Dynamics CRM 2016 On-premise : Internal client access URLs

(0) Share

Report

Posted on by MittalPatel

I am working on Microsoft Dynamics CRM 2016 on-premise environment with multiple organizations on the same instance.

There are 2 Organizations created.
1. Organization1
2. Organization2

1. External Access - All the organizations are configured for IFD, and both the external urls are working fine.

2. Internal Access -
For internal client access, I want to setup below URLs to access both the organizations.

https://Organization1.<installedCRM>.<Domain>.in/ --> Working fine
https://Organization2.<installedCRM>.<Domain>.in/ --> Not working because it is redirecting to Organization1 URL.

When I access https://Organization1.<installedCRM>.<Domain>.in/Organization2 --> Working fine.

What I will have to do so that internal users can access both the Organizations in the same manner?

Thank you,

*This post is locked for comments

I have the same question (0)

All responses (8)

Answers (2)

Suggested answer

Wouter Madou 3,392 on at

Like (1)

Report

- Add the org2 internal url to your DNS (a record pointing to crm front end server)

- Verify your certificates so the org2 url is covered (wildcard is the easiest option here of course)

- refresh adfs party trust to see new environment

That should be it.

Was this reply helpful? Yes No
MittalPatel on at

Like (0)

Report

@Wouter - Thank you for the response. I got your point.

I just want to make sure that - No need to change anything on IIS or CRM Deployment Manager side.

In CRM Deployment Manager, Web Application Server is set to : Organization1.<installedCRM>.<Domain>.in

Is this correct or do I need to remove Organization name from this?

Thank you,

Was this reply helpful? Yes No
Suggested answer

Wouter Madou 3,392 on at

Like (1)

Report

First of all I need to point out that I am NOT and adfs expert.

But my 50 cents on the case:

You need to use your internalcrm url.

As you have it described above as follows:

https://Organization1.<installedCRM>.<Domain>.in/ --> Working fine

https://Organization2.<installedCRM>.<Domain>.in/ --> Not working because it is redirecting to Organization1 URL.

Because you set your org1 as the to use url in depl. manager the org2 url will resolve to org1.

(This will set your endpoint and thus is incorrect in your case.)

You need to set the claims endpoint url to something like 'crm.installedcrm.domain' (or like the default msdn description internalcrm.installedcrm.domain).

In internal dns you will add multiple entries, in your case:

crm.installedcrm.domain => crm server

org1.installedcrm.domain => crm server

org2.installedcrm.domain => crm server

(also your dev/sts/auth urls, but since org1 currently works I assume you did that.)

When that is done you will need to update the federation url used in adfs and the relying party trusts.

An iisreset will not hurt as well when you're done :).

I hope that makes some sense?

Was this reply helpful? Yes No
MittalPatel on at

Like (0)

Report

Yes, it makes sense now and thank you for the explanation.

I will add multiple entries in internal DNS and will update federation URL used in adfs and the relying party trusts.

Just want to confirm, do I also need to remove Organization name from the Web Application Server address in Deployment Manager, and just set it to installedcrm.domain.in?

Thank you,

Was this reply helpful? Yes No
Verified answer

Wouter Madou 3,392 on at

Like (1)

Report

In deployment manager, set to HTTPS and update all urls to your new internal url like installedcrm.domain.in .

So yes, remove the org name.

Example:

Url used in depl manager:

internalcrm.contoso.com

Dns entries added to internal dns towards crm ip:

type: a-records

Entries:

internalcrm.contoso.com

org1.contoso.com

org2.contoso.com

auth.contoso.com

sts.contoso.com

dev.contoso.com

Was this reply helpful? Yes No
MittalPatel on at

Like (0)

Report

I really appreciate your answer and it clarifies many queries.

As per msdn, below is steps of DNS configuration -->

1.1.   DNS configuration
Before configuring Microsoft Dynamics CRM Server for claims-based authentication, you should configure your internal and public domain records so the various Microsoft Dynamics CRM Server and AD FS endpoints resolve correctly.
You will create DNS records for the following domain names:
•   Internal URL used to access Microsoft Dynamics (for example, internalcrm.contoso.local).
•   External URL used to access Microsoft Dynamics - Web Application Server domain (for example, orgname.contoso.com).
•   Microsoft Dynamics CRM Organization Web Service domain. Differs from the record used for external access if you have separate domains (for example, orgname.subdm.contoso.com).
•   Microsoft Dynamics CRM Discovery Web Service domain (for example, dev.contoso.com).
•   AD FS server (for example, sts1.contoso.com).
•   External IFD URL - Microsoft Dynamics CRM IFD federation endpoint (for example, auth.contoso.com). This record will be used by the AD FS server when retrieving the Microsoft Dynamics CRM IFD federationmetadata.xml file.

Now, I have only concern that - if I will remove the Organization name from the Deployment manager then will my external URLs work fine or do I need to do something?

I have already tried today to remove Organization name from Deployment manager (then iisreset) and then I browsed through the URL of Organization 1 --> It gave me below error -- It landed on Organization AD FS page but authentication didn't happen.

Any suggestion?

Thank you,

Was this reply helpful? Yes No
Verified answer

Wouter Madou 3,392 on at

Like (1)

Report

Your external dns has the needed entries?

best to troubleshoot adfs issues is in event log on adfs server.

Adfs has a lot of caching, so might be that it is still using old values.

Was this reply helpful? Yes No
ryanshee1982 20 on at

Like (0)

Report

Hi,

I'm encountered the same issue, any solution and share with me?

Thanks

Ryan Shee

ryanshee1982@gmail.com

Was this reply helpful? Yes No