How to access CRM 3.0 from the internet without the need of VPN RRS feed

  • Question

  • Hi,

    I need to know if it's possible to access CRM 3.0 directly from the internet without the need of VPN.

    If yes how?

    Can anyone give me a link to a document that explains the different steps to acheive this?

    Thanks in advance.


    Thursday, April 3, 2008 2:16 PM


  • The IFD tool is 4.0 exclusive.  3.0 did have a service provider edition, but Microsoft restricted who could buy that version.

    You can make CRM 3.0 accessible via the internet; however, be aware that certain functionality, like reports, won't work that way due to the Kerberos authentication in 3.0.
    Sunday, May 18, 2008 11:57 PM

All replies

  • You will have to publish your CRM server as you do with any other server.


    Check this article: http://blogs.technet.com/isablog/archive/2008/02/19/publishing-microsoft-crm-3-0-through-isa-server-2006.aspx


    But if you looking for a better solution, CRM 4.0 is all about hosted service which my company is proud to be the first to provide. Check our website: http://www.hostedlive.eu/


    Let me know if this helped.





    Thursday, April 3, 2008 3:08 PM
  • Thanks for your reply.

    This blog says we need an ISA server but i need to know can't we achieve what we need without the ISA server?

    Thanks again


    Friday, April 4, 2008 6:06 AM

    No you do not need ISA.


    You need to do the following:

    1. Establish a name on the Internet that resolves to your CRM server (e.g. crm.yourdomain.com)
    2. Ensure that the DNS records for your domain get updated with an A record for the name established in step 1. The IP address for this record should be the external IP address for your network or CRM server.
    3. Configure your firewall to allow incoming web requests (if not already done) and that they are forwarded to the right server on your network. Be careful with this if you have multiple web servers that are accessed from the Internet - you don't want to break access to something that has already been set up.
    4. Configure your CRM web site (in IIS) with a host header that matches the name in step 1.

    I think that's all.


    Friday, April 4, 2008 6:59 AM
  • Are you sure i don't need an ISA server?

    If yes, can you provide me with all the steps needed to do the configuration?


    Friday, April 4, 2008 8:05 AM
  • Yes, you definitely do not need ISA. 


    The key element is for your firewall or other device that protects your internal network from the Internet to publish or otherwise make available your internal web server to the Internet.


    I've outlined the basic steps needed in my previous post. I can't give any more detail as it depends on several elements of exactly how your network is configured It may be appropriate to engage a network support professional to assist you.


    Friday, April 4, 2008 8:15 AM
  • Hi, thanks for your reply.

    I have another issue concerning this.

    The customer who wants to see his CRM through internet wants the address to be crm.company-name.com and i have already created an alias for the crm website called crm and assigned it to it in IIS as a host header. So now how can i change the address and the host header without affecting my crm installation or having to reinstall it.

    Because i tried to create a new alias and name it crm.company-name.com but i couldn't ping it.

    Any help would be appreciated.


    Friday, April 18, 2008 1:49 PM

    You also need to add a record to the DNS zone for company-name.com for crm.


    The record can be an A type that has the external IP address for the server or a CNAME record that points to another A record for the server.   The CNAME would be better because if the external IP address of the server ever changed you would only change it in one place.


    If there aren't any records for the server at the moment then you will have to create an A record.



    Friday, April 18, 2008 4:36 PM
  • Can you explain to me the steps i need to follow in order to do that because i'm not really into creating that type of records.

    Or can you tell me about a link that explains the procedure?

    Actually i created it as a CNAME but couldn't ping it.what could went wrong? 

    Thanks you!


    Monday, April 21, 2008 5:59 AM

    You need to create the records on the DNS server that is authoratitive for your domain. That is likely to not be the DNS server on your network. 


    Try this tool to see the DNS server that is responsible for your domain:




    Put the domain name in the host box and select NS for the type.



    Thursday, April 24, 2008 9:17 AM
  • Hi,

    The customer added the name (URL) to the DNS and i am able to ping it but when i add it to the IIS CRM website, i am not able to open the website with this URL.

    What could be the reason?


    Friday, May 2, 2008 12:15 PM
  • I  can't answer you question without doing detailed investigations of your network.  I really think you should invest in some local network support.



    Sunday, May 4, 2008 7:50 AM
  • Hi,

    Do you think i should use the IFD method?

    Here the link explaning about it: http://www.microsoft.com/downloads/details.aspx?FamilyID=3861E56D-B5ED-4F7F-B2FD-5A53BC71DAFC&displaylang=en

    If yes, will it need a new installation?

    Thanks again


    Monday, May 5, 2008 6:40 AM

    That document and tool applies to CRM 4.0 only.


    I believe that you are using CRM 3.0?






    Tuesday, May 6, 2008 7:42 AM
  • This method can't be applied to CRM 3.0? If not, can't i access my CRM through the Internet? Because it's not working until now.


    Tuesday, May 6, 2008 8:08 AM

    Yes, you can access CRM 3.0 via the Internet but not using the tools described in the IFD document which is specifically for CRM 4.0.


    We've already discussed the steps needed for accessing your CRM 3.0 website over the Internet in the earlier posts in this thread.





    Tuesday, May 6, 2008 8:12 AM
  • There are ways to get 3.0 to work through normal publishing of the website.  It can be a chore though and more often than not, the SRS reports won't work properly.  once you have the right port opened up ot t eh web server, users hould be able to login by probviding their network credentials.


    Tuesday, May 13, 2008 6:26 AM
  • It will not for CRM 3.


    I suggest to hire someone for support request.






    Tuesday, May 13, 2008 9:53 AM
  • Why would you say it can't be done when I know of many instances where people have CRM 3.0 working through a firewall without a VPN or ISA?  It's a matter of gettting the firewall configured properly, which is higly dependant on the firewall.

    Thursday, May 15, 2008 9:45 PM
  • The IFD tool is 4.0 exclusive.  3.0 did have a service provider edition, but Microsoft restricted who could buy that version.

    You can make CRM 3.0 accessible via the internet; however, be aware that certain functionality, like reports, won't work that way due to the Kerberos authentication in 3.0.
    Sunday, May 18, 2008 11:57 PM

    Like in the moving "Hunt for Red October" "The Engineer says the reactor can to 115 percent but it is not recommended".


    Sure you can open the page to the internet but remember that in 3.0 the reports are authenticated via a doublehop Kerberos authentication and if you are a web user at home on your XP machine you will do a NTLM authentication to the page and the reports will not work



    A VPN on the other hand will. As Joel mentioned, the reports won't work until you are part of the Kerberos Realm in the forest and even then they will not work if the SPNs can't be read on the machine account.




    Friday, July 25, 2008 7:59 AM