Remove From My Forums

CRM 2011 IFD - ADFS Error

Question
0

Sign in to vote
We are currently trying to demo CRM 2011 as an internet facing deployment, using AD FS 2.0. I have tried to configure claims-based authentication, but now when I browse to the internal deployment I get an error screen when I input my user credentials

The AD FS 2.0 application event viewer is logging these two events everytime I submit a logon request -

Event description -

EVENT 364

Encountered error during federation passive request.

Additional Data

Exception details:

Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException: MSIS3127: The specified request failed.

   at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)

   at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

   --- End of inner exception stack trace ---

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

System.ServiceModel.FaultException: MSIS3127: The specified request failed.

   at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)

   at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)

   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

EVENT 111

The Federation Service encountered an error while processing the WS-Trust request.

Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue

Additional Data

Exception details:

System.ArgumentException: ID4216: The ClaimType 'Name' must be of format 'namespace'/'name'.

Parameter name: claimType

   at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult.End(IAsyncResult ar)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.EndProcessCore(IAsyncResult ar, String requestAction, String responseAction, String trustNamespace)

Any help regarding this would be very much appreciated.

Regards
- Edited by green1867 Wednesday, February 29, 2012 2:48 PM
Wednesday, February 29, 2012 2:10 PM

Answers

1

Sign in to vote
Hi Green,

Please recheck the claim rules for your internal and external URL's.

http://social.msdn.microsoft.com/Forums/en-US/crmdeployment/thread/1586fcd9-4d02-42e2-87fc-824712365a56

Regards,
Khaja Mohiddin
http://www.dynamicsexchange.com
http://about.me/KhajaMohiddin
- Marked as answer by green1867 Wednesday, March 7, 2012 1:07 PM
Monday, March 5, 2012 2:32 PM

All replies

1

Sign in to vote

Hi,

Did you add the Relying party trust in ADFS?

Regards,
Khaja Mohiddin http://www.dynamicsexchange.com/ http://about.me/KhajaMohiddin

Wednesday, February 29, 2012 2:15 PM
0

Sign in to vote

Hi Khaja,

Many thanks for the response. Yes I have enabled this.

Do you have any other suggestions?

Kindest regards

Wednesday, February 29, 2012 2:32 PM
0

Sign in to vote

I've been experiencing the exact same problems Green1867!

CRM can be a difficult beast to tame and there seems to be a lack of community support on it. Very frustrating...

Much help on this matter would be absolutely appreciated.

Wednesday, February 29, 2012 3:46 PM
1

Sign in to vote

Are you able to access the "https://internalcrm.domain.com/federationmetadata/3007-06/federationmetadata.xml" without any issues?
Khaja Mohiddin http://www.dynamicsexchange.com/ http://about.me/KhajaMohiddin

Wednesday, February 29, 2012 4:10 PM
0

Sign in to vote

Hi Khaja, I was able to verify this fine.

https://internalcrm.********.com/federationmetadata/2007-06/federationmetadata.xml

Wednesday, February 29, 2012 4:35 PM
0

Sign in to vote

Green1867 - has a resolution for this issue been satisfied?

Monday, March 5, 2012 2:06 PM
1

Sign in to vote
Hi Green,

Please recheck the claim rules for your internal and external URL's.

http://social.msdn.microsoft.com/Forums/en-US/crmdeployment/thread/1586fcd9-4d02-42e2-87fc-824712365a56

Regards,
Khaja Mohiddin
http://www.dynamicsexchange.com
http://about.me/KhajaMohiddin
- Marked as answer by green1867 Wednesday, March 7, 2012 1:07 PM
Monday, March 5, 2012 2:32 PM
0

Sign in to vote

Thanks Khaja - I was able to recheck the claim rules and resolve the issue

Wednesday, March 7, 2012 1:08 PM

Answered by:

CRM 2011 IFD - ADFS Error

Question

Answers

All replies