SSL reverse proxy with TMG - it works without IFD

(0) Share

Report

Posted on by José António Silva

My experience:

Setup CRM2011 normally, port 5555
Setup a wildcard SSL in TMG (Edge server)
Setup web publishing rule in TMG from https://crm.company.com to crmserver:5555

It works, but an HTTP request recorded in Fiddler shows that some javascripts call http://crm.company.com:443 or in the case of a help call, it's pointing to the internal crmserver:555

Using powershell, change ServerUrl, https, and discoveryURL to point to crm.company.com (without https:// !!!) and changing the other parameter to "https"

Result:

It's working, it's SLOW, but it works. Trying to figure out why NTLM and/or Kerberos are re-authenticating on each request. In a simple page change, I'm getting 19x 401 for only 13x 200 requests.

Is this the reason why IFD mandates claims-based auth?

*This post is locked for comments

I have the same question (0)