Greg,
I have recently seen the thread so I may ask something that may be redundant for you; however, I hope this will help us get your CRM working on remote servers with the correct configuration.
1. What are the SPN's set on your Domain account that is running the CRMAppPool?
Look at the Service Account section for the SPN information.
http://support.microsoft.com/kb/946677 Also
http://blogs.msdn.com/crm/archive/2009/08/06/configuring-service-principal-names.aspx will help a lot understanding SPN's for CRM.
Note: On a Domain account you should have HTTP and not HOST SPN's. Computer account Automatically get configured with HOST as it is
Network Service. Network Service = ComputerName$
2. What is the port used by CRM website?
3. Have you used a Host Header in IIS bindings?
4. Is the website working as both
http://localhost:PORT and
http://servername:PORT on the CRM box?
5. For the http 401.2 error follow
http://support.microsoft.com/kb/215383 Note: run the following command at "C:\Inetpub\Adminscripts" to find the websites Auth Providers. ("
Website" is the website identifier
which can be found by clicking the websites container in IIS)
cscript adsutil.vbs get w3svc/<var>WebSite</var>/root/NTAuthenticationProviders
If the above query returns nothing then run the following command. (don't forget
Website = Website identifier)
cscript adsutil.vbs set w3svc/<var>WebSite</var>/root/NTAuthenticationProviders "Negotiate,NTLM"
6. When you try to access
http://CrmServer:PORT from a remote site do you get an error? (assuming you can access CRM locally and not on
remote servers, like you mentioned at the begining of the post.)
Now there are a few things. In II7 we have Kernel mode overrides your AppPool account settings which may cause Kerberos issues. Also check if Firewall on CRM server has the CRM website's port in the Exceptions list to allow connections.
I think this should help you. :-)
Let me know if you need more information.
Kaustubh Giri
