Configuration Reverse Proxy + CRM 2013 + Kerberos RRS feed

  • Question

  • Hello folks,

    I am facing to an issue, that I tried to resolve by myself with a lot of reading, but no success.

    I have installed Dyanmics CRM 2013 with one full server role accessible with the URL : http://internal-crm/orgname.
    I also activated Kerberos by setting the good SPNs.

    I need to access CRM behind a reverse proxy Apache with the URL : https://external-crm.com/orgname.
    The Apache module is used to rewrite the client connexion URL https://external-crm.com/orgname to http://internal-crm/orgname. 

    The rewritting seems to work well, because I tested it with a sample test web site, but the authentication fails. 

    The scenarii are : 

    • I succeeded to connect directly to http://internal-crm/orgname with Kerberos and without authentication problems
    • If I try to connect to the CRM by using https://external-crm.com/orgname, I have prompt for credentials that appears on the screen, I fill the credentials, but an error 401 unauthorized is raised.

    I traced this try of connection and I noticed that the error is raised by the Apache reverse proxy, the connection never reached the CRM Server.

    What's wrong with my architecture ? Did I forget something ? 

    Thx for your help


    Thursday, August 21, 2014 2:15 PM

All replies