404 error after logging to CRM 2013 via IFD/ADFS

All replies

• 

  

  0

  Sign in to vote

  Hi

  Would need more information on your set-up on what you have and have not done, there can be many reasons why you get a 404.

  I found this Blog very helpful when setting up IFD on 2013. Go through each step carefully and make sure you haven't missed something.

  Http://blogs.msdn.com/b/niran_belliappa/archive/2014/01/16/step-by-step-configuring-crm-2013-internet-facing-deployment-ifd.aspx
  

  (This is for 2012 not R2 but the only real difference is R2 ADFS runs stand alone but 2012 uses IIS)

  Some things to check that have tripped me up in the past:

  1. Make sure, if using a self signed cert that you have added the cert to the trusted root certificate store on all servers.

  2. Make sure your service accounts have access to the private keys (as mentioned on the blog)

  If you are using a self-signed wildcard certificate there are sometimes some problems when you create them, make sure you follow the instructions here when generating it.

  http://blog.finesoft.co.in/post/2014/05/19/Creating-a-self-signed-wildcard-certificate-for-IIS7-Multiple-Websites.aspx

  
  

  Tuesday, June 10, 2014 12:10 PM
• 

  

  0

  Sign in to vote

  Hello,

  I checked:
  1. wildcard cert to the trusted root certificate store on crm and adfs servers
  2. service accounts (NETWORK SERVICES) have access to the private keys

  I use this Blog for setting up IFD on 2013 (Http://blogs.msdn.com/b/niran_belliappa/archive/2014/01/16/step-by-step-configuring-crm-2013-internet-facing-deployment-ifd.aspx)

  How configured my CRM Deployment manager:

  1.

  2. Configured CRM server for claims based authentication
  Federation metadata URL: https://adfs.mydomain.com/FederationMetadata/2007-06/federationmetadata.xml
  Encryption certificate: CN=*.mydomain.com, OU=Domain Control Validated

  3. ADFS Server configured as mentioned on the blog.

  4. Configured CRM server for IFD
  External domain where your Internet-facing servers are located: https://crm.mydomain.com
  Organization Web Service Domain: mydomain.com
  Web Application Server Domain: mydomain.com
  Discovery Web Service Domain: discover.mydomain.com

  5. Configured internal DNS
  AUTH-CNAME-CRM_SERVER
  DISCOVER-CNAME-CRM_SERVER
  CRM-CNAME-CRM_SERVER
  ADFS-CNAME-ADFS_SERVER

  6. Configured external DNS
  auth.mydomain.com-------ip1
  crm.mydomain.com--------ip1
  discover.mydomain.com---ip1
  adfs.mydomain.com-------Ip2

  On ADFS server added records for hosts file:
  IP1    auth.mydomain.com
  IP2    adfs.mydomain.com

  _________________________

  Any ideas how fix?

  Thanks.

  Thursday, June 12, 2014 8:41 AM
• 

  

  0

  Sign in to vote

  Hi Sergei,

  Did you try setting the SPN for Dynamics CRM? Check here on how to do it.

  ---

  Admin QuikView Solution for CRM 2013

  Thursday, June 12, 2014 9:19 AM
• 

  

  0

  Sign in to vote

  Hi Dynamotion,

  I tried setting the SPN for Dynamics CRM, but receive error:

  On ADFS Server:

  c:\>setspn -s http/adfs.mydomain.com corp\ADFS-server$

  On SRM Server:

   c:\>setspn -s HTTP\CRM.corp.mydomain.com corp\CRMAppPool

  Checking domain DC=corp,DC=mydomian,DC=com
  Invalid SPN HTTP\CRM.corp.mydomain.com
  
  Any ideas how fix?
  Thanks.

  Monday, June 16, 2014 7:45 AM
• 

  

  0

  Sign in to vote

  Same here... nobody have any answer?

  Wednesday, September 28, 2016 6:30 AM
• 

  

  0

  Sign in to vote

  Hi eric,

  you must set spn for ure adfs url. and check for duplicates, reboot, thats all

  ---

  gruss Daniel Ovadia MBSS - Microsoft Dynamics CRM MCNPS

  Wednesday, September 28, 2016 11:28 AM