Tip #831: Avoiding pain when renewing certificates in AD FS

Queue to renew

Expiring certificate for https://adfs.contoso.com, you say? Considering Let’s Encrypt goodness, that should be easy to fix, right? Import new certificate (make sure to include private key) Grant permission to AD FS service account to read the private key Open AD FS manager, navigate to AD FS > Service > Certificates Click Set Service Communications Certificate… and […]

Tip #544: Enabling JWT in ADFS breaks Dynamics CRM for Outlook

If you ever dealt with Dynamics CRM authentication at “close range”, you know that CRM supports OAuth. Presumably, with CRM 2016 and ADFS 3.0 (Windows Server 2012 R2), we should be able to use OAuth for CRM On-premises, right? Especially now that ADFS supports JSON Web Tokens, so we should be able just enable JWT […]

Tip #419: How to sign out from ADFS in one click

Incorrect login

Single CRM installation is capable of hosting multiple organizations. As administrator, you probably have some test accounts handy to login as normal users. Many + many sometimes does not end up well: This is what you see when you do have an Active Directory login but it’s not mapped into this organization. “That’s cool”, I […]

Tip #412: CRM by proxy

tl;dr For CRM application proxying, load balancing and other magic like IP filtering, use Application Request Routing. To securely publish ADFS and CRM servers to the internet, use Web Application Proxy. Eye-watering details If you’ve been following our posts on inventive use of ARR, you know that this technique is specific to IIS. If you […]

Tip #99: Remember when your certificates expire

I will occasionally get the frantic “CRM is down” call from clients, and for on premises users, one of the most common reasons is expiring SSL certificates. If you just deploy CRM without claims authentication, when your CRM SSL certificate expires, CRM will still work, but users with receive a certificate error. However, if you […]