Posts

Showing posts from May, 2014

CAC Card Authentication Using KCD With CRM 2011 and TMG

CRM

Allow website to use KerberosCreate an SPN for CRMsetspn -a http/crm-2011.test.local Domain/UserAD
Open TMG Computer Account in AD and allow delegation to the SNP you created earlier.
TMG
Install DoD Root Certificates (http://iase.disa.mil/pki-pke/function_pages/tools.html)Install Tumbleweed on TMG Server ***** this is extremely important on gov sites that use this software.  *****Import Tumbleweed client configuration fileDisable HTTPS Inspection and NIS in TMGPublish DoD E-mail certs to the NT Auth Storecertutil -dspublish -f <filename> NTAuthCAMake sure GPO for TMG machine is updated with the following.Policies -> Windows Settings -> Security Settings -> Public Key Policies -> Certificate Services Client - Auto-EnrollmentConfiguration Model should be enabled and Renew expired certificates and Update certificates should both be checked.Create ListenerCreate RuleUnder Authentication Delegation choose Negotiate (Kerberos/NTLM).  In the SPN box enter the one you creat…