none
"ID3082: The request scope is not valid or is unsupported" unable to create CRM user immediately after the CRM Organization is Enabled

    Question

  • Hi Guys;

    I have a CRM 2011( rollup 7) multi server deployment in IFD mode. I 'm creating CRM Organizations, users through web services. Organization creation is going fine but while creating user facing the error "ID3082: The request scope is not valid or is unsupported" and after waiting for hours may be 4 to 5 hour the user creation is being successful.

    System.ServiceModel.FaultException: ID3082: The request scope is not valid or is unsupported.


    Server stack trace: 
       at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
       at System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetTokenCore(TimeSpan timeout)
       at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
       at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
       at System.ServiceModel.Security.SecurityProtocol.TryGetSupportingTokens(SecurityProtocolFactory factory, EndpointAddress target, Uri via, Message message, TimeSpan timeout, Boolean isBlockingCall, IList`1& supportingTokens)
       at System.ServiceModel.Security.TransportSecurityProtocol.SecureOutgoingMessageAtInitiator(Message& message, String actor, TimeSpan timeout)
       at System.ServiceModel.Security.TransportSecurityProtocol.SecureOutgoingMessage(Message& message, TimeSpan timeout)
       at System.ServiceModel.Security.SecurityProtocol.SecureOutgoingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState)
       at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    I've found the root cause of the problem and that is External URLs are not getting updated from Federation Metadata.

    Steps to achieve above is as follows..

    1) After the Organization get Enabled in Microsoft CRM deployment manager portal goto ADFS server.

    2) Open ADFS 2.0 management console.

    3) Expand "Trust Relationship" and click on "Relying Party Trusts"

    4) Right click on "External URL" and click on "Update From Federation Metadata".

    Immediately after doing so, I can create user from my portal through CRM web services.

    Though the settings is enabled for updating relying parties automatically this updation is not happening.

    My question is is there any configuration setting which is preventing the updation to happen ? How can I do it automatically immediately after the Organization is enabled ? 


    Wednesday, March 28, 2012 1:55 PM

All replies

  • What we do is update the ADFS relying party trusts via remote powershell after creating the Org and before adding users.
    Thursday, June 27, 2013 1:18 PM