1: Install Windows Server R2 Chinese version (process slightly)
After installation, set the machine name and IP address, the process machine name crm5dev,192.168.0.110 dns:192.168.0.110 (native)
Administrator/[email protected]
2: Configure the domain Server domain name to Crm5.lab by adding the domain service through Server Manager.
Note: Use advanced mode to install.
Description: The server is Windows Server 2003 then select Windows Server 2003
Server is Windows Server R2 best choice for Windows Server R2
Another option here is Windows Server 2003, which, when installed, can be upgraded to Windows Server 2008 or not.
Select a DNS server
Choose Yes
password [email protected]
3: Add the Certificate Services/iis service through Server Manager.
Select a certification authority
Enter a common name for the CA:
4: Add the role service for the Certificate Services role:
(You need to install the Certificate Services role before you can install the role services for other Certificate Services roles)
After the installation is completed, in the browser address input: http://crm5dev/certsrv/, enter the user name and password, you can see the certificate registration interface:
5: Request a wildcard certificate for ADFS:
1) In IIS Server Manager, select the server, and in the right-side Ribbon Select the server certificate:
Select "Open Features":
Select Create Certificate Request:
Here, the name is entered *.crm5.lab, which represents a wildcard certificate, and Crm5.lab is the domain name of the server that uses the certificate.
Save a file for the certificate request (this file will be used after the content)
Back to Internet Explorer, enter http://crm5dev/certsrv/
Select Request Certificate:
Select Advanced Certificate Request:
Choose:
Submit a certificate request using a Base64 encoded CMC or PKCS #10 file, or renew the certificate request using a Base64 encoded PKCS #7 file.
Copy the text content from the previously saved file (Crm5cert.txt, open with Notepad) to the multiline text of the saved request:
Certificate Template Select Web server:
Then submit
Click Download Certificate:
Save the certificate locally.
Go back to IIS Manager, select "Complete certificate Request" in the server Certificate action:
Select the certificate you just downloaded and take a name (General.crm5.lab, with domain name):
Then change the HTTPS binding certificate for the default Web site to the certificate you just completed:
Select Default Web site, right-edit bindings, select HTTPS, click Edit, select SSL Certificate: (This certificate is used when ADFS is installed)
Note The configuration Certificate service does not really play a big role, if you have a certificate, you can directly import the certificate through IIS, then do not step 3,4,5, but the certificate binding site is still required.
6: Download and install ADFS:
(It should be possible to add a federation authentication service through Server Manager, but the ADFS manager was not found by adding a role)
: http://www.microsoft.com/zh-cn/download/details.aspx?id=10909
Installation:
Select "Federated Server",
Reboot after installation is complete,
Configuring the ADFS Server: (Managed by Administrative Tools ADFS 2.0)
Configuration Wizard:
To create a new federation Authentication service:
Select a standalone federation server:
Enter the Federation authentication Service name Sts1.crm5.lab, the machine name sts1 cannot be the same as the machine name of the CRM service.
Complete the installation.
In DNS Add calculator sts1: Administrative Tools, dns->crm5.lab-> new host:
In the browser address bar, enter:
Https://sts1.crm5.lab/federationmetadata/2007-06/federationmetadata.xml (You can use the machine name + domain name if you don't go up here)
See the following results:
7: Install SQL Server, mscrm2011 Chinese version
1) Install sqlserver2008
Jd8y6-hqg69-p9h84-xdtpg-34mbb
The verification process prompts the firewall, through the Control Panel Windows Firewall, to turn off the firewall.
Select all when selecting components:
Use the same account (Domain Admins) password: [email protected]
Description Supplement:
SQL Server Reporting Services: Best choice for net services
Other options are available for crm5\administrator.
Or you can choose Net SERVICES.
Blending mode, adding the current user
Add Current User
Select Install but do not configure the report server
after installing the patch, configure the report server, if you choose to install the computer mode default configuration at this time, the crm2011 installation verification will prompt ReportServer cannot pass, it is estimated that the SQL Server version issue. Install the report server here, the report server database should store the version of the report server, which is lower than the patched version.
2) Install sqlserver2008 patch (SQL Server Service Pack 1) Download: http://www.microsoft.com/zh-cn/download/details.aspx?id=20302
3) Configure the report server database;
Report Services Configuration Manager
To test the report server:
Note: Windows SQL Server R2 can then not require additional configuration of the report server. When installing, choose the default is OK.
8: Install crm2011 Chinese version
1) Preparation before installation:
Installing Dotnetfx40_full_x86_x64 http://www.microsoft.com/zh-cn/download/details.aspx?id=17718
Installation: ReportViewer http://www.microsoft.com/zh-cn/download/details.aspx?id=6576
Installation: WINDOWSAZUREAPPFABRICSDK (this version may be a bit of a problem, install crm2011 or check not installed, need to network download updates)
http://www.microsoft.com/en-us/download/details.aspx?id=27421
2: Install crm2011
During installation, the virtual function is guaranteed to access the extranet directly to check for and download updates
Mqm2h-jyyrb-rrd6j-8wbbc-cvbd3
36d7j-fr6qg-jxpf6-h449p-2p6rr
Installation Complete
Installing reporting Extensions
Installation Complete
9: Configure internal claims-based authentication Mode 1: Configure CRM Server1) Set binding HTTPS
Through the CRM Deployment Manager:
Select the site Miscrosoft Dynamics CRM, right-click Properties, select Web address:
Select a binding type of HTTPS,
In each service bar input: internal.crm5.lab:8081 (note: Preferably with a domain name), port number do not use the default HTTPS port.
Also, add an HTTPS binding for the CRM site through IIS Manager:
Certificate Select the previously requested wildcard certificate Generalca.crm5.lab
Note You need to add the computer internal in DNS:
2) Configure claims-based authentication
In the CRM Deployment Manager, Action menu bar selection: Configure claims-based authentication:
In the Federation metadata field, enter:
https://sts1.crm5.lab/federationmetadata/2007-06/federationmetadata.xml(Note https://sts1.crm5.lab/ is the ADFS server name)
Select Certificate:
Select Generalca.crm5.lab (the same certificate as the ADFS HTTPS certificate)
3)
Complete.
2: Configure ADFS1) To configure the relying party for ADFS
Through adfs2.0 Management
Select the relying Party trust and right-click Add Relying Party trust:
https://internal.crm5.lab:8081
To add a translation rule:
1)
2)
3)
Three after the completion of the rules;
2) Configure the claims provider trust:
Select Active Directory and right-click to edit the Declaration rule:
Click Add Rule:
Enter a name, select the attribute store, and the mapping of the attribute to the outgoing claim type:
3) Register ADFS as SPN
Need register the AD FS 2.0 server as a servicePrincipalName (SPN):
Setspn-a Http/sts1.crm5.lab Crm5\crm5dev (This step can not be less )
Where Sts1.crm5.lab is the ADFS service name, CRM5 is the domain name, and Crm5dev is the CRM server name
IISReset
3: Verify
Enter Address https://internal.crm5.lab:8081/
Pop-up User Password dialog box: (This place is not clear why this dialog box is still the way)
Enter the administrator user password, the CRM interface appears
testing the intranet access based on the declarative authentication method
10: Configure external claims-based authentication mode
The external claims-based authorization mode can be configured only after the internal claims-based authorization mode is configured
1: Configure CRM Server
In the CRM Deployment Manager, Action menu bar selection: Configure Internet-facing deployment
crm5.lab:8081
crm5.lab:8081
dev.crm5.lab:8081
Where Crm5.lab is the domain name, 8081 is the HTTPS bound port
Input: neu.crm5.lab:8081, where neu is the name of the organization when the CRM installation is configured, that is, the sub-path when internal access:
Add hosts in DNS: Dev, neu;
2: Configure the ADFS relying party
This process is basically consistent with the claims-based authorization pattern within the configuration, where the relying party metadata should respond to URLs that should be accessed externally
1) Configure the relying party for ADFS
Through adfs2.0 Management
Select the relying Party trust and right-click Add Relying Party trust:
https://neu.crm5.lab:8081
To add a translation rule:
1)
2)
3)
Three after the completion of the rules;
3: Verify
In the browser address bar input: https://neu.crm5.lab:8081 after the following login screen:
Enter the domain administrator user name password, enter the CRM interface;
Ok, declare success.
Description: Setting up an environment on a virtual machine can be more or less problematic, there are fewer problems installing directly on the server, and configuring the IFD environment must first configure the claims-based authentication mode.
The key to configuring IFD is to install the ADFS 2.0 software.
? Expansion: Here CRM and ADFS installed on the same server, you can consider CRM and ADFS on the same server, installed on multiple servers, such as CRM installed on a server, ADFS installed on a server, decentralized processing, can reduce the server pressure (load).
Steps to build the Microsoft Dynamics CRM 2011 for an Internet-deployed (IFD) ADFS Virtual machine environment (CRM is installed on the same server as ADFS) from the network