Try Microsoft Edge
A fast and secure browser that's designed for Windows 10
I have just spent several days working through getting Claims Based Authentication and Internet Facing Deployment working on my CRM 2011 system. It was a bumpy road and I thought that I might help smooth the road a bit for others by posting a few tips from the lessons I learned in the process. This is not a set of instructions for doing so, those can be found in the CRM 2011 Implementation Guide and specifically in the accompanying Word document “Microsoft Dynamics CRM 2011 and Claims Based Authentication.doc”. All can be downloaded from here.
You will need several DNS entries pointing to your server, assuming CRM and ADFS are on the same server. If not, you will still need several pointing to ADFS and CRM. These are external names pointing to your internal addresses. For instance You’ll need one for crm.mycompany.com with an address of 192.168.1.5 and another for sts1.mycompany.com with an address of 192.168.1.5. If you are running SBS, your internal domain name is likely mycompany.local so you will need to create a new zone in DNS for mycompany.com. You also probably also have an separate zone for remote.mycompany.com pointing to your SBS server. Be sure your external DNS points appropriately as well. In my case everything goes to my one public IP and the router sorts it out.
Before you get too far in trying to make things work, especially from a browser on another computer, such as your workstation, be sure to open the firewall on the ADFS server for your SSL port. Hopefully you’ve already done so for your CRM port.
When you run CRM with Claims Based Authentication, you will find that it will periodically log you off! Even while you are in the middle of updating a record! Especially if you have configured IFD! This is not fun. The default timeout is 60 minutes but it will start messing with you after just 20 minutes. You can extend this time out period by following these instructions and using PowerShell.
This is by no means an exhaustive list but I think I could have saved myself a lot of time if I’d only written this before I started trying to configure IFD on my system. I hope it helps you. Be sure to also check out my article on how to reconfigure your Outlook client to use the newly configured IFD.