locked
AD FS error RRS feed

  • Question

  • We've launched an internal 2016 Dynamics server. We decided we wanted to use the Outlook client along with it, which requires an IFD. To do so, we've setup AD FS, but now when we log onto our CRM server, we get "An error occurred. Contact your administrator for more information." Error details 

    • Activity ID: 00000000-0000-0000-1000-0080000000c9
    • Error time: Wed, 05 Oct 2016 21:31:30 GMT
    • Cookie: enabled
    • User agent string: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

    Any help is greatly appreciated. 

    Wednesday, October 5, 2016 9:32 PM

All replies

  • Hi ESpade,

    Can you check the event viewer logs in the ADFS server for any errors.

    That should give you some details. If you can post the error here, we might be able to help.

    Also check this link https://www.interactivewebs.com/blog/index.php/general-tips/crm-2013-ifd-an-error-occurred-an-error-occurred-contact-your-administrator-for-more-information/

    Thanks,

    Prasad

    Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question.

    Thursday, October 6, 2016 2:23 AM
  • I have tried that link as well, but this is the error that is in the logs.

    Log Name:      AD FS/Admin
    Source:        AD FS
    Date:          10/5/2016 5:27:55 PM
    Event ID:      364
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:         
    Computer:      xxxx.xxxx.com
    Description:
    Encountered error during federation passive request. 

    Additional Data 

    Protocol Name: 
    wsfed 

    Relying Party: 
    https://xxxxx.xxxxx.com/ 

    Exception details: 
    Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://xxxxx.xxxxx.com/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
       at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
       at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)


    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
        <EventID>364</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2016-10-05T21:27:55.633486200Z" />
        <EventRecordID>70</EventRecordID>
        <Correlation ActivityID="{00000000-0000-0000-1200-0080020000FF}" />
        <Execution ProcessID="3160" ThreadID="3276" />
        <Channel>AD FS/Admin</Channel>
        <Computer>xxxx.xxxxxx.com</Computer>
        <Security UserID="S-1-5-21-1710409748-3813429934-3372698822-1128" />
      </System>
      <UserData>
        <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>wsfed</Data>
            <Data>https://xxxx.xxxxx.com/</Data>
            <Data>Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://xxxxx.xxxxx.com/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
       at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
       at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

    </Data>
          </EventData>
        </Event>
      </UserData>
    </Event>

    Thursday, October 6, 2016 1:58 PM
  • Hi,

    The error "The requested relying party trust 'https://xxxxx.xxxxx.com/' is unspecified or unsupported", basically tells that it is not able to find the specified relying party in the ADFS end.

    Go to the list of configured relying parties in your ADFS server --> Open the relying party for CRM --> Right Click Properties --> and check the identifier tab for the URL.

    And see if it matches 'https://xxxxx.xxxxx.com/.

    Thanks,

    Prasad

    Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question.

    Thursday, October 6, 2016 3:08 PM
  • That URL under the identifier tab, should match the Dynamics server, or the AD FS server URL?
    Thursday, October 6, 2016 8:00 PM
  • I changed that URL, and I still receive the same error as before.
    Thursday, October 6, 2016 11:50 PM