| Configuration
- Dynamics CRM 2016 service pack 1 deployed on Windows 2012 R2 Server (domain joined)
- AD FS on domain joined Windows 2012 R2 Server
- Web Application Proxy (WAP) installed on workgroup Server in DMZ
Issue
Unable to access the IFD URL https://OrgName.domain.com which results in the following error:
An error occurred has error occurred. Contact your administrator for more information.
Error details • Activity ID. 000000000000-0000-4aOO-0080000000cf —relying party trust.
CRM Claims Relying Party • Error time: Thu, 20 Oct 2016 20:09:25 GMT Cookie: enabled User agent string: Mozilla/5.O (compatible; MSIE 10.0,' Windows NT 100, WOW64; Trident/7.O; Touch; .NET4.OC; .NET4.OE: .NET CLR 2050727; .NET CLR 3.0.30729: .NET CLR 3.5.30729; InfoPath.3; AcanoClient)
Summary of Resolution:
Certificate renewal would require publishing of the identifiers on the WAP server as well.
The identifiers required on the WAP servers are:
https://adfs.domain.com
https://dev.domain.com
https://auth/domain.com
https://org.domain.com
https://org1.domain.com etc
- We were unable to browse the URL from outside the network. https://biztechfusioncrm.biztechfusion.com
- We disabled IFD and claims based authentication from the deployment manager and performed an IIS reset
- We identified that upon browsing the internal URL https://crm.biztechfusion.com/biztechfusioncrm we received 3 prompts and it failed with the error , 401 Unauthorized.
- We navigated to the IIS, Microsoft Dynamics CRM website, configuration editor, make the UseAppPoolCredentials as TRUE.
- Perform an IISRESET.
- Browse the URL (Organization form the deployment manager) on SSL and checked whether it is successful or not. Once it is successful we performed the following steps.
- In Deployment Manger re-configure Claims- Based Authentication. Verify whether the ADFS federation metadata URL is accessible.
- In ADFS management console in ADFS server, update the corresponding Federation Metadata URLs on the internal relying party trust. Restart the ADFS services.
- Do an IISreset on CRM Web Server and ADFS server. Browse Org URL internally and check whether it is browsing successfully or not. Once it is successful perform the following steps
- In Deployment Manger re-configure IFD.
- In ADFS management console in ADFS server, update the corresponding Federation Metadata URLs on the External relying party trust. Restart the ADFS services
- Do an IISreset on CRM Web Server and ADFS server.
- Tried to access CRM from outside the network, it still failed with the same error: An error occurred has error occurred. Contact your administrator for more information.
Error details • Activity ID. 000000000000-0000-4aOO-0080000000cf —relying party trust.
CRM Claims Relying Party • Error time: Thu, 20 Oct 2016 20:09:25 GMT Cookie: enabled User agent string: Mozilla/5.O (compatible; MSIE 10.0,' Windows NT 100, WOW64; Trident/7.O; Touch; .NET4.OC; .NET4.OE: .NET CLR 2050727; .NET CLR 3.0.30729: .NET CLR 3.5.30729; InfoPath.3; AcanoClient) , we shall consider the case as resolved and good to close.
- We added the identifiers as Pass Through on the ADFS WAP proxy server https://adfs.domain.com , https://dev.domain.com , https://auth/domain.com and published these URLS and performed an IISRESET.
- We then tried to access CRM URL from outside the network, we were successfully able to browse.
|