CRM 2016 and IFD with Multiple Organisations

(0) Share

Report

Posted on by Pierre Andre Joubert

175

I am trying and interesting configuration in my own test environment with IFD.

Normally you would configure your different environments on different implementations and sometimes in different domains... depending on budget.

But, I have an environment that is IFD enabled, which works brilliantly. Which is great, but I want another organisation within the same environment.

I have the following config:

Basic CRM configuration:

- CRM Application Server

- Two organisations: org1.domain.com and org2.domain.com

- Separate SQL server

IFD and claims based auth, with org1.domain.com fully working and been my original org works beautifully. No ADFS issues or any issues for that matter.

Enter "org2.domain.com" added it, cannot access it, only get a 404 error, all the DNS pointers are there, but neither HTTPS nor HTTP will work.

As a note, none of the configured URLs are the same as the org names, including the server name, so no conflicts there.

My question is this, has anyone attempted or even succeeded in having an Claims & IFD configuration with Multiple Organisations? If so, how?
I cannot seem to find any documentation on this. Any suggestions or assistance would help.

*This post is locked for comments

I have the same question (0)

All responses (15)

Answers (1)

Brad Sprigg 985 on at

Like (0)

Report

Hi Pierre

Yes this shouldn't be a problem, I have several environments which work like you are trying to set up. But you will need to make sure of the following.

- New organisation covered by the security certificate (is it a wildcard or named addresses?)

- External and internal DNS entries for the new URL

- Refresh the ADFS external party trust so it is aware of the new organisation

If I think of anything else I will let you know

Regards

Brad

Was this reply helpful? Yes No
Pierre Andre Joubert 175 on at

Like (0)

Report

Hi Brad,

Unfortunately I have checked all of the above.

The cert is a wildcard cert.

The DNS entries exist and resolve.

ADFS is updated and does actually respond.

This is the weird part, ADFS is responding and processes the authentication but just get the ever wonderful 404 error.

I agree, this should work but for some odd reason doesn't, not even on the server itself.

Regards

Pierre

Was this reply helpful? Yes No
Pierre Andre Joubert 175 on at

Like (0)

Report

Oh, just an addition to this...

Something I forgot, which makes it not quite a standard setup... I have a WAP server publishing the CRM and ADFS externally.

Was this reply helpful? Yes No
Pierre Andre Joubert 175 on at

Like (0)

Report

Any suggestions from anyone would be great.

As a note I have tried this: HTTP 404 error received in Microsoft Dynamics CRM 2013 when using an Active Directory Federation Services Web Application Proxy on Windows Server 2012 R2

It doesn't work :(

Was this reply helpful? Yes No
Inogic 709 on at

Like (0)

Report

As you said you have verified but could you please confirm following things

1.       Check DNS entries for auth, dev, external URLs and adfs URL.

2.       Update the federation metadata from ADFS

3.       Restart the ADFS service and IIS.

4.       Check by disabling Form Authentication in IIS! MSCRM - Sites - Authentication - Form authentication – Disabled.

Thanks,

Sam

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Your 'I have a WAP server publishing the CRM and ADFS externally' got my attention. Have you successfully logged in into the organization using plugin registration tool? I have similar setup like yours CRM and ADFS are working properly but when I login from PRT I get failed authentication message regardless of the user id.

Any help is appreciated.

Thanks!

Was this reply helpful? Yes No
Pierre Andre Joubert 175 on at

Like (0)

Report

[quote][/quote]

As you said you have verified but could you please confirm following things

1.       Check DNS entries for auth, dev, external URLs and adfs URL.

2.       Update the federation metadata from ADFS

3.       Restart the ADFS service and IIS.

4.       Check by disabling Form Authentication in IIS! MSCRM - Sites - Authentication - Form authentication – Disabled.

Thanks,

Sam

1.       Yep, all checked resolve correctly.

2.       Done, multiple times, even recreated, no solution.

3.       Rebooted all servers, including SQL box just for good measure.

4.       Yep, forms auth is disabled

Was this reply helpful? Yes No
Pierre Andre Joubert 175 on at

Like (0)

Report

[quote][/quote]

Your 'I have a WAP server publishing the CRM and ADFS externally' got my attention. Have you successfully logged in into the organization using plugin registration tool? I have similar setup like yours CRM and ADFS are working properly but when I login from PRT I get failed authentication message regardless of the user id.

Any help is appreciated.

Thanks!

The PRT does actually work externally, for my primary org anyway. The others still nothing, going to try reconfigure everything and see if I missed something I think.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Pierre,

Did you have to do something special to get PRT to connect to your org?

Thanks!

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Were you trying to access org2 externally? If yes,..

- Did you add entry for your org2.domain.com in WAP?

- Did you add org2 subdomain (CNAME) in your external DNS?

Was this reply helpful? Yes No