Well I thought I was going to make it through an IFD setup without issue, but no such luck. I am not seeing the FORM sign-in page no matter what I try. More specifically I am getting redirected to the following url;
https://adfs.domain.net/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fcrm2016.domain.net%2f&wctx=rm%3d1%26id%3d5b8a8601-f93b-4755-ae1f-ef4f51ef3b25%26ru%3dhttps%253a%252f%252fcrm2016.domain.net%252fMYORG%252fmain.aspx&wct=2016-04-21T13%3a25%3a12Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword
IE is saying "This page can’t be displayed".
MORE DETAILS ----
This is my first time trying CRM2016, Windows 2012 R2 and ADFS 3.0 together. My setup includes separate CRM, SQL and ADFS servers. I followed a combination of instructions including this one,
https://blogs.msdn.microsoft.com/niran_belliappa/2014/01/16/step-by-step-configuring-crm-2013-internet-facing-deployment-ifd/ - detailing separate ADFS / CRM servers but not 2016, R2 or ADFS 3.0
and this one,
https://www.interactivewebs.com/blog/index.php/crm/how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server/- specific to CRM 2016 and R2, but all single server so required extra ports, which I did not want.
Machines that are JOINED to the domain areautomatically signed into CRM via Windows Integrated Authentication. HTTPS is showing the correct cert.
http://internalcrm.domain.net/MYORG/main.aspx
https://internalcrm.domain.net/MYORG/main.aspx
Devices that are not joined to the DOMAIN but still on the local network have differing behavior.
http://crm2016.domain.net/MYORG/main.aspx
Throws a username /password dialog which no matter what I try does not let me in (eventually throwing a 401).
http://crm2016.domain.net/MYORG/main.aspx
Redirects to the URL mentioned above.
I don’t really care about HTTP and will most likely unbind it at some point.
WHAT WORKS ----
As far as I can tell everything. I can access all of the following URL’s
https://internalcrm.domain.net/FederationMetadata/2007-06/FederationMetadata.xml
https://adfs.domain.net/FederationMetadata/2007-06/FederationMetadata.xml
https://auth.domain.net/FederationMetadata/2007-06/FederationMetadata.xml
I can sign in using
https://adfs.etecsol.net/adfs/ls/idpinitiatedsignon
I have run the following on the CRM server
setspn -a HTTP/adfs.domain.net domain\Administrator
setspn -a HOST/adfs.domain.net domain\Administrator
I have double checked DNS and did about 20 iisresets
WHAT I HAVE NOT DONE, yet… ---------------
Setup Proxy or External DNS – I am still just trying to get this to work on the internal LAN my goal is for CRM to be available to browsers on devices (iPads, iPhone, etc. not joined to the domain).
Any help would be appreciated.
C