Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / HTTPS without IFD?
Microsoft Dynamics CRM (Archived)

HTTPS without IFD?

(0) ShareShare
ReportReport
Posted on by Ragnar Hilmarsson 3,427

We have an issue on our CRM 2015 test environment where CRM client for Outlook does not connect successfully when pointed to the CRM application for configuration.

 

CRM Application: CRM 2015 on-premise

 Servers:

  • 1 x Load balancer on HTTPS (hardware)

  • 2x front-end CRM servers on HTTPS binding port 443 (Windows Server 2012 R2)

  • 1 x back-end CRM server (Windows Server 2012 R2)

  • 1 x SQL Server (Microsoft SQL Server 2012 R2)

    System URL: https://crmstaging.domain.com

Organization Name: crmtest

Testing user: Exists in the crmtest organization and has System Administrator role.

 

Outlook client: Microsoft Office Outlook 2013 with CRM 2015 for Outlook client installed.

Internet Explorer: Version 10. System URL in Local Intranet sites with Automatic Logon turned on.

 

Behaviour:

  • Connecting from browser to https://crmstaging.domain.com is successful and no login prompt window is displayed to the user (automatic logon with Windows user credentials).

  • Configuring Outlook client by pointing to https://crmstaging.domain.com fails with the error:
    10:08:11|   Info| Attempting IFD org service connection.
    10:08:25|   Info| Error connecting to URL: {0} Exception: {1}| https://crmstaging.domain.com/XRMServices/2011/Organization.svc, System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.

    Configuring Outlook client by pointing to https://crmstaging.domain.com/crmtest/XRMServices/2011/Organization.svc is successful and Outlook client is configured to the CRM organization.

 

The setup of HTTPS without ADFS is based on the following guidelines from Microsoft for CRM 2015 („Configuring CRM for HTTPS“):

https://technet.microsoft.com/en-us/library/hh699726.aspx#BKMK_MakeMicrosoft

so my question: Is it possible to have HTTPS without IFD and claims authentication?

*This post is locked for comments

  • Ritesh Mondal Profile Picture
    Ritesh Mondal 45 on at
    RE: HTTPS without IFD?

    Hi Ragnar,

    I have a similar situation here. Would like to know that while configuring IFD, do we need to make the CRM servers available over the Internet? It is mandatory to make servers available over the internet if I know all of my users will use CRM application from within network only.

    Thanks,

    Ritesh

  • Verified answer
    Ragnar Hilmarsson Profile Picture
    Ragnar Hilmarsson 3,427 on at
    RE: HTTPS without IFD?

    HI

    No Microsft didn't wound work-around for this issue, so we just ended up with IFD deployment.

  • Dean - LVP Profile Picture
    Dean - LVP 215 on at
    RE: HTTPS without IFD?

    Hi, Ragnar, did you ever get a response from Microsoft about this issue?  While we have a work-around for configuring Outlook in a non-IFD HTTPS deployment, this is clearly different behavior in 2015.  I'm interested to hear what MS says about it.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: HTTPS without IFD?

    Hello,

    if all clients are in the same Windows Domain or in a trusted Windows Domain, you do not need a IFD scenario. This is a fact in my case. I found a workaround for my problem. I configure the Client with the full-qualified organization URL, for example https://crmserver.domain.com/organization instead of the server web address.

    Kind Regards,

    Karin Reuter

  • Suggested answer
    Karth Profile Picture
    Karth on at
    RE: HTTPS without IFD?

    You need IFD to be able to connect to CRM Outlook client. IFD Deployment is the only option to securely publish full access to the CRM application, including the discovery service, which is used by the Outlook client.

    Refer to blog.customereffective.com/.../do-i-need-ifd-in-my-microsoft-crm-environment.html

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: HTTPS without IFD?

    Hello,

    I  have the same issue than you with https, no IFD and with a hardware load balancer (nearly same configuration). If you have a solution for this, it would be helpful for me.

    Kind Regards K. Reuter

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: HTTPS without IFD?

    Hi

    Is there any update on this one? I am not able to configure outlook with CRM 2015. We have CRM 2015 on-premise running with http. I think the issue is that outlook is looking for https instead of http.

    Attempting IFD org service connection.
    16:29:40| Info| Non-https scheme found, trying with https scheme.
    16:29:40| Info| Error connecting to URL: {0} Exception: {1}|

  • Ragnar Hilmarsson Profile Picture
    Ragnar Hilmarsson 3,427 on at
    RE: HTTPS without IFD?

    Hi Bruno
    In fiddler i get http://server.domain.com :443 , only one line.
    We have already contact Microsoft support.
    And i have also recreated this issue on test environment.
    I will keep you updated if Microsoft wil resolve this for us next week.

  • Suggested answer
    Bruno Lucas Profile Picture
    Bruno Lucas 5,421 on at
    RE: HTTPS without IFD?

    It could be the wizard is looking at the HTTPS and considering looking for an ADFS endpoint. I have something similar and I tried to run Fiddler.

    I noticed the first check is on the url rewritten like this:

    if you enter:

    https://www.yoururl.com

    the wizard first runs this:

    http://www.yoururl.com:443

    When I try to run "http://www.yoururl.com:443" on the browser, it doesn't work

    So, a suggestion is to check what fiddler is pointing and try to look for ADFS urls or if it is actually something else stuck. Could maybe be a firewall or IIS need something.

    If you see any ADFS url than this  could be a case for Microsoft

  • Ragnar Hilmarsson Profile Picture
    Ragnar Hilmarsson 3,427 on at
    RE: HTTPS without IFD?

    Hi Adam

    I have try your suggestion but i still have the same error in outlook.

    i don't have http bindings and the spn are pointing to the url of CRM

    http/crm2015.domain.local

    I have opened a case with microsoft support about this issue

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,253 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,188 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans