Changing CRM 2011 IFD Relying party url RRS feed

  • Question

  • I have an environment where crm.domain.com is the access url for getting into crm. This url is configured as being the internal web address for crm and also the Org name (crm)

    The IFD tool in CRM 2011 forces the org name as being the url for the internet facing url, again crm.domain.com. ADFS won't allow this. Is there any way to force a change to something along the lines of externalcrm.domain.com?

    I've tried to configure it using crm.external.domain.com but I'm running into certificate validation errors. 


    Any ideas?

    Friday, December 16, 2011 11:58 PM

All replies

  • Hi, 

    I wrote a blog on how I got IFD working working on a virtual machine for testing. It sounds like I might I had the same issue with the certificate that your experiencing. It might be worth a read. The blog can be found here

    Hope it helps.

    My personal MSCRM website/blog at CRM Codex
    Follow me on Twitter
    Saturday, December 17, 2011 12:17 AM
  • I am getting this error as well on a users computer. I changed the option in CRm to match all contacts in CRM, then did a sync from the CRM drop down menu in Outlook and got the error in the sync log. Then when I do a look up on a CRM contact it looks like it sync'd some of the contact but not all of them.
    submit free article
    Saturday, December 17, 2011 4:08 PM
  • Hello,

    If your certificate is *.domain.com, then your external root domains should be based on domain.com (e.g. auth.domain.com, dev.domain.com, etc...). But because your internal web address is crm.domain.com, then IFD will not support an org named "crm".

    The reason why everything works before you configure IFD, is because the org name is appended to the internal url - i.e. https://crm.domain.com/crm but after configuring IFD, the external URL is also https://crm.domain.com. This creates a conflict and CRM cannot determine if you want to access the internal or external URL. This is not supported and one of the following must change:

    • Org name
    • Internal web addresses
    • External web addresses

    Your simplest solution is to change the internal web address to something other than crm.domain.com (e.g. internalcrm.domain.com). This can be done from the Deployment Manager | Deployment Properties | Web Address Settings. Note that an iisreset may be required after this. Once done, refresh the federation metadata of both CRM relying parties in ADFS. Then, you can access your internet facing URL for your org with https://crm.domain.com and the internal URL with https://internalcrm.domain.com/crm.

    Please let me know if you have questions.



    • Proposed as answer by Ja08 Wednesday, December 28, 2011 11:45 AM
    Monday, December 19, 2011 4:20 AM