Hello,
I have setup the following :
CRM (Hosted Domain)
ADFS (Hosted Domain)
ADFS (Client Domain)
Client PC (Client Domain)
For ease, the hosted domain is a sub domain of the client. Only in DNS no Domain trusts etc.
I have followed the ADFS guide the only change I had to make was changing Name to * Name in a rule
Due to the fact I have more than one ADFS I can the home realm drop down when I hit CRM the first time (I can code around this... so happy)
All works fine from IE
But.. when I connect with the outlook I get the following error
Note, I have setup the home relam setting in the registry.
>Kerberos Auth failed: System.NotSupportedException: The authentication endpoint AsymmetricToken was not found on the configured Secure Token Service!
Other have talked about using alias and not setting holm realm but I suspect that solution worked as it 'broke' ADFS and it failed back to non ADFS.
When fiddle I see (I turn of extended protection in IIS to allow fiddling)
3 |
200 |
HTTPS |
dsladfs.testdomain.local |
/adfs/services/trust/mex |
4 |
200 |
HTTP |
Tunnel to |
crm.hosted.testdomain.local:444 |
5 |
200 |
HTTPS |
crm.hosted.testdomain.local:444 |
/tesdt/XRMServices/2011/Discovery.svc?wsdl |
6 |
200 |
HTTPS |
crm.hosted.testdomain.local:444 |
/test/XRMServices/2011/Discovery.svc?wsdl=wsdl1 |
7 |
200 |
HTTPS |
crm.hosted.testdomain.local:444 |
/test/XRMServices/2011/Discovery.svc?wsdl=wsdl0 |
8 |
302 |
HTTPS |
crm.hosted.testdomain.local:444 |
/adfs/services/trust/mex |
9 |
200 |
HTTP |
Tunnel to |
crm.hosted.testdomain.local:443 |
10 |
200 |
HTTPS |
crm.hosted.testdomain.local |
/adfs/ls/?..... |
11 |
302 |
HTTPS |
crm.hosted.testdomain.local:444 |
/adfs/services… |
12 |
200 |
HTTPS |
crm.hosted.testdomain.local |
/adfs/ls/?..... |
13 |
302 |
HTTPS |
crm.hosted.testdomain.local:444 |
/adfs/services/trust/mex |
14 |
200 |
HTTPS |
crm.hosted.testdomain.local |
/adfs/ls/?..... |
15 |
200 |
HTTP |
Tunnel to |
|
16 |
200 |
HTTPS |
clientadfs.testdomain.local |
/adfs/services/trust/mex |
17 |
200 |
HTTPS |
clientadfs.testdomain.local |
/adfs/services/trust/mex?xsd=xsd2 |
18 |
200 |
HTTPS |
clientadfs.testdomain.local |
/adfs/services/trust/mex?xsd=xsd1 |
19 |
200 |
HTTPS |
clientadfs.testdomain.local |
/adfs/services/trust/mex?xsd=xsd0 |
20 |
200 |
HTTP |
clientadfs.testdomain.local |
/adfs/services/trust/13/username |
Note, all 200 the response for the last one looks fine. I have checked the I have endpoint /adfs/services/trust/13/username on and allowing proxy.
Many thanks
Steve