Remove From My Forums

Idiots Guide needed for CRM Setup

Question
0

Sign in to vote

I have been struggling for the last couple of weeks trying to set this up. I don't know how many threads I have read, that contradict each other, in what you can and cannot do, so I fall on the mercy of this forum for expert advice and guidance.

I have two virtual Windows 2012R2 servers with full service packs.

I have been trying to setup CRM2013 with IFD, and have failed time and time again. I have tried setting CRM on one server and ADFS on the other, but fell fowl of the Web Proxy. I have tried CRM and SDFS on the same server , but can never get it to work.

I now have two clean virtual Windows 2012R2 servers ....... both have internal and external IP addresses

Help!

Dont ask me .. i dont know

Monday, March 31, 2014 12:37 PM

Answers

0

Sign in to vote
Hi Pete,

I am sorry to hear about your experience during the set up of CRM. Were you know ableto successfully complete the set up? If not, let us know the current state and we work on suggestions moving forward.

Thank you for using Microsoft Dynamics CRM Communities and Forums.

Nina Peneva

Support Engineer

Microsoft Dynamics CRM
- Marked as answer by Pete Newman Tuesday, May 27, 2014 9:50 AM
Tuesday, April 8, 2014 4:49 PM

All replies

1

Sign in to vote

ADFS needs some configuration - it would be hard to write down every single step you need to take in order to make it work

Try this guide:

http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

Where exactly did you fall with this installation?

Monday, March 31, 2014 1:08 PM
0

Sign in to vote

Hi

When having the ADFS and CRM on the same server ADFS on 443 and CRM on a different port, I was getting an issue with configuring the relaying party trust. I used the federation meta data from the log generates when I configured the claims provider trust. The metadata resolved fine internally and externally. The relaying party trust, instead of just having a single identifier it had 7.

I have set up this before on crm2011 and it worked fine. I don't know if there is something different with Win2012 R2.When trying to use two servers, I kept getting problems with the Web proxy.

On both instances, I could go to a url and hppts://xxxx.xxx.xx and I was directed to the adfs signon page but it showed errors

I will try your suggestion this afternoon and come back, prob tomorrow

Dont ask me .. i dont know

Monday, March 31, 2014 1:38 PM
0

Sign in to vote

I have set up ADFS with CRM 2013 on server 2012 (not R2) in the same way as CRM 2011 and didn't have any issues

Don't know if something has changed in R2 though..

Monday, March 31, 2014 1:46 PM
1

Sign in to vote
CRM 2013 ADFS works basically the same as CRM 2011.
But ADFS 3.0 (which you have with Server 2012 R2) works a bit differently.
This thread might help you figure it out:
https://community.dynamics.com/crm/f/117/t/114317.aspx

This might also shed some light on the changes:
http://www.powerobjects.com/blog/2014/01/21/adfs-3-and-microsoft-dynamics-crm/

As an aside, I would always try to get CRM on port 443, to avoid users having to ever remember to type in a port number in the URL. If you have ADFS on the same box as CRM, then use port 444 or some other variation to avoid a conflict. If you really must have both CRM and ADFS on port 443 on the same server then you may want to look at this (written for CRM 2011, ADFS 2.0, so this might not apply to ADFS 3.0):
http://blog.crmguru.co.uk/2012/06/21/configure-crm-2011-and-adfs-2-0-on-a-single-server-on-port-443/

Hope this helps.
Adam Vero, Microsoft Certified Trainer | Microsoft Community Contributor 2011
UK CRM Guru Blog
- Edited by Adam Vero Monday, March 31, 2014 9:33 PM made URLs clickable
Monday, March 31, 2014 9:32 PM
0

Sign in to vote

Hi

Yet again I am just not grasping the whys and where for. I have read, tried and failed yet again. Surely there must be someone out there that has crm adfs and wap on windows 2012R2

Windows 2012R2

Server Name SERVER1

CRM Server (port 443)

Internal Address              0.0.0.1

External Address              11.22.33.44

Windows 2012R2

Server Name SERVER2

WAP Server

Internal Address              0.0.0.2

External Address              11.22.33.45

Windows 2012R2

Server Name SERVER3

ADFS Server

Internal Address              0.0.0.3

I have tried following so many different threads on how to set up CRM for IFD but just cannot get is to work.

CRM Server

Web Address set as CRMOperations.domin.com

I have set Claims Based Authentication with Federation metadata of

https://CRMadfs.domain.com/federationmetadata/2007-06/federationmetadata.xml which i can verify in IE

In the host file I have made an entry

0.0.0.3 CRMadfs.domain.com

From log file

Internal Federation Metadata URL: https://cmoperations.domain.com/FederationMetadata/2007-06/FederationMetadata.xml

WEB Proxy is connected to the ADFS Server and the operating status reports all is working.

I have set up the ADFS server and set the claims Provider Trust following these instructions

On the server running AD FS, start AD FS Management.

In the Navigation Pane, expand Trust Relationships, and then click Claims Provider Trusts.

Under Claims Provider Trusts, right-click Active Directory, and then click Edit Claims Rules.

In the Rules Editor, click Add Rule.

In the Claim rule template list, select the Send LDAP Attributes as Claims template, and then click Next

Create the following rule:

Claim rule name: UPN Claim Rule (or something descriptive)

Add the following mapping:

i. Attribute store: Active Directory

ii. LDAP Attribute: User Principal Name

iii. Outgoing Claim Type: UPN

Click Finish, and then click OK to close the Rules Editor.

When trying to add a Relaying Party Trust, I add the federation metadata from the log file,

https:// cmoperations.domain.com /FederationMetadata/2007-06/FederationMetadata.xml

but get the following error

can anyone make any sense of this?

Dont ask me .. i dont know

Tuesday, April 1, 2014 8:17 PM
0

Sign in to vote

Do you get a sensible result when you use a browser to view

https:// crmoperations.domain.com /FederationMetadata/2007-06/FederationMetadata.xml

?

(I am assuming the mistake of cmoperations instead of cRmoperations is only on this site, not in your configuration)

If the browser returns the correct response from CRM, then you could install Fiddler2 on the ADFS box to see what exactly is happening with that request for the federation metadata when you add the relying party trust - does it go to the correct server, does it get rejected with a useful error...

If the browser returns an error as well, then you could try reinstalling the URL rewrite component on IIS on the CRM server, in case there is an issue with that? (links to relevant articles in my blog post I linked earlier, such as this one: http://blogs.msdn.com/.../we-receive-http-errors-while-accessing-the-crm-federationmetadata-url.aspx )
Hope this helps.
Adam Vero, Microsoft Certified Trainer | Microsoft Community Contributor 2011
UK CRM Guru Blog

Tuesday, April 1, 2014 8:25 PM
0

Sign in to vote

HI,

Thanks for the help. I have got a little further. Having a few problems, but I think they are to do with the DNS. I'm calling it a night here and will pick I back up in the morning. I will post back up the results
Dont ask me .. i dont know

Tuesday, April 1, 2014 10:18 PM
0

Sign in to vote
Hi Pete,

I am sorry to hear about your experience during the set up of CRM. Were you know ableto successfully complete the set up? If not, let us know the current state and we work on suggestions moving forward.

Thank you for using Microsoft Dynamics CRM Communities and Forums.

Nina Peneva

Support Engineer

Microsoft Dynamics CRM
- Marked as answer by Pete Newman Tuesday, May 27, 2014 9:50 AM
Tuesday, April 8, 2014 4:49 PM

Answered by:

Idiots Guide needed for CRM Setup

Question

Answers

All replies