.0

    and this one, 

    https://www.interactivewebs.com/blog/index.php/crm/how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server/- specific to CRM 2016 and R2, but all single server so required extra ports, which I did not want.

    Machines that are JOINED to the domain are automatically signed into CRM via Windows Integrated Authentication.  HTTPS is showing the correct cert.

    http://internalcrm.domain.net/MYORG/main.aspx

    https://internalcrm.domain.net/MYORG/main.aspx

    Devices that are not joined to the DOMAIN but still on the local network have differing behavior.

    http://crm2016.domain.net/MYORG/main.aspx

    Throws a username /password dialog which no matter what I try does not let me in (eventually throwing a 401).

    http://crm2016.domain.net/MYORG/main.aspx

    Redirects to the URL mentioned above.

    I don’t really care about HTTP and will most likely unbind it at some point.

    WHAT WORKS ----

    As far as I can tell everything.  I can access all of the following URL’s

    https://internalcrm.domain.net/FederationMetadata/2007-06/FederationMetadata.xml

    https://adfs.domain.net/FederationMetadata/2007-06/FederationMetadata.xml

    https://auth.domain.net/FederationMetadata/2007-06/FederationMetadata.xml

    I can sign in using

    https://adfs.etecsol.net/adfs/ls/idpinitiatedsignon

    I have run the following on the CRM server

    setspn -a HTTP/adfs.domain.net domain\Administrator

    setspn -a HOST/adfs.domain.net domain\Administrator

    I have double checked DNS and did about 20 iisresets

    WHAT I HAVE NOT DONE, yet… ---------------

    Setup Proxy or External DNS – I am still just trying to get this to work on the internal LAN my goal is for CRM to be available to browsers on devices (iPads, iPhone, etc.  not joined to the domain). 

    Any help would be appreciated.

    C

    Thursday, April 21, 2016 1:59 PM