locked
AD FS 2.1 Configuration Incomplete (configuring CRM 2013 with IFD) RRS feed

  • Question

  • Hi there CRM Experts & experienced implementers,

    I'm configuring a test deployment of CRM 2013 with Claims Based Authentication and IFD

    CRM 2013 and AD FS are in separate servers and both are in the default websites in IIS.

    Server Info:

    CRM Server: Our Sandbox is a VM Server (Windows Server 2012 Standard) with single server setup = CRM 2013 Server (Full Server Roles) + SQL DB Server.

    AD FS Server: AD FS 2.1 is installed on a VM server running Windows Server 2012 Standard.

    I've separated them since I've been running into issues configuring IFD if they're in the same server --> here's a link to my previous forum question regarding this issue: http://social.microsoft.com/Forums/en-US/61775cff-bdf7-430b-92c3-67deea42369c/crm-2013-claims-based-authentication-ifd-configuration-errors-help?forum=crmdeployment

    I created a self signed SSL wildcard certificate using Makecert.exe (as recommended in the CRM 2013 Claims and IFD guide since this is a test deployment) and I've successfully bound the SSL certificates to both the default website in IIS in the AD FS server and to the CRM Website. Both sites are working fine.

    Here's the issue: When I add and configure the AD FS Server Role (using the correct wildcard certificate), the AD FS Federation Server Configuration Wizard finishes successfully (Fig. 1). However, when close the wizard, the AD FS Managment shows the message "Required Configuration Incomplete", and "Required: Add a trusted relying party" (Fig. 2). I've done this many times in my other server and I never had this problem; it's suppose to say configuration complete and then I could verify the federation metadata url.

    When I verify the AD FS installation by browsing the URL of the federation metadata in IE, (e.g.

    https://sts1.contoso.com/federationmetadata/2007-06/federationmetadata.xml) the page says Page can't be displayed.

    Fig. 1

    Fig. 2

    Any ideas? What did I miss? Is there anything I'm missing installed in the server for this to be properly installed and configure?

    Thanks for your time and help.

    ProgCRM


    Wednesday, May 14, 2014 11:57 AM

Answers

  • Hi there MS CRM Community, and first thanks Vinay for your time and help.

    UPDATE: This is now resolved. I uninstalled the server roles AD FS and Web Server (IIS) + Windows Process Activation Service) and then reisntalled them accordingly. Then I grant the CRMAppPool Account Read permissions in the certificate on both the CRM server and the AD FS Server, and then I configured AD FS - I can now browse the Federation Metadata  URL.

    Thanks.

    ProgCRM

    Friday, May 16, 2014 9:32 AM

All replies

  • HI,

     

    You are on the middle of Pacific. Next thing is you need to configure Relying part trust for internal and external access.

    http://blogs.technet.com/b/dynamicspts/archive/2012/08/08/configuring-ifd-for-crm-2011.aspx

    Kindly follow above article to move forward.

    Thanks,


    Vinay Kumar.


    Wednesday, May 14, 2014 3:18 PM
  • Hi there MS CRM Community, and first thanks Vinay for your time and help.

    UPDATE: This is now resolved. I uninstalled the server roles AD FS and Web Server (IIS) + Windows Process Activation Service) and then reisntalled them accordingly. Then I grant the CRMAppPool Account Read permissions in the certificate on both the CRM server and the AD FS Server, and then I configured AD FS - I can now browse the Federation Metadata  URL.

    Thanks.

    ProgCRM

    Friday, May 16, 2014 9:32 AM
  • Hi,

    I am feeling glad that you are successfully updated your ADFS.

    Preferred article helped you to resolve this ??????

    If yes then it feels happy to see Marked as helpful answer !!!


    Thanks

     


    Vinay Kumar.


    Friday, May 16, 2014 2:42 PM