locked
IFD crm 2011 error, Need help . RRS feed

  • Question

  • Hi

    I'm trying to configure IFD for one of our customer , the problem i'm facing is getting prompt for user password when tring to get to internal crm address.

    This are the details :

    machine name : xrmtst1
    machine FQDN xrmtst1.Xdomain.com

    SELF sign SSL : XrmTstCert.Xdomain.com by using selfssl7 to create certificate that has diffrent name from machineName


    ----------------SPN -------------------
    C:\Windows\System32\inetsrv>setspn -l Xdomain\xrmtst1$
    Registered ServicePrincipalNames for CN=XRMTST1,OU=Servers,OU=Domain Controllers,DC=Xdomain,DC=com:
    http/orgCrmName-tst.Domain-X.co.il
    https/orgCrmName-tst.Domain-X.co.il
    https/xrmtst1.Xdomain.com
    http/xrmtst1.Xdomain.com
    WSMAN/XRMTST1.Xdomain.com
    WSMAN/XRMTST1
    TERMSRV/XRMTST1
    TERMSRV/XRMTST1.Xdomain.com
    RestrictedKrbHost/XRMTST1
    HOST/XRMTST1
    RestrictedKrbHost/XRMTST1.Xdomain.com
    HOST/XRMTST1.Xdomain.com

    ------------------------------------------

    DNS HOST A records :

    ifdurl-tst.Xdomain.com External IFD URL
    XRMTST1.Xdomain.com Machine name
    xrmtstcert.Xdomain.com ADFS SERVER NAME (selfsign certificate using selfssl7)
    CrmDiscovery-tst.Domain-X.co.il crm dicovery web service domain
    orgCrmName-tst.Domain-X.co.il internal/external web application server and organization web service domain----------------------------------------

    issue that i was dealing with :

    when i configure the ADFS 2 i didn't get the option to choose the certificate nor the ADFS name because the ADFS already choose them for me and the SSL CERTIFICATE field and Federation server name where disabled . Is this because the Default web site is bind with this certificate ?

    when I type https://xrmtstcert.Xdomain.com/federationmetadat/2007-06/federationmetadata.xml on the IE i didn't get xml nor error , I got white empty page. Why is that?

    I'm not sure what are the URL's  that I need to set on the screen of the deployment property manager :

    binding = HTTPS, Port for every URL is 444

    Web Application server:  ?:444

    Organization web service = ?:444

    Discovery web service = ?:444

    Deployment Web service = ?444

    This is full installation server ; Can I use the same address for all this URLs ?

    Is this URL going to be the url the user will type for internal access to the CRM ?

    Is there any connaction to the ssl certificate ?

    When do I set the internal address that I created on the DNS : orgCrmName-tst.Domain-X.co.il ?

    Is there a problem the the inner DNS is co.il and for outside world .com ?

    Can I use the same url for internal and external url ?

    After configuring the claims base authentication and creating all the needed rule I look at the log file and so this address :

    Internal Federation Metadata URL: https:// orgCrmName-tst.Domain-X.co.il:444/FederationMetadata/2007-06/FederationMetadata.xml

    Where this address came ? It declate on the DNS as an HOST A record but I ddin't set it ?

    When I go to this url I get the famous xml .

    Any way when I tried to browse to the : https://orgCrmName-tst.Domain-X.co.il:444 or to https://xrmtstCert.xdomain.com:444 I get prompt for user and password and after 3 attempt I het 401. I tried to do iisreset and set spn to the machine.

     

    I will appreciate any help .

     

     

     

    Thursday, February 2, 2012 8:52 PM