CRM 2011 Outlook Connector and IIS Authentication RRS feed

  • Question

  • We migrated from CRM 4 to CRM 2011 this winter and it seems to work perfectly inhouse on our LAN, but our sales reps wanted to be able to access CRM from outside the office.

    We are a very small company with no real IT person. I added a public IP address to the CRM Server, added an SSL certificate to the IIS server, and added a DNS entry matching the certificate pointing to the public IP.  I adjusted the firewall to only allow incoming to the public IP from certain IP addresses for now, and added the WAN IP from several of the sales people's homes.

    In initial testing I found that when connecting with IE using from home it prompts for logon information, and from elsewhere nothing happens, so I think the firewall is keeping CRM safe for now.  I finally figured out that when logging on I had to type the windows domain backslash user name, and then the password to actually get in.  The web interface seems to perform well and just as internally though a bit slower.

    Then when sales people started using it, we quickly found out that emails with customers aren't tracked when using the web interface.  Next tried taking a laptop home and using Outlook as in the office.  CRM Outlook Connector was disabled because it couldn't connect ... it is configured for the work LAN address.  I thought it would be simple to just use the Configuration Wizard to remove the connection and add it again using the new external address, but it fails to connect.  Tried the web interface and was also prompted for logon just as from a home computer.  I'd hoped that it being a domain member machine and logged on it as usual it would work like in the office and just go in, but I guess it is because it is logging on with cached credentials, and it can't talk with the domain controller to properly do integrated security.

    In office CRM Outlook connects to http://crm2011:5555 and works, out of office trying to connect to <a href="https://crm2011..com">https://crm2011.<company>.com does not work.  Judging from the "details" in the CRM Outlook Connection Wizard's Test Connection button, it is failing authentication trying to call Discovery.svc service ... probably because it can't prompt for the user's credentials.  The actual error is like "SOAP security negotiation with 'https://crm2011.<company>.com/XRMServices/2011/Discovery.svc' for target '<same>' failed. See inner exception for more details."

    Does anyone know an easy way around this?

    Friday, February 22, 2013 5:50 PM


All replies