How to Set Up Microsoft CRM 2016 IFD on Windows 2012 R2 Server
The Development Setup
NOTE: The Domain we have used for setup with this dev server is: iwebscrm16.com You can substitute your domain in place throughout these step by step IFD instructions CRM 2016.
Getting Windows Server Ready
1. Install and Update Windows 2012 R2.
2. From the Server Manager – Add Roles and Features
3. Role-Based or Feature-Based instilllation
4. Select the Server from the Pool (usually the default option)
5. Scroll Down and Select Web Server IIS
6. Add Features
And .NET 3.5 Features
7. Next / Next
8. under Web Server Roles (IIS) Use the default options, but add under Performance – Dynamic Content Compression
9. Next / Install
10. Update Window Server again as there is likely a restart update available.
11. After Restart. Ensure that you turn off the IE enhanced security. It’s Crap and no one benefits from it. This is done in the Server Manager under Local Security.
SQL 2014 Setup
1. First Up have the Windows Server Join the Domain you will be using.
2. Reboot and login with the domain admin account.
3. Start the SQL Install Disk
4. Click Instillation / New SQL Server Stand Alone
5. Enter Product Key / Next
6. Agree to Terms / Next
7. use Microsoft Update / Next
8. Ignore the Windows Firewall Warning at this Stage
9. Select SQL Server Feature Instillation / Next
10. Select: Database Engine Service / Full Text Indexing / Reporting Service Native / Management Tools Basic and Complete / Next
11. Leave Default Name
12. Server Configuration Default and Next
13. Windows Authentication Mode / Add Current User (Remembering we are logged in as a Domain Admin domain/administrator)
14. Install and Configure / Next
16. After Completion, Check again for Windows Updates and Reboot. (At the time of writing this blog, the SP 1 for SQL 2014 will be installed if your install disks do not already have this. Like everything Microsoft, it’s not super reliable until they SP1 their product!).
Getting your Active Directory OU Ready
1. Login to your Active Directory Domain Controller as a Domain Administrator
2. Using the Active Directory Users and Computers, Select the Root and Create a new OU named something like Microsoft CRM 2016
3. Log Out of the Active Directory Domain Server.
Installing CRM 2016
Apply a Wildcard SSL Certificate
Lets Get Basic
The DNS Goal
DNS The Easy Way!
Set the CRM AppPool account and the Microsoft Dynamics CRM Encryption certificate.
Add Relying Party Trusts to AD FS
Enable Forms Authentication
Specify the security token service
Effectively you are creating the third Relying party trust in your deployment and the second that you have manually set up at this point. We are doing this again as this is now for the IFD endpoint.
Step 1: Start AD FS Management. On the Actions menu located in the right column, click Add Relying Party Trust. In the Add Relying Party Trust Wizard, click Start.
Step 2: On the Select Data Source page, click Import data about the relying party published online or on a local network, and then type the URL to locate the federationmetadata.xml file. This federation metadata is created during IFD Setup.
For example, https://auth.iwebscrm16.com:444/FederationMetadata/2007-06/FederationMetadata.xml (Remember to replace your domain for ours)
Type this URL in your browser and verify that no certificate-related warnings appear.
Step 3: On the Specify Display Name page, type a display name, such as CRM IFD Relying Party, and then click Next
Step4: On the Choose Issuance Authorization Rules page, leave the Permit all users to access this relying party option selected, and then click Next.
Step 5: On the Ready to Add Trust page, click Next, and then click Close.
Step 6: If the Rules Editor appears, click Add Rule. Otherwise, in the Relying Party Trusts list, right-click the relying party object that you created, click Edit Claims Rules, and then click Add Rule
Step 7: In the Claim rule template list, select the Pass Through or Filter an Incoming Claimtemplate, and then click Next.
Step 8: Create the following rule#1
Claim rule name: Pass Through UPN (or something descriptive)
Incoming claim type: UPN
Pass through all claim values
Step 9: In the Rules Editor, click Add Rule, and in the Claim rule template list, select the Pass Through or Filter an Incoming Claim template, and then click Next
Step 10: Create the following rule#2
Claim rule name: Pass Through Primary SID (or something descriptive)
Incoming claim type: Primary SID
Pass through all claim values
Step 11: In the Rules Editor, click Add Rule. In the Claim rule template list, select the Transform an Incoming Claim template, and then click Next.
Step 12: Create the following rule #3
Claim rule name: Transform Windows Account Name to Name (or something descriptive)
Incoming claim type: Windows account name
Outgoing claim type: Name
Pass through all claim values
Click Finish, and when you have created all three rules, click OK to close the Rules Editor.
Problems We Encountered
While developing this blog post we encountered many small errors along the way. We have reverted to CheckPoints and fixed the instructions to allow you to avoid them. One thing we would say is that when resolving errors, it is most likely associated with the AD FS IFD login. When this happens, the AD FS Event Log is your best friend. Hit the Event ID errors up in google and resolve as best you can. Checkpoints are also your friend here!
Turn the Firewall Back On
As you may expect, this is a rather important last step
1. Turn on all Firewall Settings as they were at the start
2. Click Advanced Settings
3. Click Inbound Rules / New Rule
4. Select Port / Next
5. Select TCP and Specify Port 444
6. Allow the Connection
7. Domain, Private and Public all ticked.
8. Give it a name like: CRM Port 444
And you are about finished. Remember if in the future you are mucking with something and getting no place. Turn off the Firewall as a starting point. Banging heads with firewalls is a waste of time!
Remember to test access again externally!
Your Feedback and Our Services
Please post a comment or note if you have anything to add about these notes. We welcome feedback that helps us improve them.
If you have a need for CRM 2016 Developer Services, we offer professional services and support for CRM 2016. This includes upgrade services for upgrading from any of the past CRM releases to new ones. We also write custom plugin solutions and are specialists with advanced web services and portals that connect to CRM for many applications. http://www.interactivewebs.com/crm and websites.