SharePoint Enterprise edition has a Business Data Catalogue (BDC) is able to pull data from the CRM system using an application definition file which carries metadata which relates to the CRM system with hyperlinks.
Guidance was sought on the CRM Dynamics website which announced a realease of a new Enterprise Search accelerator tool which Codeplex had developed. Downloading the zip file, it contained a detailed step by step guide to upload a definition file. The package contains a predefined XML file which was customised to connect to the CRM server and MSCRM database, URLs replaced with the CRM one and authentication changed to changed to ReverToSelf
The XML file was imported successfully into the SharePoint system via Central Administration, Shared Services. Permissions were given to domain guest to have executed rights and administrators with all available permissions.
The CRM system was updated to include Sharepoint administrator users.
As the CRM server and the MOSS Server was held on different machines, an issue occurred most commonly called the “double hop” authentication. The CRM Dynamics Team blog addressed this issue and guidance was followed step by step (Link to blog)
What is Double Hop issue?
In situations where SharePoint Server and MS CRM server are on different machines, the first hop is from the LWP user’s IE browser to the SharePoint server, and then from the SharePoint server to the MS CRM Server. This is the second hop. Windows credentials cannot be passed in second hop, due to security issues. To enable the SharePoint Server to pass the user credentials, the SharePoint server must be configured for Trust for Delegation.
Setting up ‘Trust for Delegation’
In order for the BDC to work correctly, Kerebos authentication is required. The blog was followed step by step.
Windows Server 2003 Support Tools were downloaded, SPNSET.EXE was used to add the SharePoint application pool account to the MOSS server using the a command line script:
setspn -A HTTP/machinename.domain domain\username
setspn -A HTTP/machinename domain\username
Delegation was set from the MOSS machine using Active Directory Users and Computers, selecting the MOSS machine, right click to properties, delegation then add the CRM server to delegate using Kerobos only.
Within Central Administration, the authentication provider for my site collection was changed to Kerebos authentication and tested on the server as well as a Client machine by adding the BDC List Webpart to show a list of cases.
Sites which helped me achieve my goal:
http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToUseServicePrincipalNames.html
http://gpeiris.blogspot.com/2007/07/login-failed-for-user-nt.html
OzMOSS group.
Uzma's SharePoint Blog 