&tl;dr If you’re using CrmServiceClient and getting what seems to be a valid connection but cannot really use it because of the “The user authentication failed!” error, check the servers’ clocks in your infrastructure. Bo-o-o-oring I have some perfect reasonable code deployed in Azure and that code has been humming along, talking to Dynamics 365 […]
Expiring certificate for https://adfs.contoso.com, you say? Considering Let’s Encrypt goodness, that should be easy to fix, right? Import new certificate (make sure to include private key) Grant permission to AD FS service account to read the private key Open AD FS manager, navigate to AD FS > Service > Certificates Click Set Service Communications Certificate… and […]
There are reasons to do the unspeakable, ignore all recommendations and install all components of on-premises CRM deployment on a single machine. Running CRM on my laptop, for example, as I don’t have room for 3 server deployment. tl;dr If CRM and AD FS are on the same server, change port used by AD FS. […]
I’m not sure how to condense 3 days of pain and desperation into a tip of the day but I shall try. tl;dr Do not use the same base domain for ADFS and CRM if you have other applications (e.g. a web site) requiring Single Sing-On (SSO) with CRM. Please explain If you ever set […]
If you ever dealt with Dynamics CRM authentication at “close range”, you know that CRM supports OAuth. Presumably, with CRM 2016 and ADFS 3.0 (Windows Server 2012 R2), we should be able to use OAuth for CRM On-premises, right? Especially now that ADFS supports JSON Web Tokens, so we should be able just enable JWT […]
Single CRM installation is capable of hosting multiple organizations. As administrator, you probably have some test accounts handy to login as normal users. Many + many sometimes does not end up well: This is what you see when you do have an Active Directory login but it’s not mapped into this organization. “That’s cool”, I […]
tl;dr For CRM application proxying, load balancing and other magic like IP filtering, use Application Request Routing. To securely publish ADFS and CRM servers to the internet, use Web Application Proxy. Eye-watering details If you’ve been following our posts on inventive use of ARR, you know that this technique is specific to IIS. If you […]
I will occasionally get the frantic “CRM is down” call from clients, and for on premises users, one of the most common reasons is expiring SSL certificates. If you just deploy CRM without claims authentication, when your CRM SSL certificate expires, CRM will still work, but users with receive a certificate error. However, if you […]
of the