locked
Configure Claims-Based Authentication Wizard Under CRM not reading federation metadata URL RRS feed

  • Question

  • Dear Experts,

    I am unable to deploy IFD for MS Dynamics CRM. During Claim based authentication I get error. 

    The federation metadata URL 'https://xxx.xxxxxxxxx.com/federationmetadata/2007-06/federationmetadata.xml' is not available.

    ADFS is installed fine and I am able to open https://xxx.xxxxxxxxx.com/federationmetadata/2007-06/federationmetadata.xml in google chrome. 

    In IE the filename for some reason gets changed to federationmetadata_xml while downloading and it never downloads the file. When it happens I get this error in Event Viewer under ADFS/admin

    The Federation Service was unable to create the federation metadata document as a result of an error. 
    Document Path: /federationmetadata/2007-06/federationmetadata.xml 

    Additional Data 

    Exception details: 
    System.Net.HttpListenerException: The specified network name is no longer available
       at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataListener.OnGetContext(IAsyncResult result)

    I have used this tutorial to do the installation.

    http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

    I am using Windows Server 2008 R2.

    Please Advise.

    Sunday, October 21, 2012 9:51 AM

All replies

  • I expect the main cause is this line: The specified network name is no longer available

    However, the issue is which name is the code looking for. It may be possible to use either client-side tools like Fiddler to determine what name is being searched for, but I expect the processing is all happening on the server side. I'd re-check that all the DNS names you gave during the installation are correct.

    You could also have a look at the server's DNS cache, using ipconfig /displaydns, to see if there are any names that have not resolved


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Monday, October 22, 2012 6:03 AM
    Moderator
  • Thank You for your response David.

    If problem was with DNS, I wouldn't have been able to browse the url through Chrome or browse the url externally.

    I can browser URL fine externally win another IE. Its just Windows Server 2008 R2 explorer thats not letting me.

    And I guess that is the reason its failing to let me complete Claim-Based Authentication Wizard. 

    Monday, October 22, 2012 7:24 AM
  • As the error in the event log is under ADFS/Admin, then this is thrown by server-side code, rather than IE. This doesn't explain why you get different behaviour with different browsers or clients, but I don't think that the name you browse to in IE is the name that is not resolving


    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Monday, October 22, 2012 1:01 PM
    Moderator
  • That would be my guess as well that Name is resolving fine. I was just thinking how would the claim-based wizard be verifying the link for Claim-Based Wizard , through IE or directly. Because if it was directly it would have read the settings. Since it has something to do with IE that is why is not opening that link.

    This is what happens in IE. When I browse the /federationmetadata.xml url. It shows me a certificate warning to proceed( Since its a self-signed certificate) . I proceed. It tried to download a file and file name is changed for some reason that original to federationmetadata_xml 

    I believe its the file name thats not letting IE open xml file. But what I am failing to understand is why it is changing the file name when IE makes the request internally. This doesn't happen externally and chrome.

    Monday, October 22, 2012 1:31 PM
  • 1st of all you should not get any cert error in the browser...

    as you said you are getting one warning, just add it to the trusted site and also to the intranet site in your browser and then do iisrest and try...

    i hope this should work in 1st try..


    yes.sudhanshu

    http://bproud2banindian.blogspot.com
    http://ms-crm-2011-beta.blogspot.com

    Tuesday, October 23, 2012 2:02 AM
  • Thank you for your advice Sudhanshu.

    I tried exporting the certificate to Trusted Root Certificates. It didnt work.

    This is the warning I get

    There is a problem with this website's security certificate. 
     
       
     The security certificate presented by this website was issued for a different website's address.

    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
      We recommend that you close this webpage and do not continue to this website.  
      Click here to close this webpage.  
      Continue to this website (not recommended).  

    The error is suppose to be fine since its a Wildcard certificate and its a self signed certificate.

    What has made me stuck is , Why does IE changes the name of the file from .xml to _xml

    Tuesday, October 23, 2012 7:44 AM
  • Hi,

    I was having a very similar issue.

    Could get the federationmetadata.xml  information using Google chrome but was getting blank pages or no page found errors (& we use an internal windows AD Cert Authority so certs are trusted). I found that IE had compatibility mode turned on. As soon as I turned it off, I could access the federationmetadata.xml and see the information.

    Hope my head banging helps!

    Thursday, October 25, 2012 5:02 AM