You’re offline. This is a read only version of the page.
I have the following set up on CRM 2013
| Server | URLs |
| CRM |
crm.<domain.com> dev.<domain.com> auth.<domain.com> |
| AD | adfs.<domain.com> |
internal DNS is set up to resolve the external domain internally (forward lookup zone) and allows access via crm client internally and web internally.
Externally I can access CRM without issue through the web browser over https, however when I try to configure the crm outlook client for external users (i.e. non domain computers) I get a failure. Inspecting the log file I can see an authentication failure on https://crm.<domain.com>/XRMServices/2011/discovery.svc
I tried allowing unauthenticated access to the XRMServices folder through IIS but then discovered an Authentication Required error in the log file.
I assume the issue is with accessing the components with a non-domain user account initially as computers that are members of the domain work fine.
Is there any way to resolve this issue?
CRM configuration log
==============================================================
08:36:52| Info| Configuration file Type : OnPremise.
08:36:52|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.ConfigInfo
08:36:52|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetAllCRMOrgsInOutlookProfile
08:36:52| Info| Logon mapi store
08:36:52| Info| Logon admin service
08:36:52|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetServiceIds
08:36:52| Info| Query all rows in msg service table
08:36:52|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.OutlookCRMDatastoreInstaller.GetServiceIds
08:36:52|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.CleanUpDatastoreIfNeeded
08:36:52|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.CleanUpDatastoreIfNeeded
08:36:52|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ConfigInfo.ConfigInfo
08:36:52|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.ServerForm
08:36:52|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.ServerForm
08:36:53|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.SetUIData
08:36:53|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadAvailableUrls
08:36:53|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadAvailableUrls
08:36:53|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.SetUIData
08:42:56|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm._okButton_Click
08:42:56|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm._okButton_Click
08:42:56|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.RunEnvironmentDiagnostics
08:42:56|Verbose| Method entry: Microsoft.Crm.Application.Outlook.ConfigDiagnostics.DiagnosticEngine.Run(Environment)
08:42:57|Verbose| Method entry: Microsoft.Crm.Application.Outlook.ConfigDiagnostics.LocalTimeDiagnostic.ExecuteInternal
08:42:57| Info| Current UTC date/time from windows time server on the internet: 11/15/2016 08:42:58
08:42:57| Info| Client UTC Date/Time: 11/15/2016 08:42:57
08:42:57| Info| Difference (in minutes) between client time and actual time: 0.007356165
08:42:57|Verbose| Method exit: Microsoft.Crm.Application.Outlook.ConfigDiagnostics.LocalTimeDiagnostic.ExecuteInternal
08:42:57|Verbose| Method exit: Microsoft.Crm.Application.Outlook.ConfigDiagnostics.DiagnosticEngine.Run(Environment)
08:42:57|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.RunEnvironmentDiagnostics
08:43:16| Error| Error connecting to URL: https://crm.<domain.com>/XRMServices/2011/Discovery.svc Exception: Microsoft.Crm.CrmException: Authentication failed
at Microsoft.Crm.Outlook.ClientAuth.ClaimsBasedAuthProvider`1.AuthenticateHomeRealm()
at Microsoft.Crm.Outlook.ClientAuth.ClaimsBasedAuthProvider`1.SignIn()
at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvidersFactory`1.SignIn(Uri endPoint, Credential credentials, AuthUIMode uiMode, IClientOrganizationContext context, Form parentWindow, Boolean retryOnError)
at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow, Credential credentials)
at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.InternalLoadOrganizations(OrganizationDetailCollection orgs, AuthUIMode uiMode, Form parentWindow)
08:43:16| Error| Dynamic Help Link: http://go.microsoft.com/fwlink/?LinkID=398563&lcid=409&cv=6.0.0.302&opsys=10.0.14393.0&client=Outlook&error=Microsoft.Crm.CrmException%3a80044311
08:43:32| Error| Error connecting to URL: https://crm.<domain.com>/XRMServices/2011/Discovery.svc Exception: Microsoft.Crm.CrmException: Authentication failed
at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvidersFactory`1.RetrieveUserCredentialsAndSignIn(Uri endPoint, Credential credentials, Form parentWindow, Boolean retryOnError, IClientOrganizationContext context)
at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvidersFactory`1.SignIn(Uri endPoint, Credential credentials, AuthUIMode uiMode, IClientOrganizationContext context, Form parentWindow, Boolean retryOnError)
at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow, Credential credentials)
at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.InternalLoadOrganizations(OrganizationDetailCollection orgs, AuthUIMode uiMode, Form parentWindow)
08:43:32| Error| Dynamic Help Link: http://go.microsoft.com/fwlink/?LinkID=398563&lcid=409&cv=6.0.0.302&opsys=10.0.14393.0&client=Outlook&error=Microsoft.Crm.CrmException%3a80044311
*This post is locked for comments
Hmm, I used the information in this document, www.microsoft.com/.../confirmation.aspx
With regard to CNAMES, it is possible that it will work for some of the records required but I have found it simpler to use an A record for everything. For some records, an A record is definitely required.
Even so, this might not be the problem that you are experiencing.
They are CNAMES as thats what the MS documentation said they should be, I will change the internal ones to A Records.
The setup steps for relying party claims are as per this site blogs.msdn.microsoft.com/.../step-by-step-configuring-crm-2013-internet-facing-deployment-ifd if they should be different please feel free to point me to the correct whitepaper.
Thanks for the question. Firstly there is no need to change and you should not change permissions in the XRMServices or any other folder.
Firstly, is this still an issue?
If so, some preliminary questions. 1) Are all your external DNS entries A records? I've found that using CNAME records doesn't work.
2) Did you set up all three relying party trust claims rules as per the Microsoft whitepaper for both internal and external claims?
This certainly should work for non-domain computers.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,240
Super User 2024 Season 2
#2
Martin Dráb
230,149
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (