• Question

  • Hello,

    I have setup the following :

    CRM (Hosted Domain)
    ADFS (Hosted Domain)
    ADFS (Client Domain)
    Client PC (Client Domain)

    For ease, the hosted domain is a sub domain of the client. Only in DNS no Domain trusts etc.

    I have followed the ADFS guide the only change I had to make was changing Name to * Name in a rule

    Due to the fact I have more than one ADFS I can the home realm drop down when I hit CRM the first time (I can code around this... so happy)

    All works fine from IE

    But.. when I connect with the outlook I get the following error

    Note, I have setup the home relam setting in the registry.

    >Kerberos Auth failed: System.NotSupportedException: The authentication endpoint AsymmetricToken was not found on the configured Secure Token Service!

    Other have talked about using alias and not setting holm realm but I suspect that solution worked as it 'broke' ADFS and it failed back to non ADFS.

    When fiddle I see  (I turn of extended protection in IIS to allow fiddling)

    3 200 HTTPS dsladfs.testdomain.local /adfs/services/trust/mex
    4 200 HTTP Tunnel to crm.hosted.testdomain.local:444
    5 200 HTTPS crm.hosted.testdomain.local:444 /tesdt/XRMServices/2011/Discovery.svc?wsdl
    6 200 HTTPS crm.hosted.testdomain.local:444 /test/XRMServices/2011/Discovery.svc?wsdl=wsdl1
    7 200 HTTPS crm.hosted.testdomain.local:444 /test/XRMServices/2011/Discovery.svc?wsdl=wsdl0
    8 302 HTTPS crm.hosted.testdomain.local:444 /adfs/services/trust/mex
    9 200 HTTP Tunnel to crm.hosted.testdomain.local:443
    10 200 HTTPS crm.hosted.testdomain.local /adfs/ls/?.....
    11 302 HTTPS crm.hosted.testdomain.local:444 /adfs/services…
    12 200 HTTPS crm.hosted.testdomain.local /adfs/ls/?.....
    13 302 HTTPS crm.hosted.testdomain.local:444 /adfs/services/trust/mex
    14 200 HTTPS crm.hosted.testdomain.local /adfs/ls/?.....
    15 200 HTTP Tunnel to
    16 200 HTTPS clientadfs.testdomain.local /adfs/services/trust/mex
    17 200 HTTPS clientadfs.testdomain.local /adfs/services/trust/mex?xsd=xsd2
    18 200 HTTPS clientadfs.testdomain.local /adfs/services/trust/mex?xsd=xsd1
    19 200 HTTPS clientadfs.testdomain.local /adfs/services/trust/mex?xsd=xsd0
    20 200 HTTP clientadfs.testdomain.local /adfs/services/trust/13/username

    Note, all 200 the response for the last one looks fine. I have checked the I have endpoint /adfs/services/trust/13/username on and allowing proxy.

    Many thanks


    Monday, April 16, 2012 4:43 PM

All replies

  • check this: http://gotchahunter.net/2012/01/adfs-dynamics-and-ifd/

    EmpowerIT (Australia) for all your CRM/SharePoint needs. http://mscrmblog.net
    Microsoft Certified Business Management Solutions Specialist
    Microsoft Certified CRM Developer

    Tuesday, April 17, 2012 11:16 PM
  • Thanks for that, but it did not help :(

    but.. I have got it working...

    to make things easier in my test lab I had my hosted domain a sub domain (in DNS terms) of our main dom.

    I rebuilt it not as a sub domain and now it works fine.

    Also.. if you use fiddler to monitor communication to the kerb endpoint then due to WCF using extended protection it does not work. 

    In my setup I have two ADFS servers so I need to support a home realm, I have also proved that connection from C# code works.




    Wednesday, April 18, 2012 5:45 PM