CRM Dynamics

1- Installation - How to setup CRM step by step

2- CRM Claims Based Authentication configuration.

3- Firewall Setup

4- Issues

4-a CRM time out issues for logged in users.

4-b unable to setup CRM client for Outlook.

1- Installation - How to setup CRM step by step

CRM STEP BY STEP Installation.docx

2- CRM Claims Based Authentication configuration.

Note: You need to setup a separate Server for ADFS and install ADFS which you can find in the download Page.

3- Firewall Configuration

For firewall configuration, you need to have a reverse proxy firewall with Wild card certificate installed on IIS in the CRM server and the Reverse Proxy Server, assuming you're using TMG for this purpose.

On TMG, You need to create a website publishing rule with the following settings:

1- Action: Allow

2- From : Anywhere

3- To : Your External CRM Website e.g. (crm.mywebsite.com)

- Under the Computer/IP type in the local IP address of the CRM Server. and tick the Forward..etc checkbox.

- Under proxy requests to published site select "Requests appear to come from the original Client.

4- Create new Listener and call it CRM! in the networks tab select External and type in the Public IP address which you configured your Public name on e.g. 195.152.12.15 in the dns points to crm.mydomain.com.

- In Connections tab select both Enable HTTP and HTTPS and redirect all traffic from HTTP to HTTPS.

- In Certificates tab Select the wild card certificate which you have installed to Reverse proxy server e.g." TMG Server".

- In Authentication tab select : no authentication.

- in Forms it'll be grayed out already. and same for SSO tab.

- Now click OK and select this Listener.

5- In Public Name tab add the following:

- Add Public ADFS FQDN e.g. adfs.mydomain.com.

Note: The ADFS should be already published through reverse proxy with one SAN certificate not with the wildcard.

- Add auth.mydomain.com

- Add crm.mydomain.com

- Add dev.mydomain.com

6- Under Path tab add /* and click add.

7- Under Authenticadtion Delegation select "No Delegation, but client may authenticate directly" .

8- Under Bridging tab select "Redirect requests to SSL port:

9- Under Users select all users.

10- click apply then Test Rule and see if you're OK to go.

11- Now try testing your CRM access from the web browser and see if it works or not.

12- Try setting up client with the new external domain and see if it will authenticate.

In my case I have had a problem authenticating with ADFS as it refused due to a mistake with one of the claims "NAME" it appeared in ADFS as * Name and I have selected it as it is then I corrected it back and it worked fine.

hope this article is useful for you.

4- Issues

a-

- CRM Dynamics Session Time Out issue

You have a problem with CRM Dynamics on Premise signing you out every couple of minutes ?

Note: to Enlarge the picture click on it.

To Extend the CRM login session you need to login to your ADFS deployed server

Run Powershell as administrator

Open ADFS

Goto Relaying Party Trusts

Write down your relaying party trust names, internal and external:

In our case they are internal for Internal CRM URL. In case of External CRM URL it’s External.

In powershell command to make sure you have the right names issue the following commands.

For internal issue

Get-ADFSRelyingPartyTrust -Name "internal" for internal URL and (hit enter)

For External issue

Get-ADFSRelyingPartyTrust -Name "external" for External URL (hit enter)

After running each command of them you will see that the certificate details assigned with to each of the URLs.

Right after that you can issue the command to extend the login time as following:

Set-ADFSRelyingPartyTrust -Targetname "internal" -TokenLifetime 480 (hit enter)

This command will extend the login time of internal URL sessions to 480 minutes

Set-ADFSRelyingPartyTrust -Targetname "external" -TokenLifetime 480 (hit enter)

This command will extend the login time of external URL sessions to 480 minutes.

Now you can double check to make sure that the login time have been extended but you will need to sign out, close internet explorer and re-login.

You're done here.

4- Issues

b- Microsoft Dynamics CRM Cannot connect to Microsoft Dynamics CRM server because we cannot authenticate your credentials

Issue:

When you try to add your account to CRM Outlook client you get this message along with a big error message

Cause

The cause of this issue is due to not having your Windows Live ID verified. When you sign up for a Windows Live ID and you are not using a @hotmail.com or a @live.com email address, you will need to verify the e-mail address before it can be used to configure the Microsoft Dynamics CRM Client for Outlook.

Also it maybe related to the way you type the UPN in the user login field user@domain.com is not supported.

Solution

Download Windows Live essential package along with latest version of Windows Live ID sign-in assistant from the following Link.

http://www.microsoft.com/en-us/download/details.aspx?id=15106

Restart your PC and try to add your account again to CRM outlook client.

Also make sure you put your username in "domain\user" format.