Sign in

Microsoft.com

Microsoft

Remove From My Forums

CRM 2013 on premise IFD : 404 error

Question
0

Sign in to vote
I have set up IFD.

When I log in from outside, I get a 404 error. I can place a test.html file in the default web site folder and it is rendered.

I have org.domain.com set up in my DNS. The only other quirk I can see is that the auth.domain.com entry in the IFD wizard requires me to append :443 to it or it will fail.

So the issue seems to be the CRM web site not processing the request somehow.

I can log in through forms authentication and am taken to https://org.domain.com/default.aspx. Not sure id this is DNS, IIS or Firewall issue.

How do I go about troubleshooting this?
- Edited by Gordon Johnston Friday, January 31, 2014 9:43 AM
Thursday, January 30, 2014 9:12 PM

All replies

0

Sign in to vote

If you need to append :443 to the end of the URL that begins with https:// then you have some binding issues or OOS issues on the server. You should not have to do this. Initial guess is that you may have multiple SSL bindings on this server?

I would suggest downloading the Fiddler tool and use it to monitor traffic from the workstation when you attempt to log in. You should see that the workstation first hits CRM, then is redirected to the token server, and then back to CRM once you submit the forms based authentication.

If you don't see that pattern, then you will know where the break down is and who is not redirecting you.

You can get fiddler for free at:

http://www.telerik.com/fiddler

This may be something as simple as not having properly set up the external relying party trust in ADFS or maybe even not updating the URLs in the CRM Deployment manager properly.

Without more information, it is difficult to know where the problem is isolated to. But it sounds like there is more than a single issue at play here since it fails unless you append :443 to the url.

If you do have multiple bindings on the server because you have a one box set up with CRM, SQL and ADFS, you should consider using a single binding and single cert, or break out the servers. CRM will not support multiple bindings.

Jason Peterson

Friday, January 31, 2014 10:19 AM
0

Sign in to vote

This seems resolved now:

On the claim rules there is a windows login transform that the documentation says should use the ve no idea why the asterisk at the start of the word makes any difference.

I did try to use fiddler but could only get as far as a 200 message. I suspect I had to configure Fiddler for SSL. I will investigate how I can do that for next time.

Friday, January 31, 2014 2:13 PM
0

Sign in to vote

Hello guys, I have exactly this error.

I have deployment CRM 2013 and separate ADFS server on Win server 2012R2, used wildcard

cert. But when logging to CRM via IFD/ADFS appears 404 error.

I use this Blog for setting up IFD on 2013

(Http://blogs.msdn.com/b/niran_belliappa/archive/2014/01/16/step-by-step-configuring-crm-

2013-internet-facing-deployment-ifd.aspx)

How configured CRM Deployment manager:

1. Set Microsoft Dynamics CRM Server

2. Configure CRM server for claims based authentication
Federation metadata URL: https://adfs.mydomain.com/FederationMetadata/2007-

06/federationmetadata.xml
Encryption certificate: CN=*.mydomain.com, OU=Domain Control Validated

3. ADFS Server configured as mentioned on the blog.

4. Configured CRM server for IFD
External domain where your Internet-facing servers are located: https://crm.mydomain.com
Organization Web Service Domain: mydomain.com
Web Application Server Domain: mydomain.com
Discovery Web Service Domain: discover.mydomain.com

5. Configured internal DNS
AUTH-CNAME-CRM_SERVER
DISCOVER-CNAME-CRM_SERVER
CRM-CNAME-CRM_SERVER
ADFS-CNAME-ADFS_SERVER

6. Configured external DNS
auth.mydomain.com-------ip1
crm.mydomain.com--------ip1
discover.mydomain.com---ip1
adfs.mydomain.com-------Ip2

On ADFS server added records for hosts file:
IP1 auth.mydomain.com
IP2 adfs.mydomain.com

Any ideas how fix?

Thanks.

Thursday, June 12, 2014 8:45 AM