Asked by:
Dynamics CRM 2015 external access

Question
-
I have been digging through the various threads and forums yet am no closer to a solution. I need to access our Dynamics 2015 deployment from outside; it is fully functional inside. I have ADFS and IFD configured, I can access using the external URL from inside due to proper DNS; however I can't from outside.
Part of the issue may be from using .Local inside, and having to use .Com outside.
If some one has this working with different inside and outside domains I would love your feedback on what to look at.
The end goal here is to use tablets to connect to the CRM.
- Edited by Roxville Technology Friday, July 3, 2015 3:24 PM
Friday, July 3, 2015 3:23 PM
All replies
-
What happens when you try to access the external Url from outside ? Do all the domain names (for the Crm server and ADFS server) resolve correctly ? Any error messages ?
Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk
Friday, July 3, 2015 6:37 PMModerator -
You need something to relay your outside url to your inside IP when coming from outside, f.e. your outside DNS records need to point to some reverse proxy or something like that and that proxy has to relay to correct indoor IPs.
I don´t remember this 100% but it was something like this, lets say your domain name is on the outside "roxville.com" and on the inside "roxville.local" and your crm org is called "RoxTech", your crm is on "crm.roxville.local" and adfs is on "adfs.roxville.local".
Outside DNS needs to be something like this.
Outside address -> Points to inside address
sts.roxville.com -> adfs.roxville.local
crm.roxville.com -> crm.roxville.local
auth.roxville.com -> crm.roxville.local
roxtech.roxville.com -> crm.roxville.local
dev.roxville.com -> crm.roxville.localGo here and read the DNS configuration part.
Hope this points you in the right direction.
Halldór Jóhannsson
- Edited by Halldor Bjorgvin Johannsson Monday, July 6, 2015 1:40 PM
Monday, July 6, 2015 1:34 PM -
Simply states trying to get to ADFS.
Byron
- Edited by Byron_W Friday, July 10, 2015 2:33 PM
Wednesday, July 8, 2015 7:43 PM -
I've been on that site, will review again and see if I've missed something. Thanks
Byron
Friday, July 10, 2015 2:34 PM -
Alright, looks like I have this working. First let me say that using a WILDCARD cert is a must in my opinion. I had to make this work with two so we could demo it for a client so the issue was with the naming...all DNS is correct, CBA and IFD are working. While the link above was useful, I found the following document from Microsoft helped fix this:
Configuring Claims-based Authentication for Microsoft Dynamics CRM Server (June 2015).
Thanks for the help, it got me going in the right direction!
Byron
- Proposed as answer by Byron_W Thursday, July 16, 2015 3:36 PM
Thursday, July 16, 2015 3:36 PM -
Final step to get tablets working
Enable forms authentication
By
default, forms authentication is disabled in the intranet zone. You must enable
forms authentication by following these steps.
-
Log
on to the AD FS server as an administrator. -
Open
the ADFS management wizard. -
Click Authentication Policies > Primary
Authentication > Global Settings > Authentication
Methods > Edit. -
Click
(check) Form Based Authentication on the Intranet tab.
Follow
these steps to configure the OAuth provider in Microsoft Dynamics CRM.
-
Log
on to the Microsoft Dynamics CRM server as an administrator. -
In
a Windows PowerShell console window, run the following script.$ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings $ClaimsSettings.Enabled = $true Set-CrmSetting -Setting $ClaimsSettings
The
client apps for the Apple iPad, Windows 8 tablets and phone, and Outlook must be
registered with AD FS.https://msdn.microsoft.com/en-us/library/hh699726.aspx#BKMK_WS2012R2
-
Log
on to the AD FS server as administrator. -
In
a PowerShell window, execute the following command to register the mobile
apps.Add-AdfsClient -ClientId ce9f9f18-dd0c-473e-b9b2-47812435e20d -Name "Microsoft Dynamics CRM for tablets and phones" -RedirectUri ms-app://s-1-15-2-2572088110-3042588940-2540752943-3284303419-1153817965-2476348055-1136196650/, ms-app://s-1-15-2-1485522525-4007745683-1678507804-3543888355-3439506781-4236676907-2823480090/, ms-app://s-1-15-2-3781685839-595683736-4186486933-3776895550-3781372410-1732083807-672102751/, urn:ietf:wg:oauth:2.0:oob
-
To
register the Outlook client, enter the following command.Add-AdfsClient -ClientId 2f29638c-34d4-4cf2-a16a-7caf612cee15 -Name "Dynamics CRM Outlook Client" -RedirectUri app://6BC88131-F2F5-4C86-90E1-3B710C5E308C/
Byron
- Proposed as answer by Byron_W Friday, July 24, 2015 2:19 PM
Friday, July 24, 2015 2:19 PM -