Verify ADFS is working - federationmetadata/2007-06/federationmetadata.xml RRS feed

  • Question

  • Hi,

    I have just finished installing CRM and now I wish to install ADFS to configure external access. I ran the AD FS 2.0 Federation Server Configuration Wizard and created a new Federation Service name (sts1.domain.com) and all the checks passed ok.

    I am trying to verify AD FS by going to the following link -


    However, when I go to this link I get the following message -

    "Internet Explorer cannot display the webpage"

    The DNS is correctly setup for all subdomains and the bindings look ok in IIS.

    Is there anyway I can diagnose this problem?

    Please help!

    Wednesday, May 23, 2012 4:06 PM

All replies

  • I have also tried turning compatibility view on but this wasn't the issue.

    Wednesday, May 23, 2012 4:15 PM
  • This is the page that is being displayed -

    Thursday, May 24, 2012 9:26 AM
  • Hi Green,

    You need to check few things to resolve this issue,

    1. Certificate is deployed in website for https binding

    2. Check the port no (Did you installed ADFS on 443 or 444 port)?

    3. DNS entries

    4. If nothing is working check your certificate whether its valid or not?

    5. If everything is fine then reinstall the ADFS 2.0

    6. If still you have the issue then check this link,



    Khaja Mohiddin

    • Proposed as answer by Khaja Mohiddin Tuesday, August 21, 2012 4:45 PM
    Thursday, May 24, 2012 10:07 AM
  • Hi Khaja, thanks for the response.

    1. On the default website I have created the https binding to 443

    2. ADFS was installed on 443 (the internal 'Microsoft Dynamics CRM' entry is on 5555 and 444)

    3. I have created a wildcard DNS entry for all subdomains off the main domain is to go to the allocated IP address

    4. The cert is recently purchased and is valid for a year

    5. I have tried reinstalling ADFS

    6. I spotted that link Khaja, but my error is not (see below) - it is 'Internet Explorer cannot display this webpage' so I do not think it is related to URLrewrite module

    HTTP 503 Service Unavailable error.


    HTTP 404 Not Found error

    Do you have any other suggestions?

    Thursday, May 24, 2012 11:34 AM
  • Hi Green,

    Any even logs will be helpful... or Fiddler trace.

    I think you need to check your certificate.

    What is your internal domain name and what is your external domain name?

    If both are same then we dont have any issues, if both are different then you need to create a forward lookup zone in your DNS with your external domain name and you need to create host names in it.


    Khaja Mohiddin

    Thursday, May 24, 2012 12:08 PM
  • Hi Khaja,

    It is strange because I can access the ADFS metadata link from my machine (on a different network). However, when I try and access it from the CRM server I get the above message.

    Therefore the cert is ok...


    Thursday, May 24, 2012 2:40 PM
  • Hi Green,

    Clear the browser cache and temporary data in server IE and try again.


    Khaja Mohiddin

    Thursday, May 24, 2012 3:02 PM
  • As a last-ditch effort for troubleshooting SSL issues, I have had the most luck with writing quick command-line .NET programs that just create a new webrequest pointing to the SSL page/endpoint, and then turn on System.Net.Tracing to see the underlying detail that is happening with the connection. Fiddler sometimes has what I like to call a 'Heisenberg effect' on SSL traffic and isn't always reliable.

    I found this approach particularly helpful when dealing with 2-way TLS (to verify the client AND server certificate traffic and find any error detail). You have to comb through a big trace log, but it almost always helps if you cannot solve the problem any other way.

    MSDN appears to be dead right now, so I don't have a link, but search for System.Diagnostic.Trace examples - it's pretty easy to get running and you can just use a 5-line program to test with.

    Thursday, May 24, 2012 3:36 PM