locked
Publish CRM 2011 with https and NTLM RRS feed

  • Question

  • Hi,

    We have a customer that has salespersons that work outside the office and and they would like to enable them to connect their Outlook clients without VPN and WITHOUT proper IFD. They have low user IT knowledge so they ed the URL to be https://crm.domain.com not https://org1.domain.com:444 that would confuse their users to much. So now we have published CRM through TMG 2010 like any other website and with Integrated Authentication. The web client works fine in Internet Explorer but when they try to use Outlook they get all kinds of errors. Like: "Server URL not valid" "Problems communicating with the server" and so on.

    So the question is, do we have to publish something more to allow the Outlook clients to connect from outside the network using NTLM.

    This is said to be supported by MS Support.

    Regards

    Joakim Gustafsson
    Stratiteq

    Tuesday, August 16, 2011 1:55 PM

Answers

All replies

  • Please refer to where this is supported per MSFT.  I am not aware of another method that will work apart from IFD.  CRM 4.0 IFD can be configured without ADFS if that's what you are referring to.

    I do not think that what you are attempting is supported, but I am curious that you mention you have found this to be supported.


    Jamie Miley
    Check out my about.me profile!
    http://mileyja.blogspot.com
    Linked-In Profile
    Follow Me on Twitter!
    Tuesday, August 16, 2011 2:37 PM
    Moderator
  • We had a case with MS Support that was about having ADFS on another server. That is also supported but not working outside the LAN. We also asked if it would be supported to publish "old school way" with https and NTLM and they said it would be.

    We are not using CRM 4.0, we are using CRM 2011 and then you have to use ADFS to do a complete IFD publication.

    Tuesday, August 16, 2011 2:43 PM
  • I suppose nothing is stopping you from buying an SSL certificate, configuring IIS for SSL and setting up an external DNS entry for HTTPS (port 443) to go to the CRM website.  I have never tried it this way, but if support is saying it might work, it might work.  If I get some time in the next couple days I might try to roll my own test certificate and give this a try.  You have me curious now.


    Jamie Miley
    Check out my about.me profile!
    http://mileyja.blogspot.com
    Linked-In Profile
    Follow Me on Twitter!

    Tuesday, August 16, 2011 2:46 PM
    Moderator
  • Did you get any feedback so far?

    I'm currently investigating since one week with MS support, currently no solution found..

     

    http://www.warum-crm.de/
    Monday, August 22, 2011 3:44 PM
  • We never got it to work externally with only NTLM so we had to go with first step of IFD (only ADFS logon) and also found a SPN that pointed to an old test account and caused problems with Outlook clients.

    Now everything works with ADFS published through TMG.

     

    Regards

    Joakim

    Friday, August 26, 2011 6:30 AM