Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Help with Claims Based Authentication for CRM 2013 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I have the following setup:

    • Server A : CRM Front End Roles
    • Server B : CRM Back End Roles + Deployment Services
    • Server C : SQL Server 2012 + ADFS 2.0
    • Server D : AD

    Now I enabled HTTPS for the CRM Website for Server A and Server B (Port 443) and also for the Default Website for Server C (since ADFS is installed there).

    I am now about to enable Claims Based Authentication, but I am stuck what to provide for the Service URLs.

    Earlier I used "internalcrm.mydomain.com" since the Deployment Web Service was with the Front End Roles, but now it's in a separate server. I have a DNS entry that maps "internalcrm.mydomain.com" to "servera.mydomain.com"; so I know I cannot use it for the Deployment Service URL.

    Please could someone provide assistance on what URLs to provide here? I tried with ServerB:443 or just ServerB and https; but the configuration isn't right because when I try to do something using PowerShell, it throws error.

    Admin QuikView Solution for CRM 2013

    Monday, May 12, 2014 12:42 PM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Anyone got anything to help?

    Admin QuikView Solution for CRM 2013

    Tuesday, May 13, 2014 5:07 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The service URLs will be set when running the IFD Wizard, rather than setting them directly via the Properties dialog in your screenshot.

    All bindings should be https, and the domain names must be fully qualified domain names, with associated certificates.

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Tuesday, May 13, 2014 9:58 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi David,

    I assigned HTTPS and FQDN for the service URLs as follows:

    I updated the Urls using PowerShell; but now when I try to enable Claims Based Authentication using PowerShell, it throws error. The PowerShell I am using is as follows:

    Write-Host "`r`n`r`n`r`nEnabling Claims Based Authentication for CRM..."; 
    $claims = Get-CrmSetting -SettingType "ClaimsSettings"; 
    $claims.Enabled = 1;$claims.EncryptionCertificate = "CN=*.mydomain.com"; 
    $claims.FederationMetadataUrl = "https://adfs.mydomain.com/federationmetadata/2007-06/federationmetadata.xml"; 
    Set-CrmSetting $claims; Write-Host "Successfully completed action...";

    I receive the following error, which means the very second line -SettingType "ClaimsSettings"; throws an error, possibly due to the Deployment Url being incorrect:

    Get-CrmSetting : The remote server returned an error: (500) Internal Server Error.
    At line:1 char:99
    + Write-Host "`r`n`r`n`r`nEnabling Claims Based Authentication for CRM..."; $claims = Get-CrmSetting <<<<  -SettingType
     "ClaimsSettings"; $claims.Enabled = 1;$claims.EncryptionCertificate = "CN=*.mydomain.com"; $claims.FederationMetadataU
    rl = "https://adfs.mydomain.com/federationmetadata/2007-06/federationmetadata.xml"; Set-CrmSetting $claims; Write-Host
    "Successfully completed action...";
        + CategoryInfo          : InvalidArgument: (Microsoft.Crm.P...rmSettingCmdlet:GetCrmSettingCmdlet) [Get-CrmSetting
       ], WebException
        + FullyQualifiedErrorId : CRM Deployment Cmdlet Error,Microsoft.Crm.PowerShell.GetCrmSettingCmdlet

    I am pretty sure this script worked if the Deployment Url was correct. Please could you tell me how to proceed next.

    Admin QuikView Solution for CRM 2013

    Tuesday, May 13, 2014 12:16 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    All it needed was IISRESET after setting the FQDN for the Server URLs. How stupid of me. :P

    Admin QuikView Solution for CRM 2013


    Thursday, May 15, 2014 3:40 AM