Verify ADFS is working - federationmetadata/2007-06/federationmetadata.xml

All replies

• 

  

  0

  Sign in to vote

  I have also tried turning compatibility view on but this wasn't the issue.

  Wednesday, May 23, 2012 4:15 PM
• 

  

  0

  Sign in to vote

  This is the page that is being displayed -

  

  Thursday, May 24, 2012 9:26 AM
• 

  

  0

  Sign in to vote

  Hi Green,

  You need to check few things to resolve this issue,

  1. Certificate is deployed in website for https binding

  2. Check the port no (Did you installed ADFS on 443 or 444 port)?

  3. DNS entries

  4. If nothing is working check your certificate whether its valid or not?

  5. If everything is fine then reinstall the ADFS 2.0

  6. If still you have the issue then check this link,

  http://blogs.msdn.com/b/emeadcrmsupport/archive/2011/05/13/we-receive-http-errors-while-accessing-the-crm-federationmetadata-url.aspx

  Regards,

  ---

  Khaja Mohiddin
  http://www.dynamicsexchange.com
  http://about.me/KhajaMohiddin

  • Proposed as answer by Khaja Mohiddin Tuesday, August 21, 2012 4:45 PM

  Thursday, May 24, 2012 10:07 AM
• 

  

  0

  Sign in to vote

  Hi Khaja, thanks for the response.

  1. On the default website I have created the https binding to 443

  2. ADFS was installed on 443 (the internal 'Microsoft Dynamics CRM' entry is on 5555 and 444)

  3. I have created a wildcard DNS entry for all subdomains off the main domain is to go to the allocated IP address

  4. The cert is recently purchased and is valid for a year

  5. I have tried reinstalling ADFS

  6. I spotted that link Khaja, but my error is not (see below) - it is 'Internet Explorer cannot display this webpage' so I do not think it is related to URLrewrite module

  HTTP 503 Service Unavailable error.

  OR

  HTTP 404 Not Found error

  Do you have any other suggestions?

  Thursday, May 24, 2012 11:34 AM
• 

  

  0

  Sign in to vote

  Hi Green,

  Any even logs will be helpful... or Fiddler trace.

  I think you need to check your certificate.

  What is your internal domain name and what is your external domain name?

  If both are same then we dont have any issues, if both are different then you need to create a forward lookup zone in your DNS with your external domain name and you need to create host names in it.

  Regards,

  ---

  Khaja Mohiddin
  http://www.dynamicsexchange.com
  http://about.me/KhajaMohiddin

  Thursday, May 24, 2012 12:08 PM
• 

  

  0

  Sign in to vote

  Hi Khaja,

  It is strange because I can access the ADFS metadata link from my machine (on a different network). However, when I try and access it from the CRM server I get the above message.

  Therefore the cert is ok...

  Thanks

  Thursday, May 24, 2012 2:40 PM
• 

  

  0

  Sign in to vote

  Hi Green,

  Clear the browser cache and temporary data in server IE and try again.

  Regards,

  ---

  Khaja Mohiddin
  http://www.dynamicsexchange.com
  http://about.me/KhajaMohiddin

  
  

  • Edited by Khaja Mohiddin Thursday, May 24, 2012 3:02 PM

  Thursday, May 24, 2012 3:02 PM
• 

  

  0

  Sign in to vote

  As a last-ditch effort for troubleshooting SSL issues, I have had the most luck with writing quick command-line .NET programs that just create a new webrequest pointing to the SSL page/endpoint, and then turn on System.Net.Tracing to see the underlying detail that is happening with the connection. Fiddler sometimes has what I like to call a 'Heisenberg effect' on SSL traffic and isn't always reliable.

  I found this approach particularly helpful when dealing with 2-way TLS (to verify the client AND server certificate traffic and find any error detail). You have to comb through a big trace log, but it almost always helps if you cannot solve the problem any other way.

  MSDN appears to be dead right now, so I don't have a link, but search for System.Diagnostic.Trace examples - it's pretty easy to get running and you can just use a 5-line program to test with.

  Thursday, May 24, 2012 3:36 PM