locked
CRM on Windows 2008 with Single certificate and Multi tenancy RRS feed

  • Question

  • Hi All,

    I have a question regarding the deployment of CRM with a single certificate.

    This is what I have :
    2 x Windows 2008-NLB CRM with all services except Deployment Service
    1 x Windows 2008 CRM with Deployment Service
    2 x Windows 2008 SSRS-2005 SP2
    1 x SQL 2005 cluster SP2

    Now I thought it would be possible to host CRM in such a way that customers connect to https://crm.myservices.nl/customer01

    How can I arrange this ? It seems that all documentation is about hosting CRM like https://customer01.crm.myservices.nl

    The second option means a wild casrd cert and I have bad experiences with wild card certs and Windows Mobile 5.
    Is the first option supported and if yes, where and how can you configure this ?

    BR,

    Ronald
    Tuesday, April 14, 2009 3:01 PM

Answers



  • With Multitenancy you will be able to do this,but IFD if used will grab to orgname.domain and port.With crm 3 is was possible.
    maybe look at creating a wildcard certificate and using maybe your Firewall port settings or dns to route the customers. I have not been able to find around this of IFD when cofiguring to grab the org name as part of the certificate.

     


    Tiaan van Niekerk http://crmdelacreme.blogspot.com Skype:tiaan.van.niekerk1
    • Marked as answer by Jim Glass Jr Tuesday, April 14, 2009 6:04 PM
    Tuesday, April 14, 2009 4:05 PM

All replies



  • With Multitenancy you will be able to do this,but IFD if used will grab to orgname.domain and port.With crm 3 is was possible.
    maybe look at creating a wildcard certificate and using maybe your Firewall port settings or dns to route the customers. I have not been able to find around this of IFD when cofiguring to grab the org name as part of the certificate.

     


    Tiaan van Niekerk http://crmdelacreme.blogspot.com Skype:tiaan.van.niekerk1
    • Marked as answer by Jim Glass Jr Tuesday, April 14, 2009 6:04 PM
    Tuesday, April 14, 2009 4:05 PM
  • Hi Tiaan,

    Thanks for your reply.

    Is it not common practise to not use a wildcard but work with sub dirs ? Will I run into other (unsupported) issues or too much customizations ? I can always advice my customers to move to WM6 (or blackberry =)

    I can route all traffic to the same host, but how does the host determine which org is addressed ? This can only be determined by the URL and user combination in my opinion. So if you use https://customer01.myservice.nl, do you then need host headers orso ? Does IIS work that way with CRM ?

    If you use NLB, how do you configure the SPN ? Suppose my cluster is called internally CRMNLB.myservice.local, but since I use split DNS/hosts files, this cluster is also reachable internally as CRMNLB.myservice.nl. What shoud I configure as ADsdkRootDomain etc. ? Somehow I do not see the logic (yet).

    BR,
    Ronald

    Tuesday, April 14, 2009 7:37 PM
  • NB: Forgot to mention, I use ISA to publish the CRMService, but as a simple rule, with no authentication delegation and so on of course.
    Tuesday, April 14, 2009 7:38 PM
  • HI If you are configuring IFD in an environment where an ISA Server 2006 is being used please refer to this blog post for more information. http://blogs.technet.com/isablog/archive/2008/07/23/publishing-microsoft-crm-4-0-through-isa-server-2006.aspx IFD Deployment Scenarios http://www.microsoft.com/downloads/details.aspx?FamilyID=3861e56d-b5ed-4f7f-b2fd-5a53bc71dafc&displaylang=en Microsoft Dynamics CRM 4.0: Planning and Deployment Guidance for Service Providers http://www.microsoft.com/downloads/details.aspx?familyid=6E211231-30FE-4DF2-9B81-15CFB87ADCF1&displaylang=en As you are having more than one org I think the document above on Service Providers will be very helpfull!
    Tiaan van Niekerk http://crmdelacreme.blogspot.com Skype:tiaan.van.niekerk1
    Wednesday, April 15, 2009 4:10 AM
  • Hi Tiaan,

    Got it all working now, except for one thing. So I have currently :
    Platform : 2 x NLB Windows 2008 CRM services except Deployment Service, 1 x Deployment service, 2 x NLB SQL 2005 reporting services, SQL 2005 MSCS based CRM databases, ISA 2006 is used for publishing.
    So now I can connect with IE externally to <customer01>.myservices.nl
    I also have the CRM plugin with Outlook 2003 externally working (with RPC over HTTP, same as Outlook Anywhere, but on Outlook 2003), we run Exchange 2007 SP1.
    I use a wildcard cert to publish externally and I also use SSL internally with the same cert.

    So users go internally to customer01.myservices.nl as well. With IE, no problem at all.
    But in Outlook 2007 running on a terminal server in the same domain I cannot get the Outlook plugin to work.
    When I fill in https://customer01.myservices.nl in the configuration wizard (I chose online provider) I keep getting this error : "The request failed with HTTP status 401 : Unauthorized" , this is immideately followed by "Mandatory Updates for Microsoft Dynamics CRM could not be applied successfully. Try running the application again.".

    Any ideas where this goes wrong ?

    Do you need more info ?

    Spend already 4 complete days on this with no single success.

    BR,

    Ronald

    Friday, May 1, 2009 12:45 PM