locked
CRM 2011 IFD login problem in ADFS server , old users are working, newly created users are not able to login RRS feed

  • Question

  • Hi

    I am using adfs server for our CRM 2011 IFD, it is working all user , it is not working newly created user getting reference number error

    i have checked https://adfs.domain.com/adfs/ls/IdpInitiatedSignOn.aspx this url, new users are not able login

    please let us know how to use the below url, both are not working for us

    http//adfs.domain.com servername(network service) (server name means adfs server or crm server, what about the netwrok service)

    http//adfs.domain.com servername domain\user(if the crm is identity is a user)

    Regards

    Boobalan

    Note : before configuring IFD users are able to login after configured IFD but newly created users are not able to login getting with reference error with reference code

    Thursday, July 26, 2012 7:12 AM

All replies

  • Hi Boobalan,

    Please check newly created user are in same domain or not.... If CRM old users which u have migrated are in Domain A then new users also should be in Domain A.

    Please check below link for more details-

    http://www.edunnewijk.nl/fatshark/index.php?/archives/419-CRM-2011-IFD-ADFS-multi-tenant-404-not-found-after-login.html

    Hope this helps you.

    Thanks,

    Mundra

    If you find this post useful please vote it up!

    Friday, July 27, 2012 3:18 AM
  • Thanks for your replay Mundra

    My Active Domain and ADFS are running in the same system , crm 2011 is different system, new users i am able to added in the CRM 2011

    before configure the IFD and ADFS servers available users are able to login in the crm 2001 IFD

    after configure the IFD created new users not able to login getting adfs server login fails with reference number error

    checked with  url https://adfs.domain.com/adfs/ls/IdpInitiatedSignOn.aspx,

    old users are able to login new users are not able to login

    shall i need do anything in the adfs server

    Friday, July 27, 2012 9:49 AM
  • Hello

    we found the following error in adfs admin event log only for new users old users are working fine

    Encountered error during federation passive request.

    Additional Data
    Error 1 event id 364
    Exception details:
    Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException: MSIS3127: The specified request failed.
       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)
       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
       --- End of inner exception stack trace ---
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

    System.ServiceModel.FaultException: MSIS3127: The specified request failed.
       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)
       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
    ---

    Error 2 Event ID 111

    The Federation Service encountered an error while processing the WS-Trust request.
    Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

    Additional Data
    Exception details:
    System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
       at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
       at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
       at System.Security.Principal.WindowsIdentity.GetName()
       at System.Security.Principal.WindowsIdentity.get_Name()
       at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.InitializeName()
       at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.InitializeClaims()
       at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.get_Claims()
       at Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)
       at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
       at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
       at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
       at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext serializationContext, AsyncCallback asyncCallback, Object asyncState)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String trustNamespace, AsyncCallback callback, Object state)

    Saturday, July 28, 2012 7:48 AM
  • We have the same issue now. It would be great if you could share any information about your resolution. 

    Thanks,

    Harry

    Wednesday, May 1, 2013 1:42 PM