CRM 2013 on premise IFD : 404 error RRS feed

  • Question

  • I have set up IFD.

    When I log in from outside, I get a 404 error. I can place a test.html file in the default web site folder and it is rendered.

    I have org.domain.com set up in my DNS. The only other quirk I can see is that the auth.domain.com entry in the IFD wizard requires me to append :443 to it or it will fail.

    So the issue seems to be the CRM web site not processing the request somehow.

    I can log in through forms authentication and am taken to https://org.domain.com/default.aspx.  Not sure id this is DNS, IIS or Firewall issue.

    How do I go about troubleshooting this?

    Thursday, January 30, 2014 9:12 PM

All replies

  • If you need to append :443 to the end of the URL that begins with https:// then you have some binding issues or OOS issues on the server.  You should not have to do this.  Initial guess is that you may have multiple SSL bindings on this server?

    I would suggest downloading the Fiddler tool and use it to monitor traffic from the workstation when you attempt to log in.  You should see that the workstation first hits CRM, then is redirected to the token server, and then back to CRM once you submit the forms based authentication.

    If you don't see that pattern, then you will know where the break down is and who is not redirecting you.

    You can get fiddler for free at:


    This may be something as simple as not having properly set up the external relying party trust in ADFS or maybe even not updating the URLs in the CRM Deployment manager properly.

    Without more information, it is difficult to know where the problem is isolated to.  But it sounds like there is more than a single issue at play here since it fails unless you append :443 to the url.

    If you do have multiple bindings on the server because you have a one box set up with CRM, SQL and ADFS, you should consider using a single binding and single cert, or break out the servers.  CRM will not support multiple bindings.

    Jason Peterson

    Friday, January 31, 2014 10:19 AM
  • This seems resolved now:

    On the claim rules there is a windows login transform that the documentation says should use the ve no idea why the asterisk at the start of the word makes any difference.

    I did try to use fiddler but could only get as far as a 200 message.  I suspect I had to configure Fiddler for SSL.  I will investigate how I can do that for next time.

    Friday, January 31, 2014 2:13 PM
  • Hello guys, I have exactly this error.

    I have deployment CRM 2013 and separate ADFS server on Win server 2012R2, used wildcard

    cert. But when logging to CRM via IFD/ADFS appears 404 error.

    I use this Blog for setting up IFD on 2013



    How configured CRM Deployment manager:

    1. Set Microsoft Dynamics CRM Server 

    2. Configure CRM server for claims based authentication
    Federation metadata URL: https://adfs.mydomain.com/FederationMetadata/2007-

    Encryption certificate: CN=*.mydomain.com, OU=Domain Control Validated

    3. ADFS Server configured as mentioned on the blog.

    4. Configured CRM server for IFD
    External domain where your Internet-facing servers are located: https://crm.mydomain.com
    Organization Web Service Domain: mydomain.com
    Web Application Server Domain: mydomain.com
    Discovery Web Service Domain: discover.mydomain.com

    5. Configured internal DNS

    6. Configured external DNS

    On ADFS server added records for hosts file:
    IP1    auth.mydomain.com
    IP2    adfs.mydomain.com

    Any ideas how fix?


    Thursday, June 12, 2014 8:45 AM