New Dynamics Instalation with IFD tool RRS feed

  • Question

  • I am having some troubles with our installation of CRM 4.0 workgroup server. Everything works well on the server where is installed but I can't seem to get access to it over the intranet or internet.

    Here is a brief description of our network environment:

    -  There are two servers on the network:

     1). Windows Small Business Server 2008 (DC, AD etc)

     2). Windows Server 2008 Standard (Business Apps, CRM, SQL Server 2005/2008) - This is where CRM is installed.

    Domain is registered with godadddy. SBS 2008 is set up for remote workplace with SSL certificate from godaddy for url: https://sbs.domain.com/ which point to SBS 2008 static public IP. Works fine!

    What I am trying to do is configure the CRM so that it can be accessed within the intranet and over the internet with url: https://crm.domain.com. It does not seem that there is any instructions on how to do this anywhere and I tried a couple of things but non worked so far.

    Any help or if you had previous experience with this kind of setup, please share.

    Thank you!

    Wednesday, October 14, 2009 10:08 PM

All replies

  • Hi Dele,

    There are many parts to configuring a CRM server for Internet access.  I've been meaning to write a blog one of these days with our best practices.

    Basic you need:
    a.  install the ssl certificate in your sbs server
    b.  configure crm iis site so it will answer in port 443 with your new ssl ceritifcate.

    c.  run ifd config tool.
       c0.  Right click and run as administrator to run the ifdconfig tool.  Click yes to all the security warnings (this makes the world more secure...)
       c1.  specify your internal network ip range
       c2.  specify ifd domain -- if your cert is crm.mycompany.com, then your ifd domain is mydompany.com
       c3.  reboot or do iisreset (not usually needed but recommended)

    d. setup dns so crm.mycompany.com is pointing to your public ip address that either goes directly to your crm server OR goes to a fw/router that maps to a private ip that goes to your crm server
    e. Allow https (port 443) access from the Internet to your crm server by modifying a rule in your firewall or router.
    f.  install the latest updates to both windows and crm 4

    let me know if this helps.

    Alex Fagundes - www.PowerObjects.com
    Wednesday, October 14, 2009 10:40 PM
  • Thank you your response, I have ssl installed on the sbs 2008 for the domain sbs.domain.com (not a wildcard ssl), and the 443 (https) is already pointing to the SBS for the remote workplace. Can I use this same ssl or get a new one (specifically one for crm.domain.com) and does this ssl  go to the SBS 2008 or the Windows Server 2008 where the CRM is installed?. The SBS 2008 and App server where the CRM is install both has separate static IP which is accessible from the outside the lan.


    Thursday, October 15, 2009 12:35 AM
  • Hi Dele,

    Get an ssl cert for crm.domain.com and install it in server:

    2). Windows Server 2008 Standard (Business Apps, CRM, SQL Server 2005/2008) - This is where CRM is installed.

    After adding the cert to the server above, run the ifd config tool, and make sure IIS is set to listen on port 443 on the crm dynamics web site.

    Alex Fagundes - www.PowerObjects.com
    Thursday, October 15, 2009 12:39 AM
  • One more thing, in the IFD internal network address and subnet what should is expected here in term or real ip. We have a lan with ip in the range 192.168.1.* (internal) and 14.15.16.*(external) what would be the appropriate value here for the IFD internal network address?

    Thanks a bunch!

    Thursday, October 15, 2009 12:45 AM
  • Specify the internal ip ( / network range in the ifdconfig tool.  CRM will then do integrated authentication to workstations in that range and forms based authentication (prompting for uid/pwd via ssl) for any other ip address.
    Alex Fagundes - www.PowerObjects.com
    Thursday, October 15, 2009 12:50 AM
  • I am working through this a step at a time, I have not installed the SSL certificate or anything, but did run the FTD tool and set the values as advised, but I still cannot see the application from the intranet. I am wondering if the problem has something to do with the DNS.

    Note: DNS is not installed on the on the Windows server 2008 where the CRM is installed. DNS service does exist on the SBS 2008.

    Thank you.

    Thursday, October 15, 2009 10:49 PM
  • Hi Dele,

    There is a good chance you have a dns issue.  Before trying to configure access from teh outside, definately check internal dns.

    Can you access crm from the server itself?

    Is DNS resolving properly internaly?

    Alex Fagundes - www.PowerObjects.com
    Saturday, October 17, 2009 5:10 PM
  • Locally, I can access the CRM onthe installed server using: http://servername:5555

    But cannot access this from any other machine on the network.

    Thank you for helping with this, I really appreaciate it!

    Saturday, October 17, 2009 6:50 PM
  • Hi Dele,

    If you can not access http://servername:5555 from other machines, but can from the server itself, these these two items:

    -check that the server has a disabled or properly configured windows firewall
    -Check DNS resolution of the server name.
    Alex Fagundes - www.PowerObjects.com
    Sunday, October 18, 2009 4:49 PM
  • This has been a tough process, I  am now able to access the application over the intranet using the server name with the 5555 port. I am still confunded however on how to set up the DNS/SSL for the internet access to the application.

    So far I have set my subdomain crm.comcentia.com to point to the static IP server where the CRM is hosted. I have also, allowed open up the firewall for communitation coming to on the IP to pass through to the CRM server. But I cannot get into the CRM still.

    What am I doing wrong.

    Sunday, October 18, 2009 7:46 PM
  • Hi Dele,

    To get your organisation internet ready.. Use the  internet facing deployment tool (IFD-tool) and during setup see to that your DNS resolves correctly.If you have not defined domain names in DNS, the Internet Facing Deployment Configuration Tool displays a message indicating that the domain name cannot be resolved. For specific instructions, see Setup test DNS record in How to configure an Internet-Facing Deployment for Microsoft Dynamics CRM 4.0.

    Before going further, please reveiw the documentation that describes the configuration needed at your network - there are excellent resources available.


    Additional resources that may be helpful are available here -



    (the above solution was given to me  by Mr.Scott Sewell - MVP)

    We also can also access crm on internet, in browser type the <server IP>:5555 and  logging on using the active directory username and password..  

    • Proposed as answer by Prijil.P.S Tuesday, February 1, 2011 3:51 AM
    Monday, January 31, 2011 10:08 AM