Lessons learned from using the CRM IFD tool
With Microsoft Dynamics CRM 4.0, you can configure your CRM implementation to work internet facing. In other words, users can access CRM without having to be logged in to your network or using VPN, and they can access all functionality, including reports.
From implementing a couple of IFD environments, I have found a few things that may not be clear from the documentation for the IFD tool.
- When you unzip the ifd tool, you have to save it to the c:\program files\microsoft crm (or whatever your crm program file name is)\tools folder, otherwise it will not run.
- When you run the IFD tool, you will need to specify only the domain name in the SDK and root domain fields—do not enter anything like crm.domain.com—just domain.com
- Your external URL for your crm needs to be in the form of crmorgname.domain.com. You will know your CRM org name because when you run the IFD tool, it will display it in the gray box in the lower left corner of the form. You will need to set up a CNAME in DNS with the name of the CRM org name pointing to the CRM URL. If you want to have your external url be something other than your crm org name, you will need to set up a CNAME pointing to the org name URL.
- If you use an ISA or other firewall, you will need to enable forms authentication for the CRM server.
- After running the IFD tool, when you go to the external url, you should see a blue login form, not the windows login box, if your IFD deployment has been successful. If you see the Windows login dialog box, CRM is trying to authenticate via Windows Authentication, not IFD mode. This login form will be located at http://crmurl.domain.com/signin.aspx
Also, be sure that if you want IFD users to be able to run reports, that you install the SRS connector. The SRS connector is located in the CRM installation.
Hi!
"If you use an ISA or other firewall, you will need to enable forms authentication for the CRM server."
How to publish a IFD CRM server behind ISA 2006? What tuning in delegation of authentification it is needed to do in a Web publishing rule, if HTTPS listener used FBA authentification and wildcard certificate *.mycompanyname.org?
Web publishing rule does not work, only Server publishing rule (https) working.
My testing CRM deployment hosting a few organizations:
https://org1.mycompanyname.org
https://org2.mycompanyname.org
Posted by: Andrey Gupalo | April 29, 2008 at 04:18 AM
OK, I did everything as you mentioned. Still getting a 400 error when trying to access the site.
I have checked ISA the path name is in place.
I ran the tool again, checked DNS says it is OK
Now why do I get a 400 error. Do you have any suggestions?
Posted by: RTW | June 09, 2008 at 11:11 AM
Hi,
thanks for this post. But when I go from external URL (http://crmorgname.domain.com) I get Windows login dialog box and when I go straight to http://crmorgname.domain.com/signin.aspx and set my credentials, the authentication works. Is it ok? Or should I set anything else, becouse when I set only On Premise in IFD Tools the authentication from http://crmorgname.domain.com/signin.aspx faild.
Thanks,
Tomas
Posted by: tomasK | June 27, 2008 at 05:46 AM
Thanks for the article. Is there any way I could put a link on the IFD Sign-in page to a third party Password Reminder application?
Posted by: Ben | February 27, 2009 at 04:01 PM
Ben,
You could possibly edit the signin.aspx page; however, be aware that it is not supported by Microsoft.
Posted by: Joel Lindstrom | February 27, 2009 at 04:39 PM