CRM 2011 IFD question RRS feed

  • Question

  • Hi folks, i have internal domain company.local, crm server 2011 is running on a machine crm.company.local and Claimbased authentication works fine. Now I am stuck with IFD configuration. Do I need ADFS 2.0 Proxy for accessing my CRM server from the internet? External namespace is company.com, where should I direct my public IP addresses ? All to external interface of ADFS proxy? Can I publish proxy with TMG 2010, or do I have to configure public IPs directly on proxy.

    Is there any guide for this configuration? Regards,

    Marek Chmel, WBI Systems (MCTS, MCITP, MCT, CCNA)
    Thursday, December 22, 2011 8:08 AM


All replies

  • You may find the following links helpful:


    http://www.microsoft.com/download/en/details.aspx?id=3621  (look for the link to claims-based authentication)

    I'm not aware that you need the ADFS 2.0 proxy, just ADFS 2.0. But I guess this depends on the configuration of your network.

    Thursday, December 22, 2011 12:52 PM
  • Thanks for the links, but still they dont explain the configuration of adfs and adfs proxy (and possible TMG publishing).

    In all the guides the ad domain name space is the same like external name space and there is usually no firewall in place.

    Anyone has some idea?

    Marek Chmel, WBI Systems (MCTS, MCITP, MCT, CCNA)
    Monday, December 26, 2011 4:46 PM
  • Hi Marek,

    Please go through the implementation manual to configure IFD and check this link to create and publish web rules in TMG.




    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    Tuesday, December 27, 2011 9:58 AM
  • There is hardly anything usefull in all the impl guides - Im stuck with a simple questing / deisng consideration.

    Internal domain name - company.local

    External name - company.com

    Claimbased works fine for crm.company.local

    Do I / Dont I need a ADFS proxy to allow access to my CRM externaly (would like to use auth.company.com or whatever else).

    I have setup a adfs proxy (trust estabilished OK) but when i try to add a relying party trust i got a 403 error (name auth.company.com has an IP of the ADFS Proxy, is that correct?)



    Marek Chmel, WBI Systems (MCTS, MCITP, MCT, CCNA)
    Wednesday, December 28, 2011 3:42 PM
  • Marek, you do not need an adfs proxy to access crm 2011 externally using IFD. You only need ADFS and the two sets of relying party rules, one for internal access and one for external access.


    I fount the document at this location http://www.microsoft.com/download/en/details.aspx?id=3621 (look for the link to claims-based authentication) to be helpful.


    Tuesday, January 3, 2012 4:11 PM