CRM 2011 ADFS/IFD Installation Tip: Using the BackConnectionHostNames Registry Key

During the CRM 2011 installation process for ADFS/IFD, you will notice issues when resolving external non matching internal domain references ( to crm.go.local) especially when using the SSL certficates. This can take hours of tracing and troubleshooting to realize its related to a new lookback feature introduced with Windows 2003 Server SP1.

The solution is to add to key BackConnectionHostNames to the registry, with the DNS, most likely your ADFS and internalcrm webserver FQDN (fully qualified domain names ie

Click Start, click Run, type regedit, and then click OK.

In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_04.Right-click MSV1_0, point to New, and then click Multi-String Value.

Type BackConnectionHostNames, and then press ENTER.

Right-click BackConnectionHostNames, and then click Modify.

In the Value data box, type the host name or the host names ( the external address for the ADFS system) for the sites that are on the local computer, and then click OK.

Quit Registry Editor, and then restart the IISAdmin service from the command prompt using IISRestart