Tip #831: Avoiding pain when renewing certificates in AD FS

Queue to renew

Expiring certificate for https://adfs.contoso.com, you say? Considering Let’s Encrypt goodness, that should be easy to fix, right? Import new certificate (make sure to include private key) Grant permission to AD FS service account to read the private key Open AD FS manager, navigate to AD FS > Service > Certificates Click Set Service Communications Certificate… and […]

Tip #668: ADFS and CRM on the same server

Overflowing bag

There are reasons to do the unspeakable, ignore all recommendations and install all components of on-premises CRM deployment on a single machine. Running CRM on my laptop, for example, as I don’t have room for 3 server deployment. tl;dr If CRM and AD FS are on the same server, change port used by AD FS. […]

Tip #546: Avoid using the same domain for ADFS and CRM

I’m not sure how to condense 3 days of pain and desperation into a tip of the day but I shall try. tl;dr Do not use the same base domain for ADFS and CRM if you have other applications (e.g. a web site) requiring Single Sing-On (SSO) with CRM. Please explain If you ever set […]

Tip #544: Enabling JWT in ADFS breaks Dynamics CRM for Outlook

If you ever dealt with Dynamics CRM authentication at “close range”, you know that CRM supports OAuth. Presumably, with CRM 2016 and ADFS 3.0 (Windows Server 2012 R2), we should be able to use OAuth for CRM On-premises, right? Especially now that ADFS supports JSON Web Tokens, so we should be able just enable JWT […]

Tip #419: How to sign out from ADFS in one click

Incorrect login

Single CRM installation is capable of hosting multiple organizations. As administrator, you probably have some test accounts handy to login as normal users. Many + many sometimes does not end up well: This is what you see when you do have an Active Directory login but it’s not mapped into this organization. “That’s cool”, I […]

Tip #412: CRM by proxy

tl;dr For CRM application proxying, load balancing and other magic like IP filtering, use Application Request Routing. To securely publish ADFS and CRM servers to the internet, use Web Application Proxy. Eye-watering details If you’ve been following our posts on inventive use of ARR, you know that this technique is specific to IIS. If you […]

Tip #99: Remember when your certificates expire

I will occasionally get the frantic “CRM is down” call from clients, and for on premises users, one of the most common reasons is expiring SSL certificates. If you just deploy CRM without claims authentication, when your CRM SSL certificate expires, CRM will still work, but users with receive a certificate error. However, if you […]