Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
ADFS Issue RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I have turned off firewall for testing and just installed ADFS 2.0.  During config set up it picked up the wildcard certificate on port 443 as set up in IIS and  I changed the *.ourdomain.com to sts.ourdomain.com.  The DNS is set up as I can ping sts.ourdomain.com both internally and externally and it returns the IP of the server.  When I attempt to view the https://sts.ourdomain.com/federationmetadata/2007-06/federationmetadata.xml is just loads for a while and then cannot display.  Any idea why this may be?  I notice that in IIS the path of the default website is still 'C:\inetpub\wwwroot' - is this anything to do with it? 

    Any help appreciated, thanks.

    Thursday, December 6, 2012 12:50 PM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    If you are just seeing a blank screen when trying to verify federationmetadata.xml and are using IE, try turning on compatibility mode. 

    Unable to load Federation Metadata URL in CRM 2011 IFD Setup

    With ADFS installed, the path on the default website will still show up as 'C:\inetpub\wwwroot', ADFS creates and uses a virtual directory. 

    Jason Lattimer
    My Blog -  Follow me on Twitter -  LinkedIn

    Thursday, December 6, 2012 2:16 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    No luck, I get the error message "Internet Explorer cannot display the webpage".
    Thursday, December 6, 2012 3:54 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Any certificate errors?

    From IE if you hit F12 and get the developer tools

    Go to the Network tab

    Start Capturing

    Try the URL again

    See if that gives any additional information

    Jason Lattimer
    My Blog -  Follow me on Twitter -  LinkedIn

    Thursday, December 6, 2012 4:12 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Nope, just blank for a while and then cannot display the page.

    Tried what you suggested and got the following for a while:

    Followed by:

    Any further ideas?

    Thursday, December 6, 2012 5:04 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    OK hopefully this is it.

    When you ping the address from inside your network, does it resolve to the same address as if you pinged it from outside your network? If so, try creating an internal DNS record to point to the internal IP address of the server. 

    The result of a ping inside your network (where I am assuming you are testing from) results in an internal address and a ping from outside your network results in the public IP address of the server. 

    Jason Lattimer
    My Blog -  Follow me on Twitter -  LinkedIn

    Thursday, December 6, 2012 6:22 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Ah, yes, pinging from inside and outside returns the public IP address so I'll try that now!  Will let you know if it works, thanks for your help.

    Friday, December 7, 2012 9:27 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    When I go into DNS there are no records due to the domain being hosted by our ISP.  Where do I create the new record?  Just tried a couple of things but pinging still returned the public IP so I must be doing something wrong!  Thanks again.

    Friday, December 7, 2012 10:05 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Ok, I've deleted the DNS records that I created as I couldn't get it to work.  When I get the "Internet explorer cannot display the page" message and click on the diagnose problems button I get: "resource (sts.ourdomain.com) is online but isn't responding to connection attempts."  Not sure if that's any help!
    Friday, December 7, 2012 10:54 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Maybe this link will help:

    http://msdn.microsoft.com/en-us/library/gg188591.aspx

    Also make sure any external firewalls are allowing traffic in on the required ports for the CRM and/or ADFS servers.

    Jason Lattimer
    My Blog -  Follow me on Twitter -  LinkedIn

    • Marked as answer by RoarCRM Monday, March 11, 2013 3:02 PM
    Friday, December 7, 2012 12:36 PM
    Moderator