Hello,
I have deployment with the following scenario:
- 2 CRM Front-End servers with a load-balancer in front of them
- 2 CRM Back-End
- 2 CRM Deployment Administrators servers with a load-balancer in front of them
- 2 AD FS servers with a load balancer in front of them
- 2 Web Application Proxy servers with a load balancer in front of them
The WAP redirect known FQDN to their internal counterpart.
When setting up CBA, the metadata for the relying party trust from the internal CRM address looks correct (points to the internal DNS name, internalcrm.mydomain.com).
Once IFD is configured on AD FS the internal relying party trust retrieves the external metadata (auth.mydomain.com) instead of the internal information.
I am using the same AD DS domain as the real domain is (all machines are joined to mydomain.com).
Internal DNS look as follows:
internalcrm.mydomain.com points to the CRM FE load balancer
internalds.mydomain.com poins to the CRM Deployment servers balancer
dev.mydomain.com points to the CRM FE load balancer
auth.mydomain.com points to the CRM FE load balancer
myorg.mydomain.com points to the CRM FE load balancer
fs.mydomain.com points to AD FS load balancer
External DNS look as follows:
auth.mydomain.com, dev.mydomain.com, myorg.mydomain.com and fs.mydomain.com point to the public IP of the WAP load balancer
Does this configuration look correct?
How can I configure IFD and get the CBA metadata for both internal and external domains?
Thanks