Skip Ribbon Commands
Skip to main content

Xadean's Empirical Musing

:

Quick Launch

Xadean's Empirical Musing > Posts > IFD CRM 2016 with ADFS and WAP 2012 R2 Authentication Error
October 21
IFD CRM 2016 with ADFS and WAP 2012 R2 Authentication Error

Configuration

  • Dynamics CRM 2016 service pack 1 deployed on Windows 2012 R2 Server (domain joined)
  • AD FS on domain joined Windows 2012 R2 Server
  • Web Application Proxy (WAP) installed on workgroup Server in DMZ

Issue

Unable to access the IFD URL https://OrgName.domain.com which results in the following error:

 

An error occurred has error occurred. Contact your administrator for more information.

Error details • Activity ID. 000000000000-0000-4aOO-0080000000cf —relying party trust.

CRM Claims Relying Party • Error time: Thu, 20 Oct 2016 20:09:25 GMT Cookie: enabled User agent string: Mozilla/5.O (compatible; MSIE 10.0,' Windows NT 100, WOW64; Trident/7.O; Touch; .NET4.OC; .NET4.OE: .NET CLR 2050727; .NET CLR 3.0.30729: .NET CLR 3.5.30729; InfoPath.3; AcanoClient)

 

Summary of Resolution:

Certificate renewal would require publishing of the identifiers on the WAP server as well.

The identifiers required on the WAP servers are:

https://adfs.domain.com

https://dev.domain.com

https://auth/domain.com

https://org.domain.com

https://org1.domain.com etc

  • We were unable to browse the URL from outside the network. https://biztechfusioncrm.biztechfusion.com
  • We disabled IFD and claims based authentication from the deployment manager and performed an IIS reset
  • We identified that upon browsing the internal URL https://crm.biztechfusion.com/biztechfusioncrm  we received 3 prompts and it failed with the error , 401 Unauthorized.
  • We navigated to the IIS, Microsoft Dynamics CRM website, configuration editor, make the UseAppPoolCredentials as TRUE.
  • Perform an IISRESET.
  • Browse the URL (Organization form the deployment manager) on SSL and checked whether it is successful or not. Once it is successful we performed the following steps.
  • In Deployment Manger re-configure Claims- Based Authentication. Verify whether the ADFS federation metadata URL is accessible.
  • In ADFS management console in ADFS server, update the corresponding Federation Metadata URLs on the internal relying party trust. Restart the ADFS services.
  • Do an IISreset on CRM Web Server and ADFS server. Browse Org URL internally and check whether it is browsing successfully or not. Once it is successful perform the following steps
  • In Deployment Manger re-configure IFD.
  • In ADFS management console in ADFS server, update the corresponding Federation Metadata URLs on the External relying party trust. Restart the ADFS services
  • Do an IISreset on CRM Web Server and ADFS server.
  • Tried to access CRM from outside the network, it still failed with the same error: An error occurred has error occurred. Contact your administrator for more information.
    Error details • Activity ID. 000000000000-0000-4aOO-0080000000cf —relying party trust.
    CRM Claims Relying Party • Error time: Thu, 20 Oct 2016 20:09:25 GMT Cookie: enabled User agent string: Mozilla/5.O (compatible; MSIE 10.0,' Windows NT 100, WOW64; Trident/7.O; Touch; .NET4.OC; .NET4.OE: .NET CLR 2050727; .NET CLR 3.0.30729: .NET CLR 3.5.30729; InfoPath.3; AcanoClient) , we shall consider the case as resolved and good to close.
  • We added the identifiers as Pass Through on the ADFS WAP proxy server https://adfs.domain.com , https://dev.domain.com , https://auth/domain.com and published these  URLS and performed an IISRESET.
  • We then tried to access CRM URL from outside the network, we were successfully able to browse.

 

Comments

There are no comments for this post.

Add Comment

Title


Body *


CAPTCHA *

 

Attachments