Dynamics CRM 2013: connection through IFD using the SDK fails with ADFS RRS feed

  • Question

  • public static string[] AuthenticateToCrm(string organization, string username, string password)
                CrmConnection crmConnection = CrmConnection.Parse(String.Format("Url=https://{0}.acom.be:443; Username={1}; Password={2}", organization, username, password));
                UnitOfWorkHelper.CurrentDataStore = new HttpContextDataStore();
                // Get the organization service proxy.
                //_credentials = new ClientCredentials();
                //_credentials.Windows.ClientCredential = new NetworkCredential(username, password);
                using (OrganizationService organizationProxy = new OrganizationService(crmConnection))
                Guid userid = ((WhoAmIResponse)organizationProxy.Execute(new WhoAmIRequest())).UserId;

    The above code fails on the WhoAmIRequest() when accessing our Dynamics CRM 2013 installation using ADFS with an IFD. We can still access our CRM using the website, but when we try to connect using the SDK, it fails, but only when using the IFD. When we are on the internal network, it works just fine. We tried both with an external website on Azure, a clickonce app connecting with a VPN from the outside, and both of these on a local development machine. it works fine when we use the local machine, but when we try to connect from outside, it fails.

    The error we get is:

    [SocketException (0x274c): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond]
       System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) +208
       System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception) +464
    [WebException: Unable to connect to the remote server]
       System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) +6532257
       System.Net.HttpWebRequest.GetRequestStream() +13
       System.ServiceModel.Channels.WebRequestHttpOutput.GetOutputStream() +55
    [EndpointNotFoundException: There was no endpoint listening at http://fed.acom.be/adfs/services/trust/13/username that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.]
       System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +10736583
       System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +336
       Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) +0
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) +41
       Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials) +773
       Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials) +409
       Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateFederationInternal(AuthenticationCredentials authenticationCredentials) +223
       Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials) +150
       Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(ClientCredentials clientCredentials) +79
       Microsoft.Xrm.Sdk.Client.OrganizationServiceConfiguration.Authenticate(ClientCredentials clientCredentials) +10
       Microsoft.Xrm.Client.Services.OrganizationService.CreateUserTokenResponse(CrmConnection connection, IServiceConfiguration`1 config) +507
       Microsoft.Xrm.Client.Services.OrganizationService.GetUserTokenResponse(CrmConnection connection, IServiceConfiguration`1 config) +238
       Microsoft.Xrm.Client.Services.OrganizationService.ToOrganizationServiceProxy(CrmConnection connection) +150
       Microsoft.Xrm.Client.Services.OrganizationService.ToOrganizationService(CrmConnection connection) +10
       Microsoft.Xrm.Client.Services.<>c__DisplayClass2.<.ctor>b__0() +18
       System.Lazy`1.CreateValue() +180
       System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +22
       System.Lazy`1.get_Value() +10896525
       Microsoft.Xrm.Client.Services.InnerOrganizationService.get_Value() +104
       Microsoft.Xrm.Client.Services.OrganizationService.Dispose() +13
       aca.crm2011.sendgrid.CrmConnector.AuthenticateToCrm(String organization, String username, String password) in e:\VS\tfs_cp\Acasa\SendGrid\Main\aca.crm2011.sendgrid\aca.crm2011.sendgrid\Old_App_Code\CrmConnector.cs:44
       aca.crm2011.sendgrid.Account.Login.OnAuthenticate(Object sender, AuthenticateEventArgs e) in e:\VS\tfs_cp\Acasa\SendGrid\Main\aca.crm2011.sendgrid\aca.crm2011.sendgrid\Account\Login.aspx.cs:18
       System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +9856026
       System.Web.UI.WebControls.Login.AttemptLogin() +119
       System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +75
       System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
       System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +114
       System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +252
       System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
       System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
       System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35

    We don't know what causes it. I've checked the mentioned endpoint and that gives a 404 on http and a service unavailable on HTTPS.

    Does anyone have any suggestions on what to do with this?

    Wednesday, July 2, 2014 10:25 AM


  • We already figured out what caused it. our firewall didn't have a rule to allow fed.acom.be through.
    Friday, July 4, 2014 7:19 AM

All replies

  • Hi,

    Did you try removing the explicit port number from the URL? I had an issue during an IFD configuration where giving the explicit port number in internal config caused issues later on.

    Hope it helps.

    Thursday, July 3, 2014 1:03 PM
  • One possible resolution is to enable the username endpoint in ADFS - see http://help.clickdimensions.com/the-authentication-endpoint-username-was-not-found-on-the-configured-secure-token-service-error-when-registering/

    However, if you do this, and use the Outlook client, test the client before and after making the change (and restart the ADFS service between the change), as there are some circumstances (not usre if they apply only to CRM 2011, or also to CRM 2013) where the Outlook client can fail if the username endpoint is enabled.

    Also, what version on ADFS do you have. If you have ADFS 2.1, you may need to fix the mex endpoint. I don't think your error relates to this, but it's worth checking - see http://support.microsoft.com/kb/2828015 . Note that, although the article refers to CRM 2011, I have met this issue on a CRM 2013 server

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Thursday, July 3, 2014 8:38 PM
  • We already figured out what caused it. our firewall didn't have a rule to allow fed.acom.be through.
    Friday, July 4, 2014 7:19 AM