When hosting multiple web sites, you must have some way to distinguish amongst them. IIS has three methods you can use: Host Header; Port; and IP Address.  Host header is actually fairly easy to set up. When you configure a web site, there is an entry for host header. For instance I can specify www.LentzComputer.net for my main web site and CRM.LentzComputer.net for my CRM. This actually works well and is how I initially set up my CRM when I first installed it. Then I decided I reeaaalllyyy wanted to be able to take CRM with me on my Pocket PC using the new CRM Mobile. The problem? Microsoft CRM Mobile does not support (or allow) host headers! I hate it when that happens. Back to the drawing board or in this case the Internet Services Manager to reconfigure.

The next thing I tried was using a unique port. The standard port for web access is 80, so my www.LentzComputer.net defaults to 80. I decided to use port 85 for my CRM. That way I could get to CRM using www.LentzComputer.net:85 or CRM.LentzComputer.net:85. Access to my 'regular' web is www.LentzComputer.net:80, or you can leave off the port since 80 is the standard default. This also worked great even though it required my typing a few extra characters, and remembering the port number.

But then I started working on the other requirement for CRM Mobile. It has to use a secure SSL connection. No problem thinks I. The default SSL port is 443. CompanyWeb uses 444. I'll just use 445. Configuring it is easy, sort of. I set up a Certificate Authority on my SBS server so I could issue my own certificates and not pay $100s per certificate (I'll end up needing a couple) from a commercial 'trusted' source. Then I configured the site to use port 445 for SSL. This worked fine as long as I kept my default site turned off. When I turned on (started) my default site, I could no longer access CRM. I fought every which way all weekend trying to get it working. Finally I posted my problem on the CRM newsgroup and my friend from Australia and SBS MVP, Wayne Small, informed me it basically couldn't be done. Boy! It sure felt good to quit hitting my head against that wall.

So I was down to my last option, using different IP addresses to distinguishing between web sites. My server follows the preferred SBS model of having two NICs, one for the Internet and one for the local network. My Internet provider only provides me with one public IP address and I'm too cheap to pay for more (see certificates above), so I decided to give it a try on the internal interface card. I can assign multiple IP addresses to the internal NIC. My 'regular' IP is 192.168.16.2 so I assigned 192.168.16.3 as well. Then I configure my CRM web site to use this address. This is relatively easy to do as well. Except... It won't start! When I try, it tells me the IP is invalid! But I can ping it and everything. It's there, only IIS can't see it. Off to Google I go and find an article that refers to a tool I've heard of but never seen, httpcfg. This is provided with SBS in the support tools on the SECOND SBS CD! You have to use this tool to tell IIS to listen to the second IP (use httpcfg /? for the correct syntax). Once I did this, my CRM web site started right up. I added an entry for CRM in my local DNS pointing to 192.168.16.3 so I could access CRM from the local (internal) network. Worked great! But I also want to access it from the Internet. One caveat: SBS’s CEICW doesn’t like multiple IPs so you’ll have to temporarily remove the second IP if you need to rerun the wizard.

Enter ISA Server, which comes with SBS 2003 Premium Edition. With ISA, I can 'publish' a web server and tell the world how to access it. I created a Destination Set for CRM and configured ISA to route any requests for CRM.LentzComputer.net to my web page at 192.168.16.3. Worked great. Only one more little hurdle to negotiate. CRM Mobile requires the web site to be secured using SSL.

This shouldn't be a problem. I create a certificate for CRM.LentzComputer.net and configure the web site to use it on port 443. Accessing it on the local network worked fine, however access from the Internet was another story. Any time I'd try I would get an error indicating the target principal name was incorrect, whatever the heck that means. I found that wall and started banging my head on it again. I did a Google search and found an article by my friend and ISA guru Dr. Tom Shinder. Tom's article goes into very fine detail explaining exactly what was happening and how to fix it. Basically what it boils down to is the address ISA Server uses to publish a secure web site must exactly match the name on the certificate. I was publishing to 192.168.16.3 using a certificate issued to CRM.LentzComputer.local. Changing ISA to publish to CRM.LentzComputer.local instead resolved the dreaded target principal name error. I can now access my CRM securely from anywhere using CRM.LentzComputer.net. Now if only I could get CRM Mobile to work. It's even got Microsoft's PSS Tech Support guys stumped and they're calling in the developers! But when they figure it out, my secure CRM web site will be ready.