Share
Report
5We used to have support on an old Dynamics On Prem CRM and we no longer have that support. Attempts to get support has been tricky because the solution was customized and their are fears upgrading will break the system. In the mean time, We have been delving into articles, blogs, knowledge bases and everything we can find to try and update this expiring certificate. All attempts have failed miserably.
None of us are very knowledgeable about CRM and it's inner workings. We relied heavily on the consultants/support team for the behind the scenes operations.
Hoping someone in the forum will at a minimum provide a little guidance or at least help us determine if we should be in a full panic or we can survive.
From what I can tell, there are two servers that appear to be communicating/syncing. Both utilizing ADFS, Dynamics and IIS. One of the servers has a beginning address of STS and appears to process authentication before transferring to CRM address on the second server.
Prior to cert expiring, like 30 days prior, we started to experience issues. Pool would stop and need to be started. Refresh thumbprint. I was able to keep it running up to now. So concerned about when the cert officially expires. These leads to the main question.
When the cert expires, will CRM fail OR will it just prompt users the site is unsecure but they can still use the site?
This will tell me if I am screwed or still have some time.
I am familiar with SSL's and IIS in general but the combination of ADFS and Dynamics is foreign to me. The articles I am reading make logic sense but I am not sure exactly why we have all these steps and how the interact. Also, how the servers interact. None of the articles I have found cover the two server concept. They all have been geared toward a single server.
Does anyone have a suggestion of sources similar to this two server solution?
How the certs work? Assume I need two CSRs. One for each server but how do they align between the servers or do they need to.
Do I need to do one server before another (order of operations)?
What we did up to this point:
I was able to finally get a cert and apply it to the Server running CRM. After much trial and error, it was loading and showing the correct cert. We noticed the STS site was displaying the old Cert and found that server. After it was rebooted, the authentication site (STS) stopped working. We tried tried applying the cert from the CRM server and failed as expected. Got a new cert and applied. The setup of this second server is not the same as the first. The ADFS and the Federate Meta is different. Whatever is driving the STS website is also different. So the steps we saw do not fully apply to this second server. We ended up rolling back both servers to snapshots and had to reboot them to get the site back up.
Any advice would be very appreciated.
All responses (
Answers (
