During the CRM 2011 installation process for ADFS/IFD, you will notice issues when resolving external non matching internal domain references (crm.microsoft.com to crm.go.local) especially when using the SSL certficates. This can take hours of tracing and troubleshooting to realize its related to a new lookback feature introduced with Windows 2003 Server SP1.

The solution is to add to key BackConnectionHostNames to the registry, with the DNS, most likely your ADFS and internalcrm webserver FQDN (fully qualified domain names ie xxxx.companyname.com)

Click Start, click Run, type regedit, and then click OK.

In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_04.Right-click MSV1_0, point to New, and then click Multi-String Value.

Type BackConnectionHostNames, and then press ENTER.

Right-click BackConnectionHostNames, and then click Modify.

In the Value data box, type the host name or the host names (Adfs.companyname.com the external address for the ADFS system) for the sites that are on the local computer, and then click OK.

Quit Registry Editor, and then restart the IISAdmin service from the command prompt using IISRestart

http://support.microsoft.com/kb/896861