Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
The IFD configuration AD FS 2.0 server RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello everyone,

    While configuring the IFD for ADFS 2.0, I am getting the below error. How to resolve it?

    Error message: MSIS7612: each identifier for a relying party trust must be unique across all relying party trusts in AD FS 2.

     

     

    Thanks, Ankit Shah
    Inkey Solutions, India.
    Microsoft Certified Business Management Solutions Professionals
    http://www.inkeysolutions.com/MicrosoftDynamicsCRM.html
    Wednesday, August 10, 2011 11:41 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    What are your identifiers?

    Are you trying to use the same claims endpoint used for the internal relying party for your IFD relying party as well? (Note that CRM has two federation metadata endpoints: one for internal claims and one for external claims (aka IFD).)

    Is there anything in the event log that is helpful?

    Thanks,
    Michael

    Monday, August 15, 2011 7:04 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I got the same error when implementing with a .local internal domain and a UCC SSL certificate.  When I created the Relying Party Trust for the internal "servername.domainname.local" it referenced the claims endpoint of "servername.domainname.com" which conflicted with the external Relying Party Trust.  I ended up deleting the internal Relying Party Trust and kept just the external.  Do you have a similar implementation?

     

    Matt

    Tuesday, August 16, 2011 7:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Matt and Michael,

    Thanks for the replies.

    I am using the below URL for my configuration. And doing the same thing with my Go daddy external certificate.

    http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/ 

     

     

     

    Thanks, Ankit Shah
    Inkey Solutions, India.
    Microsoft Certified Business Management Solutions Professionals
    http://www.inkeysolutions.com/MicrosoftDynamicsCRM.html
    Tuesday, August 16, 2011 7:28 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Ankit,

    Can you be clear on this error, when did you get this error?

    I think you are using same URL for internal and External Replay party trust.

     

    Regards,

     

    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    Tuesday, August 16, 2011 7:44 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Khaja,

    Nope, I am using the different URLs for both party trusts. As stated in URL, first one the internal one for my orgName.<servername> and the second one external for Auth.<servername>. I am getting this error while trying to setup the second one as I could see the same identifiers overthere too.

     

    Thanks, Ankit Shah
    Inkey Solutions, India.
    Microsoft Certified Business Management Solutions Professionals
    http://www.inkeysolutions.com/MicrosoftDynamicsCRM.html
    Tuesday, August 16, 2011 7:47 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Is your internal domain and external domain both are same?

    I have got this issue when i was having different domain names, later i have created a forward lookup zone in my internal DNS then configured perfectly.

     

    Regards,

    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    Tuesday, August 16, 2011 8:00 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Yes,

    My internal and external domain both are same. Could you please share the details what to do in this situation?

    Thanks, Ankit Shah
    Inkey Solutions, India.
    Microsoft Certified Business Management Solutions Professionals
    http://www.inkeysolutions.com/MicrosoftDynamicsCRM.html
    Tuesday, August 16, 2011 8:12 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I would like to check all the DNS entires, certificate, permissions for certificate, FederationMetaData, IFD configuration.

    Please let me know all these are configured properly.

     

    Regards,

    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    Tuesday, August 16, 2011 9:10 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi,

    When specifying the URLs for your federation metadata for the relying parties, you shouldn't have the org name in the federation metadata URL. The internal federation metadata URL will be something like https://servername/federationmetadata/2007-06/federationmetadata.xml and the external one will be something like https://auth.domain.com/federationmetadata/2007-06/federationmetadata.xml. (If you are using internal domain values instead of the server host name for the URL, the internal URL might be something like https://internal.domain.com/federationmetadata/2007-06/federationmetadata.xml.)

    Try recreating the internal relying party and let us know how it goes. Also, here is a helpful document on how to configure claims and IFD.
    http://www.microsoft.com/download/en/details.aspx?id=3621

    Thanks,
    Michael

    Tuesday, August 16, 2011 5:57 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Michael,

    Thanks for the reply. Actually my internal URL is not working. When I am trying to browse it is giving me an error like "IE cannot display a web page". I have tried the both ways as you specified above. Can you shed some light on that? Beacuse I cannot go further with the IFD configuration steps before browse it successfully.

     

    Thanks, Ankit Shah
    Inkey Solutions, India.
    Microsoft Certified Business Management Solutions Professionals
    http://www.inkeysolutions.com/MicrosoftDynamicsCRM.html
    Wednesday, August 17, 2011 4:24 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Michael,

    We are experiencing a similar issue. To add to this, I have noticed that I receive the same xml (both "entity ID"s and "EndPointReference"s pointing to the IFD URLs) regardless of when I navigate to my IFD federation metadata (https://sbxauth.us.logicalis.com/FederationMetadata/2007-06/FederationMetadata.xml) or my internal metadata (https://sbxcrmint.us.logicalis.com/FederationMetadata/2007-06/FederationMetadata.xml) hence I am unable to re-create/update the internal relying party once IFD is turned on due to the end point conflict.  Because of this, I am being required to log regardless of the URL I use to connect.

    Claims works as expected internally up until I turn on and configure IFD; and again after it is on CRM/ADFS appears to treat everything as "external."

    We use ADFS/Claims for other apps and have no issues with our ADFS both internally and externally (using ADFS proxy). To me this seems like a bug in CRM (possibly with rollup 3), but wanted to see if I get any more insight.

    On a side note, we are looking to use this deployment for our CRM only. Is there any real reason we need to even enable IFD if we have only one org? Are there any implications to simply using "internal" claims and then exposing via TMG? Other than multi-tenancy, I am struggling to see any need for IFD.

    Thanks!

    Tim Gagne
    Logicalis, Inc

    Wednesday, September 21, 2011 2:11 PM