[UR7] IFD error for local Windows session

All Replies

• Tuesday, April 10, 2012 12:23 PM

   

   
  

  0
  did u already deleted the cache in IE?

  ---

  greetz dao

  • Reply
  • Quote

   
• Tuesday, April 10, 2012 12:55 PM

   

   
  

  0

  did u already deleted the cache in IE?

  ---

  greetz dao

  
  Yes, I remove all temporary data from IE.
  • Reply
  • Quote

   
• Tuesday, April 17, 2012 2:45 PM

   

   
  

  0

  Same issue (or similar) here,

  After install of UR7 local logins will simply not work, but external ADFS logins do (both browser and outlook client).

  When I try to open CRM on a local machine (domain joined) I am prompted for a username and password (its in intranet sites and should not ask for this) - I enter credentials and the same box pops right back up, again and again, I cancel and I get the light blue background for CRM with no content.

  • Reply
  • Quote

   
• Wednesday, April 18, 2012 4:02 AM

   

   
  

  0

  Here`s the solution: http://community.dynamics.com/product/crm/f/117/p/76419/140778.aspx

  But in my case turning Kerberos off wasn`t fixing problem, but adding correct SPN does

  • Proposed As Answer by Triangle333 Wednesday, April 18, 2012 4:02 AM
  •  
  • Reply
  • Quote

   
• Thursday, April 19, 2012 3:34 PM

   

   
  

  0

  Hi,

  I don't have the same error message but I try the proposed solutions:

  - setspn to HTTP or HTTPS FQDN

  - set NTAuthenticationProviders to “Negotiate,NTLM” with adsutil.vbs
  

  - change WindowsAuthentication in ApplicationHost.config file

  But nothing changes.

  Sources:
  http://dynam1cscrm.wordpress.com/2011/05/17/dynamics-crm-2011-spn-and-windows-authentication-configuration-for-running-custom-reports/
  http://www.furnemont.eu/2010/09/crm-2011-installation-issues-and-way-to-resolve-it/
  

  • Reply
  • Quote

   
• Friday, April 20, 2012 3:31 AM

   

   
  

  0

  What are exact SPN settings in your case?

  Run setspn -l your_crm_server_name

  And yes, your case can be somewhat different since I didn`t had "The ticket specified for authentication is invalid" messages, so this may indicate that you have some problems with ADFS after all...

  • Reply
  • Quote

   
• Friday, April 20, 2012 6:39 AM

   

   
  

  0

  Same issue (or similar) here,

  After install of UR7 local logins will simply not work, but external ADFS logins do (both browser and outlook client).

  When I try to open CRM on a local machine (domain joined) I am prompted for a username and password (its in intranet sites and should not ask for this) - I enter credentials and the same box pops right back up, again and again, I cancel and I get the light blue background for CRM with no content.

  duddit2 > Do you have the same error message (invalid ticket) in server trace logs?

  
  

  • Edited by dsy73 Friday, April 20, 2012 1:42 PM
  •  
  • Reply
  • Quote

   
• Friday, April 20, 2012 6:51 AM

   

   
  

  0

  I tried this commands:

  setspn –A HTTP/mycrm.mycompany.com:80 mycompany\crmaccount

  setspn –A HTTPS/mycrm.mycompany.com:444 mycompany\crmaccount

  I have an unusual CRM setup: only one URL mycrm.mycompany.com for internal and external access. HTTPS:444 was working for external and internal.

  • Reply
  • Quote

   
• Friday, April 20, 2012 6:57 AM

   

   
  

  0

  I tried this commands:

  setspn –A HTTP/mycrm.mycompany.com:80 mycompany\crmaccount

  setspn –A HTTPS/mycrm.mycompany.com:444 mycompany\crmaccount

  I have an unusual CRM setup: only one URL mycrm.mycompany.com for internal and external access. HTTPS:444 was working for external and internal.

  WRONG!

  You should not enter port number and SPN should be created for a server not user account. No extra record needed for https

  So it should look like this: setspn –A HTTP/mycrm.mycompany.com server_name

  Reset IIS afterwards

  • Reply
  • Quote

   
• Friday, April 20, 2012 1:41 PM

   

   
  

  0

  ok I try setspn –A HTTP/mycrm.mycompany.com server_name and I execute iisreset. Always the same error code: 0x8004A102 (-2147180286)
  

  
  
  
  

  • Reply
  • Quote

   
• Wednesday, April 25, 2012 8:50 AM

   

   
  

  0

  Same issue (or similar) here,

  After install of UR7 local logins will simply not work, but external ADFS logins do (both browser and outlook client).

  When I try to open CRM on a local machine (domain joined) I am prompted for a username and password (its in intranet sites and should not ask for this) - I enter credentials and the same box pops right back up, again and again, I cancel and I get the light blue background for CRM with no content.

  I'm having the same problem.

  In my case, it prompt for user name two times, first time to connect to sts1.domain.name, then after inserting the first time it prompts for another one, this time to connect to internalcrm.domain.name. The second one keeps looping until the blue background appears.

  Did you fix the problem?

  • Reply
  • Quote

   
• Wednesday, May 02, 2012 8:59 AM

   

   
  

  0

  I open the support case 112041144286064 (April 11) at Microsoft Europe and I'm waiting, waiting, waiting... I don't know what Microsoft is doing, they don't ask me any question.

  • Reply
  • Quote

   
• Wednesday, May 02, 2012 11:59 AM

   

   
  

  0
  call microsoft supporthotline http://support.microsoft.com/contactus

  ---

  gruss Daniel Ovadia MBSS - Microsoft Dynamics CRM MCNPS

  • Reply
  • Quote

   
• Wednesday, May 23, 2012 4:38 AM

   

   
  

  0

  We face the same issue for UR8 as well.....Any clues???

  http://social.microsoft.com/Forums/en/crm/thread/4f31bb59-44aa-4127-ad1b-d6768a7d1efb

  • Reply
  • Quote

   
• Wednesday, May 23, 2012 7:03 AM

   

   
  

  0

  Hello Saravana,

  My problem is related to Kerberos and IFD. Microsoft is working on a fix.

  But I'm not sure you have the same issue, check the messages in log files:

  >Crm Exception: Message: The ticket specified for authentication is invalid, ErrorCode: -2147180286

  You have more details in my first message.
  

  • Edited by dsy73 Wednesday, May 23, 2012 10:36 AM
  •  
  • Reply
  • Quote

   
• Thursday, July 12, 2012 12:10 PM

   

   
  

  0

  I am having this issue.

  I am looking into a fix.

  Whats happening is; when CRM request global.ashx something in the PostAuth event is send back a 401.

  if you pass your AuthCookies to this request you still get a 401

  (Note, I tested this with fiddler and not with IE)

  What should happen is:

  if you don't pass the cookies you should get a 302 and get sent the ADFS server

  if you do pass the cookies you should get the file.

  Interestingly, if I copy global.ashx to test.ashx and use fiddle todo a HTTP request on this it work perfectly, it gets the file if I pass the cookie or it sends back a 302 if I don't.

  If you are on RU 6 it works fine with global.ashx.

  Also... lets remember that the ADFS server is doing the auth so if that's working then its not a SPN / Kerb / IIS security issue on the CRM server as the AUTH is federated and the presence of the cookie is the key. But... saying this if your home realm is the same domain as what you log into windows as then good old IIS / Windows auth will kick in and it will work. But if you have no domain trust and you are not in the same domain then the work around is to enter a domain account from the CRM domain when you get this auth box.

  EDIT: I have blogged this at

  http://2e2ba.blogspot.co.uk/2012/07/crm-2011-adfs-ifd-401-globalashx.html

  Thanks

  
  Steve

  • Proposed As Answer by Steve.Drake Thursday, July 26, 2012 12:58 PM
  •  
  • Reply
  • Quote

   
• Friday, July 13, 2012 3:43 PM

   

   
  

  0

  http://2e2ba.blogspot.co.uk/2012/07/crm-2011-adfs-ifd-401-globalashx.html

  Thanks

  
  Steve

  
  Thank you Steve, it is very interesting. I will do the test on my server and I hope to mark your post as the Anwser ;)
  • Reply
  • Quote