locked
IFD on a NLB environment problems RRS feed

  • Question

  • Hi Everyone, I'm doing an installation of a CRM2013 with 2 Full installation server on a NLB Cluster. The setup went correctly, via http everything is working fine. I had to enable IFD, so i mapped all the addresses:

    auth.contoso.com

    disc.contoso.com

    internal.contoso.com

    With the NLB virtual server ip. Now I managed to install the certificates and the Federation metadata responded correctly from both servers. I enabled the claim-authentication on an ADFS server creating all the trusting rules. At this point I expected to be able to log to https://internal.contoso.com but the browser is just showing the message "cannot show the webpage". This is weird because if i try to get the discovery service on that same address the service is there and is running (and is answer is the correct one). Anyone knows if a NLB can create problems or if i have to set something else to make it work? Looks like that something is going wrong when I'm hitting the sts server, but on the same ADFS I already installed successfully another IFD. During a request to sts (the url of the working crm is similar to the one made through the NLB beside the org name) in one case is going through in the other no. Also is it normal that the federation metadata of the NLB virtual address is different from the one coming from a single server (metadata s1 != s2 != NLB)? I was expecting that the federation metadata coming from the NLB was the same as one of the 2 servers.

    Friday, May 16, 2014 6:45 AM

All replies