locked
CRM 2011 & IFD & Sharepoint RRS feed

  • Question

  • I need the following: CRM 2011, IFD, Sharepoing

    Deployment is on: 1x Physical server, 1x virtual server (Hyper-V), using SBS 2008

    The question is what should go on what server and what ports:

    1) Sharepoint by default is on physical server on "*:987(https),Companyweb on *:80(http)"
    2) ADFS is on physical server on default website "*:80(http), *:443(https)"
    3) CRM is on virtual server on default website "*:80(http), *:443(https)"
    4) SQL is together with CRM on virtual server

    Does this look like a proper setup?

    I assume I can use the wildcard certificate only on one server (on the one with CRM). If that is the case is a self signed SSL certificate for on the physical server good enough or will it produce warnings for the users?

    Thursday, March 8, 2012 10:46 PM

Answers

  • Hello,

    Your configuration looks good. You can use a wild card certificate on any number of machines as long as the root domain is the same. For example, if your certificate is *.contoso.com, ADFS hostname is adfs.contoso.com and your CRM external domains are contoso.com and dev.contoso.com, then you can use the same cert on both servers. Note that all traffic must go through the https binding.

    Self-signed SSL (or any other type) certificates should only be used for test environments and never for production.

    Please let me know if you have any other questions.

    Thanks,

    Matios

    • Marked as answer by hfaun Monday, April 30, 2012 10:03 PM
    Friday, March 9, 2012 9:20 PM
  • Hello,

    If there are no trusts between the domains, you'll need to federate them.

    The primary ADFS (the one configured with CRM) must be in the same domain as the CRM server(s), SQL, and SharePoint. I highly recommend getting CRM to work with just the primary domain first. Once done, federate the other domains by installing ADFS in each domain and configuring Relying Parties and Claims Providers.

    1. Let's call the ADFS CRM is configured against ADFS1 and the rest ADFS2, and ADFS3, etc...
    2. On ADFS1, add each other ADFS (2, 3, etc...) as a Claims Provider
    3. On each other ADFS, add ADFS1 as a Relying Party trust

    Please refer to the following articles:

    A Developer's Introduction To Active Directory Federation Services
    http://msdn.microsoft.com/en-us/magazine/cc163520.aspx

    Add a Claims Provider Trust
    http://technet.microsoft.com/en-us/library/adfs2-help-how-to-add-a-claims-provider-trust(v=WS.10).aspx

    Add a Relying Party Trust
    http://technet.microsoft.com/en-us/library/adfs2-help-how-to-add-a-relying-party-trust(v=ws.10).aspx

    Let me know if you have additional questions.

    Thanks,

    Matios

    • Marked as answer by hfaun Monday, April 30, 2012 10:03 PM
    Monday, April 23, 2012 8:58 PM

All replies

  • Hello,

    Your configuration looks good. You can use a wild card certificate on any number of machines as long as the root domain is the same. For example, if your certificate is *.contoso.com, ADFS hostname is adfs.contoso.com and your CRM external domains are contoso.com and dev.contoso.com, then you can use the same cert on both servers. Note that all traffic must go through the https binding.

    Self-signed SSL (or any other type) certificates should only be used for test environments and never for production.

    Please let me know if you have any other questions.

    Thanks,

    Matios

    • Marked as answer by hfaun Monday, April 30, 2012 10:03 PM
    Friday, March 9, 2012 9:20 PM
  • Dear Matios

    I am going to setup crm2011 sharepoint2010 with adfs. I have 3 different domains like company1.com company2.com company3.com. How adfs work with it. physically i have 5 servers. one for activedirectory and adfs 2nd for exchange 3rd for crm  4th for sharepoint and 5th for SQL hosting. I am confiused how it work and how i use adfs to connect other company domains.

    I am very thankfull if you provide in detail like step by step format.

    i am going to install sharepoint enterpise 2010 with crm2011 workgroup versions is that fine?

    Friday, April 20, 2012 3:16 PM
  • Hello,

    If there are no trusts between the domains, you'll need to federate them.

    The primary ADFS (the one configured with CRM) must be in the same domain as the CRM server(s), SQL, and SharePoint. I highly recommend getting CRM to work with just the primary domain first. Once done, federate the other domains by installing ADFS in each domain and configuring Relying Parties and Claims Providers.

    1. Let's call the ADFS CRM is configured against ADFS1 and the rest ADFS2, and ADFS3, etc...
    2. On ADFS1, add each other ADFS (2, 3, etc...) as a Claims Provider
    3. On each other ADFS, add ADFS1 as a Relying Party trust

    Please refer to the following articles:

    A Developer's Introduction To Active Directory Federation Services
    http://msdn.microsoft.com/en-us/magazine/cc163520.aspx

    Add a Claims Provider Trust
    http://technet.microsoft.com/en-us/library/adfs2-help-how-to-add-a-claims-provider-trust(v=WS.10).aspx

    Add a Relying Party Trust
    http://technet.microsoft.com/en-us/library/adfs2-help-how-to-add-a-relying-party-trust(v=ws.10).aspx

    Let me know if you have additional questions.

    Thanks,

    Matios

    • Marked as answer by hfaun Monday, April 30, 2012 10:03 PM
    Monday, April 23, 2012 8:58 PM
  • I actually ended up having 1 host (Server 2008 Std), one virtual SBS 2008 Prem and one virtual Server 2008 Std. All these licenses are included with the SBS 2008 Prem. Number 1 and 2 did go on the virtual SBS with ADFS being on port 444 (you have to set the bindings on the default website to 444 BEFORE installing ADFS). 3 and 4 did go on the virtual Server 2008. Note that per license agreement you can only run hyper-v on the host but not SQL, CRM, etc.

    The wildcard certificate was installed on SBS. Then you export it and import it on the virtual server hosting SQL/CRM. I hope that helps anybody trying the same setup.

    Monday, April 30, 2012 10:02 PM