About
Kooty's TechnoBabble is a blog by Brennan Kootnekoff, and is about the interesting day-to-day life of a multi-platform systems engineer/administrator. From time to time, he will post useful tidbits of information here that may save hours of time, and prevent premature gray hairs and aging.
Search
Categories
Recent Posts
Recent Comments
Archive
Links
Site Functions
Other
FortiScan Certified
February 27th, 2008. comments are open 0 commentsISA 2006 and Dynamics CRM 4.0

Some of you may be having a hard time configuring CRM 4.0 and ISA 2006. All seems well when you use the web client, but when you try to configure your Outlook Client, you get:

“The request failed with HTTP status 401: Unauthorized ( The server requires authentication to fufill the request. Access to the Web server is denied. Contact the server administrator. ).”

Dynamics CRM Web Client

I finally found a solution(s)!

Method 1:

  1. Run the following SQL command (replace addresses with yours (address:port) 
    USE MSCRM_CONFIG
    Update DeploymentProperties SET NVarCharColumn = ‘my.crmserver.inet:80′ WHERE       ColumnName = ‘AsyncSdkRootDomain’
    Update DeploymentProperties SET NvarCharColumn = ‘my.crmserver.inet:80′ WHERE  ColumnName = ‘ADSdkRootDomain’
    Update DeploymentProperties SET NvarCharColumn = ‘my.crmserver.inet:80′ WHERE ColumnName = ‘ADWebApplicationRootDomain’
  2. Run regedit on the CRM host computer, and navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSCRMClient. You now have to update the following keys
    • IntranetDiscoveryUrl
    • IntranetServerUrl
    • IntranetWebAppUrl
    • PlatformRoot
    To point to your External CRM URL.
  3. Enable just Basic HTTP Authentication on the Web Listener in ISA
  4. In the Authentication tab of the Firewall Policy for the CRM, select “No authentication, but client may authenticate directly”.
  5. In the To tab of the Firewall Policy for the CRM, make sure “Foreward original host header” and “Requests appear to come from the original client” is selected.
  6. In the Users tab of the Firewall Policy for the CRM, make sure it is “All Users” Instead of “All Authenticated Users” (CRUCUAL STEP)
  7. Apply the settings in ISA.
  8. Now go to “Internet Settings” on the client computer, and navigate to the security tab.
  9. Click custom level on the trusted site, and scroll to the very bottom and select “Automatic logon with current user name and password”.
  10. Add the CRM url to the trusted sites without the prefix (aka. not http://crm.company.com and just crm.company.com).
  11. Navigate to http://crm.company.com and type in your login credentials. AND CLICK REMEMBER PASSWORD.
  12. Run the configuration wizard, and it should work *smile*

Method 2:

  1. Download the Internet Facing Tool from Microsoft.
  2. Extract the downloaded file to drive:\Program Files\Microsoft Dynamics CRM\Tools
  3. Run the tool.
  4. In the IFD boxes, type in your EXTERNAL URL and in the internal box, type in your INTERNAL URL.
  5. Select whether to use HTTP or HTTPS for both the IFD Address and Internal address.
  6. Apply, and reboot!
  7. Now go to “Internet Settings” on the client computer, and navigate to the security tab.
  8. Click custom level on the trusted site, and scroll to the very bottom and select “Automatic logon with current
  9. user name and password”.
  10. Add the CRM url to the trusted sites without the prefix (aka. not http://crm.company.com and just crm.company.com).
  11. Navigate to http://crm.company.com and type in your login credentials. AND CLICK REMEMBER PASSWORD.
  12. Enjoy!

If you don’t have any internal users, I’d recommend using Method 1, and if you want SSL and/or want to differentiate between external and internal users, use Method 2.

Brennan