locked
Authentication issue with CRM 2011 IFD deployment RRS feed

  • General discussion

  • Hi there,

    We have a CRM 2011 deployment that functioned well for several months but has now started to refuse access to all users.

    When a user attempts to access the CRM site they are presented with a login for the ADFS.domainname.com then three further logins for crm.domainname.com before receiving a 401.1 access denied error. 

    All user accounts are current and the correct password is being used. 

    We are seeing Warning Events from ASP.Net 4.0.30319.0 Event ID 1309 Web Event

    Event code: 3005 
    Event message: An unhandled exception has occurred. 
    Event time: 17/09/2012 10:48:37 
    Event time (UTC): 17/09/2012 09:48:37 
    Event ID: 540b83343e754d93a131b5e1e58c83dc 
    Event sequence: 383 
    Event occurrence: 88 
    Event detail code: 0 
     
    Application information: 
        Application domain: /LM/W3SVC/2/ROOT-1-129923210121226194 
        Trust level: Full 
        Application Virtual Path: / 
        Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\ 
        Machine name: CBSCRM2011 
     
    Process information: 
        Process ID: 5980 
        Process name: w3wp.exe 
        Account name: NT AUTHORITY\NETWORK SERVICE 
     
    Exception information: 
        Exception type: SecurityTokenException 
        Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
       at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
       at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
       at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
       at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
       at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

     
     
    Request information: 
        Request URL: https://internalcrm.domainname.com:444/CBS/default.aspx 
        Request path: /CBS/default.aspx 
        User host address: 192.168.2.250 
        User:  
        Is authenticated: False 
        Authentication Type:  
        Thread account name: NT AUTHORITY\NETWORK SERVICE 
     
    Thread information: 
        Thread ID: 19 
        Thread account name: NT AUTHORITY\NETWORK SERVICE 
        Is impersonating: True 
        Stack trace:    at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
       at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
       at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
       at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
       at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
       at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Can some one assist?

    Monday, September 17, 2012 9:55 AM

All replies