Single Server Internet Facing Deployment RRS feed

  • Question

  • Every guide and video and blog post I see about this assumes that you are using Microsoft DNS for both the internal and external DNS, but we are not. Then it either assumes that you’re using a separate server for ADFS and CRM (we are not) or that if you are, then you must run CRM on a port other than 443. Is there any way to use a single server, where you can use port 443 for both ADFS and CRM? Since IIS7 supports SSL host headers this doesn’t seem like it would be a problem, but CRM is also very picky about bindings and you can only have a single binding.


    I tried to give the default web site (where ADFS is) the HTTPS 443 binding with the host header of adfs.radiologyreadings.com. Then I gave the CRM web site the HTTPS binding to port 443 with no host header, so in theory it should serve all other HTTPS requests. When I try to retrieve the federation metadata XML file through the adfs.radiologyreadings.com domain it seems to work fine. But when I try to get to it through the internalcrm.radiologyreadings.com domain, it looks like it’s returning the exact same file, rather than the different file it should be serving. Curiously, I even stopped both sites, and stopped IIS altogether, and it still seems to serve up the file, until I stop the ADFS service. That’s even more confusing because it makes it seem like IIS isn’t even used for any part of ADFS, and it makes it very difficult to do testing.

    I am using Microsoft DNS for internal DNS with our .local domain, and I am using  DynDNS for our external DNS on radiologyreadings.com. My router can also be used to override individual DNS requests from inside the network, so I can do split DNS using that if need be. I was going to use that for the internalcrm.radiologyreadings.com address so that requests from inside went to the private IP.

    I hope this makes to someone..

    Tuesday, December 6, 2011 1:16 AM

All replies

  • Hi Brian,

    Its not possible to give port 443 for CRM and ADFS.

    Change port 444 to ADFS and 443 for CRM, try to configure ADFS again using FsConfigWizard from this location(C:\Program Files\Active Directory Federation Services 2.0).

    Now you can configure IFD as mentioned in the Implementation document.



    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    • Proposed as answer by Khaja Mohiddin Tuesday, December 6, 2011 8:44 AM
    Tuesday, December 6, 2011 8:44 AM