Wednesday, July 8, 2009

Dynamics CRM 4.0 Outlook client and SSL offload issues for IFD users

With my companies on-premise Dynamics server we use ISA for the SSL offloading and routing to the IFD server for external users. Another reason we do this is for the host header rewrite capabilities of ISA, since we named our Dynamics organization as the same as our company name (I'm sure many people do this). We didn't want to see as the browser url, so we picked something more suitable like so that its easier for the end user to remember and just makes more sense.

The problem that this creates, is when configuring the CRM Outlook client to use https for the external server, the SSL offload is happening at ISA. So the Dynamics server doesn't see it as an SSL connection during discovery and reports back that the URL's to the Dynamics services are normal Http. This works fine if you also expose non SSL traffic to your IFD server, but in our case we don't and do a 302 response to https. You will get this error message when you open Outlook off the network if you are set up in a similar fashion:

Fortuntely we just need to modify a few registry keys where the server url is stored to fix this. Using Registry Editor (regedit.exe), browse to HKEY_CURRENT_USER\Software\Microsoft\MSCRMClient

The two keys you will need to modify and add the https to are WebAppUrl, ServerUrl, ExtranetServerUrl, and ExtranetDiscoveryUrl.

After making the registry changes, launch Outlook and everything should connect up just as expected.