web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / ADFS + IFD configuration
Microsoft Dynamics CRM (Archived)

ADFS + IFD configuration

(0) ShareShare
ReportReport
Posted on by Community Member

Hello,

I am trying to publish CRM server over internet using ADFS 2.0 + IFD. CRM and IFD are on same server which have public IP and internal IP. When i get to DNS configuration step , i don't really how to do it. Regarding to Microsoft Documentations "orgname","dev","sts","auth" records in DNS should point to "IP address of your CRM public facing internet connection"; here is my confused point : which IP should be used in configuring DNS,the public one , internal or both?

When i configure the records using  public IP, I can't Browse to the URL of the federation metadata. Is this related to the fact that public IP needs time to be resolved on internet ?! 

I am really confused.

Any help is appreciated.

Thank you

*This post is locked for comments

I have the same question (0)
  • Pradeep Pawar Profile Picture
    Pradeep Pawar 2,930 on at

    Please read my blog carefully, difference is in my scenario I am having seperate CRM server and ADFS Server. Also ADFS Proxy is configured for better security just not to expose Active directory to internet keeping ADFS in public.

    pradeeppawarblog.wordpress.com/.../configure-internet-facing-deployment-for-crm-2011-server-in-more-secure-way-with-adfs-proxy

    I am confused about your question of DNS, I mean is it related to create A Records in DNS? If so then you should point your internal IP in DNS and public IP in Public DNS configuration.

    Regards,

    Pradeep P.

  • Verified answer
    Community Member Profile Picture
    Community Member on at

    Hi Mohammed,

    Many customers opt for a configuration called "spilt brain DNS" and that would be the ideal solution.

    Here, on the DNS servers of the internal network of the company they will create DNS records that points all the CRM and ADFS URLs to the private IP of the servers. Any internal user who accesses CRM will retrieve the internal IP from the company DNS server and all his traffic will flow within the company network.

    Companies also maintains a DNS service externally - leased from a provider or a DNS server they maintain connected to the internet. In this public DNS, they will create records that points the CRM and ADFS URLs to the public IPs. Users in the internet access CRM and will retrieve the public IPs from these DNS servers and will hit the CRM server via the public IP.

    This above combination of two sets of (URL->IP) mappings (one internal and one external) is the best way to go about it. Please seek guidance from your networking teams/partners.

    Regarding your inability to access the CRM metadata,

    > are you able to ping the CRM URL from cmd?

    If not you have DNS resolution issues - propagation delays can be one of them.

    if yes, then i will look at firewalls allowing your CRM port to pass through - non default ports are usually blocked by the windows firewall.

    -Alen

  • Verified answer
    Community Member Profile Picture
    Community Member on at

    Split DNS as described by Alen is the way to go. The external DNS points to your firewall, which then forwards traffic through to the internal addresses.

    What ports are you using for CRM and for ADFS?

  • Community Member Profile Picture
    Community Member on at

    Thank you Pradeep

    I get the point

  • Community Member Profile Picture
    Community Member on at

    Thank you Alen, Your explanation is very clear i now understand the difference between internal and DNS zone and public DNS.

    As described by Adam my deployment will be as follow :

    -crm server should only have  internal IP

    -Assigning the internal IP to crm in internal DNS Zone.

    -Assigning DNS records (auth,dev,orgname,adfs) to public ip in Public DNS.

    -configuring firewall to forward the traffic to CRM.

    I wish that i am on the right way.

  • Community Member Profile Picture
    Community Member on at

    You also need to publish internal IPs for auth and dev, and for ADFS. You don't need to have IP for rognames internally unless you want to be able to connect to CRM as an external connection using forms-based authentication - for example on an internal wireless network but from a BYOD laptop that is not on the domain, or to use the tablet client.

    You might also need Windows Firewall rules to open the relevant ports if non-standard (not 443). What port is ADFS and CRM on?

  • Community Member Profile Picture
    Community Member on at

    Thank you, This is exactly what i look for, enabling Claims based authentication for internal users because sales team laptops aren't on the domain for security reason.

    AFDS is on port 443 and CRM is on 444.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans