locked
Dynamics CRM 2011 and IFD enablement issues. Please help!!!! RRS feed

  • Question

  • We our stuck with the installation of Microsoft Dynamics CRM 2011 on our server.   Something with the Federation Services / AD FS 2.0 is not communicating or configured properly.
    Both CRM 2011 and the AD FS are installed on the same server.   I have seperate websites for each.   ADFS runs on port 80/443 and the Dynamics CRM runs on port 555 (https)

    Error from the event log is below.

    Log Name:      AD FS 2.0/Admin
    Source:        AD FS 2.0
    Date:          4/14/2012 1:24:32 AM
    Event ID:      184
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          NETWORK SERVICE
    Computer:      ***our server***
    Description:
    A token request was received for a relying party identified by the key 'https://***our server***', but the request could not be fulfilled because the key does not identify any known relying party trust.
    Key: https://***our server***

    This request failed.

    Sunday, April 15, 2012 1:22 AM

All replies

  • the error message suggests that you have not configured a relying party trust for ifd.

    You need to configure one for claims authentication and a different one for IFD, have you done this?


    Musings on Information Technology

    Monday, April 16, 2012 7:53 AM
  • Hi,

    I think you have not configured ADFS properly or there might be issue with Cliam rules.

    Please check the config from the begining. Please follow the claim based deployment guide from the below link,

    http://www.microsoft.com/download/en/details.aspx?id=3621

    If you mention the error or the pre or post steps of this error that might be helpful.

    Regards,


    Khaja Mohiddin
    http://www.dynamicsexchange.com
    http://about.me/KhajaMohiddin

    Monday, April 16, 2012 8:46 AM
  • Thanks.   This is helpful and I think I am making progress.   However, we got a new error.  I am troubleshooting the Claims-based Authentication step (Page 24) of the deployment guide.    http://www.microsoft.com/download/en/details.aspx?id=3621

    When I browse our site (launching from the Deployment Manager by right clicking on our organization and then clicking browse) I get an "Error".  At this point, I can tell some authentication is happening and I am getting bounced around between URLs.   Browser URL ends at '.../adfs/ls/'   with no querystring, etc.

    Error on page - There was a problem accessing the site. Try to browse to the site again.

    If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.

    Looking at the Event Log for ADFS, I see this.  Event ID 364

    Microsoft.IdentityServer.Web.InvalidContextException: MSIS7001: The passive protocol context was not found or not valid. If the context was stored in cookies, the cookies that were presented by the client were not valid. Ensure that the client browser is configured to accept cookies from this website and retry this request. at Microsoft.IdentityServer.Web.EncodedContext..ctor(String encodedValue, Boolean samlEnabled, Boolean wsFederationEnabled) at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.ParseRelyingPartyInfoFromWCtx(String wctx, Boolean deleteCookie, String& contextId) at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetOriginalRequest(FederationPassiveContext federationPassiveContext, Boolean deleteCookie, String& requestId) at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetOriginalRequest(Boolean deleteCookie, String& requestId)

     

    Researching this Event ID 364 has not given me anything.    Looking in my temp internet files directory, I don't see any cookies being set from the site (I see some JS files and an image)...could that be part of the problem.   I have added the site into my trusted sites...but shouldn't have any cookies disabled...so I am confused.

    Tuesday, April 17, 2012 4:36 PM
  • The best way i have found to implement IFD is to run ADFS on the AD server is https mode and keep CRM on port 80/443 on its server.

    I went through similar problems when running everything on one server. 2 server is much easier.


    EmpowerIT (Australia) for all your CRM/SharePoint needs. http://mscrmblog.net
    Microsoft Certified Business Management Solutions Specialist
    Microsoft Certified CRM Developer

    Tuesday, April 17, 2012 11:14 PM
  • Thanks.   This is helpful and I think I am making progress.   However, we got a new error.  I am troubleshooting the Claims-based Authentication step (Page 24) of the deployment guide.    http://www.microsoft.com/download/en/details.aspx?id=3621

    When I browse our site (launching from the Deployment Manager by right clicking on our organization and then clicking browse) I get an "Error".  At this point, I can tell some authentication is happening and I am getting bounced around between URLs.   Browser URL ends at '.../adfs/ls/'   with no querystring, etc.

    Error on page - There was a problem accessing the site. Try to browse to the site again.

    If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.

    Looking at the Event Log for ADFS, I see this.  Event ID 364

    Microsoft.IdentityServer.Web.InvalidContextException: MSIS7001: The passive protocol context was not found or not valid. If the context was stored in cookies, the cookies that were presented by the client were not valid. Ensure that the client browser is configured to accept cookies from this website and retry this request. at Microsoft.IdentityServer.Web.EncodedContext..ctor(String encodedValue, Boolean samlEnabled, Boolean wsFederationEnabled) at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.ParseRelyingPartyInfoFromWCtx(String wctx, Boolean deleteCookie, String& contextId) at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetOriginalRequest(FederationPassiveContext federationPassiveContext, Boolean deleteCookie, String& requestId) at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetOriginalRequest(Boolean deleteCookie, String& requestId)

     

    Researching this Event ID 364 has not given me anything.    Looking in my temp internet files directory, I don't see any cookies being set from the site (I see some JS files and an image)...could that be part of the problem.   I have added the site into my trusted sites...but shouldn't have any cookies disabled...so I am confused.

    IIRC, the white paper is not quite correct, I would suggest following this post instead.

    Musings on Information Technology

    Wednesday, April 18, 2012 9:05 AM