locked
404 error after logging to CRM 2013 via IFD/ADFS RRS feed

  • Question

  • Hello, need help.

    I have installed and configured Microsoft Dynamics CRM 2013 6.0.0.0809 version and deployment ADFS server on Windows server 2012R2. I configured claims-based authentication and IFD. But when logging to CRM via IFD/ADFS appears  404 error after logging.

    Any ideas how fix?

    Thanks.

    Tuesday, June 10, 2014 10:00 AM

All replies

  • Hi

    Would need more information on your set-up on what you have and have not done, there can be many reasons why you get a 404.

    I found this Blog very helpful when setting up IFD on 2013. Go through each step carefully and make sure you haven't missed something.

    Http://blogs.msdn.com/b/niran_belliappa/archive/2014/01/16/step-by-step-configuring-crm-2013-internet-facing-deployment-ifd.aspx

    (This is for 2012 not R2 but the only real difference is R2 ADFS runs stand alone but 2012 uses IIS)

    Some things to check that have tripped me up in the past:

    1. Make sure, if using a self signed cert that you have added the cert to the trusted root certificate store on all servers.

    2. Make sure your service accounts have access to the private keys (as mentioned on the blog)

    If you are using a self-signed wildcard certificate there are sometimes some problems when you create them, make sure you follow the instructions here when generating it.

    http://blog.finesoft.co.in/post/2014/05/19/Creating-a-self-signed-wildcard-certificate-for-IIS7-Multiple-Websites.aspx


    Tuesday, June 10, 2014 12:10 PM
  • Hello,

    I checked:
    1. wildcard cert to the trusted root certificate store on crm and adfs servers
    2. service accounts (NETWORK SERVICES) have access to the private keys

    I use this Blog for setting up IFD on 2013 (Http://blogs.msdn.com/b/niran_belliappa/archive/2014/01/16/step-by-step-configuring-crm-2013-internet-facing-deployment-ifd.aspx)

    How configured my CRM Deployment manager:

    1.

    2. Configured CRM server for claims based authentication
    Federation metadata URL: https://adfs.mydomain.com/FederationMetadata/2007-06/federationmetadata.xml
    Encryption certificate: CN=*.mydomain.com, OU=Domain Control Validated

    3. ADFS Server configured as mentioned on the blog.

    4. Configured CRM server for IFD
    External domain where your Internet-facing servers are located: https://crm.mydomain.com
    Organization Web Service Domain: mydomain.com
    Web Application Server Domain: mydomain.com
    Discovery Web Service Domain: discover.mydomain.com

    5. Configured internal DNS
    AUTH-CNAME-CRM_SERVER
    DISCOVER-CNAME-CRM_SERVER
    CRM-CNAME-CRM_SERVER
    ADFS-CNAME-ADFS_SERVER

    6. Configured external DNS
    auth.mydomain.com-------ip1
    crm.mydomain.com--------ip1
    discover.mydomain.com---ip1
    adfs.mydomain.com-------Ip2

    On ADFS server added records for hosts file:
    IP1    auth.mydomain.com
    IP2    adfs.mydomain.com

    _________________________

    Any ideas how fix?

    Thanks.

    Thursday, June 12, 2014 8:41 AM
  • Hi Sergei,

    Did you try setting the SPN for Dynamics CRM? Check here on how to do it.


    Admin QuikView Solution for CRM 2013

    Thursday, June 12, 2014 9:19 AM
  • Hi Dynamotion,

    I tried setting the SPN for Dynamics CRM, but receive error:

    On ADFS Server:

    c:\>setspn -s http/adfs.mydomain.com corp\ADFS-server$

    On SRM Server:

     c:\>setspn -s HTTP\CRM.corp.mydomain.com corp\CRMAppPool

    Checking domain DC=corp,DC=mydomian,DC=com
    Invalid SPN HTTP\CRM.corp.mydomain.com

    Any ideas how fix?
    Thanks.

    Monday, June 16, 2014 7:45 AM
  • Same here... nobody have any answer?
    Wednesday, September 28, 2016 6:30 AM
  • Hi eric,

    you must set spn for ure adfs url. and check for duplicates, reboot, thats all


    gruss Daniel Ovadia MBSS - Microsoft Dynamics CRM MCNPS

    Wednesday, September 28, 2016 11:28 AM