Answered by:
CRM 2011 Outlook Connector and IIS Authentication

Question
-
We migrated from CRM 4 to CRM 2011 this winter and it seems to work perfectly inhouse on our LAN, but our sales reps wanted to be able to access CRM from outside the office.
We are a very small company with no real IT person. I added a public IP address to the CRM Server, added an SSL certificate to the IIS server, and added a DNS entry matching the certificate pointing to the public IP. I adjusted the firewall to only allow incoming to the public IP from certain IP addresses for now, and added the WAN IP from several of the sales people's homes.
In initial testing I found that when connecting with IE using from home it prompts for logon information, and from elsewhere nothing happens, so I think the firewall is keeping CRM safe for now. I finally figured out that when logging on I had to type the windows domain backslash user name, and then the password to actually get in. The web interface seems to perform well and just as internally though a bit slower.
Then when sales people started using it, we quickly found out that emails with customers aren't tracked when using the web interface. Next tried taking a laptop home and using Outlook as in the office. CRM Outlook Connector was disabled because it couldn't connect ... it is configured for the work LAN address. I thought it would be simple to just use the Configuration Wizard to remove the connection and add it again using the new external address, but it fails to connect. Tried the web interface and was also prompted for logon just as from a home computer. I'd hoped that it being a domain member machine and logged on it as usual it would work like in the office and just go in, but I guess it is because it is logging on with cached credentials, and it can't talk with the domain controller to properly do integrated security.
In office CRM Outlook connects to http://crm2011:5555 and works, out of office trying to connect to <a href="https://crm2011..com">https://crm2011.<company>.com does not work. Judging from the "details" in the CRM Outlook Connection Wizard's Test Connection button, it is failing authentication trying to call Discovery.svc service ... probably because it can't prompt for the user's credentials. The actual error is like "SOAP security negotiation with 'https://crm2011.<company>.com/XRMServices/2011/Discovery.svc' for target '<same>' failed. See inner exception for more details."
Does anyone know an easy way around this?
Friday, February 22, 2013 5:50 PM
Answers
-
Ideally you should set up an Internet Facing Deployment if you want to access CRM from outside your organization.
Configure the Microsoft Dynamics CRM Server 2011 for IFD
Microsoft CRM 2011 How to Configure IFD Hosted Setup
Jason Lattimer
My Blog - Follow me on Twitter - LinkedIn- Proposed as answer by Neil BensonMVP, Moderator Friday, February 22, 2013 6:56 PM
- Marked as answer by JLattimerMVP, Moderator Saturday, March 16, 2013 4:52 AM
Friday, February 22, 2013 6:16 PMModerator -
Microsoft Dynamics CRM Online is often an easier deployment option for very small companies with no real IT person. With CRM Online, Microsoft takes care of provisioning, security, administration, backups, tuning and upgrades.
If you want to continue with a CRM 2011 on-premises deployment, you'll need to take care of all of this yourself. The first step is to deploy CRM in an internet facing deployment, using the resources Jason has pointed you to.
Neil Benson, CRM Addict and MVP at Slalom Consulting. Find me on Twitter. Join over 20,000 other CRM professionals on the Microsoft Dynamics CRM group on LinkedIn.
- Proposed as answer by JLattimerMVP, Moderator Friday, February 22, 2013 7:20 PM
- Marked as answer by JLattimerMVP, Moderator Saturday, March 16, 2013 4:52 AM
Friday, February 22, 2013 6:58 PMModerator
All replies
-
Ideally you should set up an Internet Facing Deployment if you want to access CRM from outside your organization.
Configure the Microsoft Dynamics CRM Server 2011 for IFD
Microsoft CRM 2011 How to Configure IFD Hosted Setup
Jason Lattimer
My Blog - Follow me on Twitter - LinkedIn- Proposed as answer by Neil BensonMVP, Moderator Friday, February 22, 2013 6:56 PM
- Marked as answer by JLattimerMVP, Moderator Saturday, March 16, 2013 4:52 AM
Friday, February 22, 2013 6:16 PMModerator -
Microsoft Dynamics CRM Online is often an easier deployment option for very small companies with no real IT person. With CRM Online, Microsoft takes care of provisioning, security, administration, backups, tuning and upgrades.
If you want to continue with a CRM 2011 on-premises deployment, you'll need to take care of all of this yourself. The first step is to deploy CRM in an internet facing deployment, using the resources Jason has pointed you to.
Neil Benson, CRM Addict and MVP at Slalom Consulting. Find me on Twitter. Join over 20,000 other CRM professionals on the Microsoft Dynamics CRM group on LinkedIn.
- Proposed as answer by JLattimerMVP, Moderator Friday, February 22, 2013 7:20 PM
- Marked as answer by JLattimerMVP, Moderator Saturday, March 16, 2013 4:52 AM
Friday, February 22, 2013 6:58 PMModerator