locked
FederationMetaData not present https://internal.website.co.uk:444/federationmetadata/2007-06/federationmetadata.xml RRS feed

  • Question

  • Good Day,

    I am trying to get a running version of Dynamics CRM 2011.  I am now stuck on Claims Based Authentication.

    With Claims Based Authentication disabled, I am able to navigate to Microsoft Dynamics CRM using the http or https address.  I can access the ADFS federationmetadata at https://adfs.website.co.uk/federationmetadata/2007-06/federationmetadata.xml but I cannot access the internalcrm federationmetadata at https://internal.website.co.uk:444/federationmetadata/2007-06/federationmetadata.xml.  I have scoured the web and tried many things but still no further.

    Dynamics works with claims based authentication disabled but I cannot get it enabled so that it can be accessible on the internal network because the internalcrm federationmetadata does not appear to be present or accessible.

    Where do I start to look for the problem here?  What logs should I be looking at?

    Any help is much appreciated.  Thanks

    KC

    Monday, May 9, 2011 3:04 AM

Answers

  • CeeFar,

    Are you still experiencing this issue?

    I have experienced this issue in the past where CRM federation metada.xml URL will not work. You may either get HTTP 404 ot 503 errors. (any HTTP errors and canno't see the FederationMetadata.xml)

    CAUSE:

    IIS URL Rewrite module is not rewriting the URL correctly. CRM creates rules within the rewrite module, one of these rules is to load the handlers/FederationMetadata.ashx when FederationMetadata/2007-06/FederationMetadata.xml is requested.


    To resolve this you will have to try following steps:
     

    NOTE: first try step 3
    1.
    Check if there are any errors run the following command on the CRM server.

    a. Using command prompt run the following Command:

    NETSH HTTP SHOW URLACL

    b. The above should show us all the reserved namespaces.
    c. If any return with an error as shown below then follow step d:

    Reserved URL : https://+:444/adfs/services/
    Can't lookup sid, Error: 1332
    SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-
    975697593)


    d. Run the similar commands to delete reserved namespaces with errors:
    netsh http delete urlacl url=https://+:444/adfs/services/

    NOTE:
    The URL’s in step d must be changed according to what we receive in step c.

    e. Reset IIS on the CRM server
    f. Configure CLAIMS again using Deployment Manager on CRM 2011
    g. Now try accessing the FederationMetadata.xml url:
    https://crm.domain.com:444/FederationMetadata/2007-06/FederationMetadata.xml

    Hope this helps. :)


    Kaustubh Giri
    Thursday, May 12, 2011 1:31 PM

All replies

  • What error message did you get when you accessed https://internal.website.co.uk:444/federationmetadata/2007-06/federationmetadata.xml?

    Please check the certificate and DNS record for internal.website.co.uk.

    You can also check wheter you are using a proxy server which doesn't bypass this URL.


    Please remember to click “Mark as Answer” on the post that helps you. Jackie Chen, Microsoft Online Community Support
    Tuesday, May 10, 2011 6:12 AM
  • Hi,

    Please check the

    internal DNS entry.

    if you dont have any problem with DNS then check you Deployment Mangaer properties.

    webaddress: internal.domain.com:444

    And everything looks fair then install the Fiddler tool and check for the errors.

     

    regards,


    Khaja Mohiddin
    Tuesday, May 10, 2011 5:21 PM
  • CeeFar,

    Are you still experiencing this issue?

    I have experienced this issue in the past where CRM federation metada.xml URL will not work. You may either get HTTP 404 ot 503 errors. (any HTTP errors and canno't see the FederationMetadata.xml)

    CAUSE:

    IIS URL Rewrite module is not rewriting the URL correctly. CRM creates rules within the rewrite module, one of these rules is to load the handlers/FederationMetadata.ashx when FederationMetadata/2007-06/FederationMetadata.xml is requested.


    To resolve this you will have to try following steps:
     

    NOTE: first try step 3
    1.
    Check if there are any errors run the following command on the CRM server.

    a. Using command prompt run the following Command:

    NETSH HTTP SHOW URLACL

    b. The above should show us all the reserved namespaces.
    c. If any return with an error as shown below then follow step d:

    Reserved URL : https://+:444/adfs/services/
    Can't lookup sid, Error: 1332
    SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-
    975697593)


    d. Run the similar commands to delete reserved namespaces with errors:
    netsh http delete urlacl url=https://+:444/adfs/services/

    NOTE:
    The URL’s in step d must be changed according to what we receive in step c.

    e. Reset IIS on the CRM server
    f. Configure CLAIMS again using Deployment Manager on CRM 2011
    g. Now try accessing the FederationMetadata.xml url:
    https://crm.domain.com:444/FederationMetadata/2007-06/FederationMetadata.xml

    Hope this helps. :)


    Kaustubh Giri
    Thursday, May 12, 2011 1:31 PM
  • Hi,

    I been experiencing this problem for a while now so you can imagine my excitement when I found this page.  However the excitement was short lived because when I ran the command

    NETSH HTTP SHOW URLACL, I got no reserved URLs listed in other words  I got an empty list.  Please advise

    Thursday, December 4, 2014 9:05 AM