locked
Dynamics CRM 2015 external access RRS feed

  • Question

  • I have been digging through the various threads and forums yet am no closer to a solution. I need to access our Dynamics 2015 deployment from outside; it is fully functional inside. I have ADFS and IFD configured, I can access using the external URL from inside due to proper DNS; however I can't from outside.

    Part of the issue may be from using .Local inside, and having to use .Com outside.

    If some one has this working with different inside and outside domains I would love your feedback on what to look at.

    The end goal here is to use tablets to connect to the CRM.

    Friday, July 3, 2015 3:23 PM

All replies

  • What happens when you try to access the external Url from outside ? Do all the domain names (for the Crm server and ADFS server) resolve correctly ? Any error messages ?

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Friday, July 3, 2015 6:37 PM
    Moderator
  • You need something to relay your outside url to your inside IP when coming from outside, f.e. your outside DNS records need to point to some reverse proxy or something like that and that proxy has to relay to correct indoor IPs.

    I don´t remember this 100% but it was something like this, lets say your domain name is on the outside "roxville.com" and on the inside "roxville.local" and your crm org is called "RoxTech", your crm is on "crm.roxville.local" and adfs is on "adfs.roxville.local".

    Outside DNS needs to be something like this.

    Outside address -> Points to inside address
    sts.roxville.com -> adfs.roxville.local
    crm.roxville.com -> crm.roxville.local
    auth.roxville.com -> crm.roxville.local
    roxtech.roxville.com -> crm.roxville.local
    dev.roxville.com -> crm.roxville.local

    Go here and read the DNS configuration part.

    http://www.interactivewebs.com/blog/index.php/crm/how-to-set-up-crm-2015-ifd-on-windows-2012-and-adfs-3-0/

    Hope this points you in the right direction.


    Halldór Jóhannsson

    Monday, July 6, 2015 1:34 PM
  • Simply states trying to get to ADFS.

    Byron


    • Edited by Byron_W Friday, July 10, 2015 2:33 PM
    Wednesday, July 8, 2015 7:43 PM
  • I've been on that site, will review again and see if I've missed something.  Thanks

    Byron

    Friday, July 10, 2015 2:34 PM
  • Alright, looks like I have this working. First let me say that using a WILDCARD cert is a must in my opinion. I had to make this work with two so we could demo it for a client so the issue was with the naming...all DNS is correct, CBA and IFD are working.  While the link above was useful, I found the following document from Microsoft helped fix this:

    Configuring Claims-based Authentication for Microsoft Dynamics CRM Server (June 2015).

    Thanks for the help, it got me going in the right direction!


    Byron

    • Proposed as answer by Byron_W Thursday, July 16, 2015 3:36 PM
    Thursday, July 16, 2015 3:36 PM
  • Final step to get tablets working

    Enable forms authentication

    By
    default, forms authentication is disabled in the intranet zone. You must enable
    forms authentication by following these steps.


    1. Log
      on to the AD FS server as an administrator.

    2. Open
      the ADFS management wizard.

    3. Click Authentication Policies > Primary
      Authentication
       > Global Settings > Authentication
      Methods
       > Edit.

    4. Click
      (check) Form Based Authentication on the Intranet tab.

    Follow
    these steps to configure the OAuth provider in Microsoft Dynamics CRM.


    1. Log
      on to the Microsoft Dynamics CRM server as an administrator.

    2. In
      a Windows PowerShell console window, run the following script.

      $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
      $ClaimsSettings.Enabled = $true
      Set-CrmSetting -Setting $ClaimsSettings
      
      

    The
    client apps for the Apple iPad, Windows 8 tablets and phone, and Outlook must be
    registered with AD FS.


    1. Log
      on to the AD FS server as administrator.

    2. In
      a PowerShell window, execute the following command to register the mobile
      apps.

      Add-AdfsClient -ClientId ce9f9f18-dd0c-473e-b9b2-47812435e20d -Name
      "Microsoft Dynamics CRM for tablets and
      phones" -RedirectUri ms-app://s-1-15-2-2572088110-3042588940-2540752943-3284303419-1153817965-2476348055-1136196650/, ms-app://s-1-15-2-1485522525-4007745683-1678507804-3543888355-3439506781-4236676907-2823480090/, ms-app://s-1-15-2-3781685839-595683736-4186486933-3776895550-3781372410-1732083807-672102751/,
      urn:ietf:wg:oauth:2.0:oob
      
    3. To
      register the Outlook client, enter the following command.

      Add-AdfsClient -ClientId  2f29638c-34d4-4cf2-a16a-7caf612cee15  -Name
      "Dynamics CRM Outlook Client" -RedirectUri
      app://6BC88131-F2F5-4C86-90E1-3B710C5E308C/
      
    https://msdn.microsoft.com/en-us/library/hh699726.aspx#BKMK_WS2012R2


    Byron

    • Proposed as answer by Byron_W Friday, July 24, 2015 2:19 PM
    Friday, July 24, 2015 2:19 PM