CRM 2011: Additional ADFS Claims Provider causes HomeRealm URL Error


The home realm URL issue is introduced when we attempt to add another active directory or claims provider for a domain outside our cloud domain to create single sign on. (SSO). Microsoft Internet Explorer has the ability to support this and we have no issues connecting via the browser.

However, Microsoft Outlook as well as third-party applications currently are not ready to support multiple home realm URLs. This issue is becoming more and more apparent as customers
move to more cloud based services for requiring SSO.

Microsoft has addressed this issue for the outlook client, by creating the following registry key:

Registry String: HomeRealmUrl: https://adfs.domain.com/adfs/services/trust/mex

under the registry entry:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MSCRMClient

This Microsoft article explains this more in detail here:

http://msdn.microsoft.com/en-us/library/gg188615.aspx

This can be a gotcha for third-party ISV’s that are not coded to support multiple home realm domains.


CRM 2011: CRM Instance Adapter has been released!


Microsoft has just released the Microsoft Dynamics CRM 2011 Instance Adapter (also know as the multi-instance adapter). For those of you that wanted to sync your Production Dynamics CRM 2011 to other environments like DEV, QA this tool is what you have been waiting for! Additionally, Global Deployment options allowing you to sink individual organizations (instances) back into a single server (multi-instance) for reporting and consolidation. The instance adapter will also require the install of the Microsoft CRM Connector currently used to integrate CRM with with ERP systems.

One of MVPPeeps, JoeCRM wrote a great article and beat me to the bunch. Enjoy!

http://www.powerobjects.com/blog/2012/10/26/introduction-microsoft-dynamics-crm-2011-instance-adapter/

Download the CRM Instance Adapter here:
http://www.microsoft.com/en-us/download/details.aspx?id=35385


CRM 2011: ADFS SSL Certifcate Expiration (Auto-Rollover) and CRM is now down.


CRM 2011 ADFS comes with a unqiue feature: Auto-Rollover for SSL Certification expiration. You must load the new SSL certificate on the box prior to the Auto-Rollover. We are finding out this might be as automatic as once thought.

If your ADFS console looks like the following and your CRM is not working the steps are listed below:

 

 

From the CRM Deployment Manager, run the through the configuration wizards for setting up both Claims based Authentication and Internet Facing Deployment (IFD). These located on the top right of the CRM deployment manager. You just need to click next through again, all the values will be there from your existing setup. Next, Restart the IIS Server (IISReset on a administrator command prompt) on the CRM Server as shown below:

 

 

Next, on the ADFS server, locate the ADFS Windows Service in services, and restart the service, the issue and IISRestart command as above. You may also restart the service from the command line:

 

 

 

Now you should be able to succesfully use your CRM system again. Enjoy

Please see my other posts about enabled auto-rollover:

http://cognettacloud.com/?p=464

 

 


CRM 2011: Solution Import Error – You do not have the necessary permissions to change the domain logon name for this user


A colleague of mine, David Pritchett, passes along this time saving tip when you have problems importing solutions and receive the error message as below:

 

The error message turns out to be related to the user not have rights to the directory shown below:

 

Once the user has rights, the solution will import correctly. Note – The side effect is actual a great way to lock down System Admin users from publishing solutions in restricted environments (forcing use of a deployment ID etc.)