locked
IFD Configuration Issue - CRM2011 RRS feed

  • Question

  • There was a problem accessing the site. Try to browse to the site again.If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.Reference number: ba7beb2e-82bd-498b-908b-d72eca7309b0

    Log File 1:

    An error occurred during an attempt to build the certificate chain for the relying party trust 'https://internalcrm.domain.com/' certificate identified by thumbprint '7C2C7F12E295FCA54D7248007F1730A78755396A'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's encryption certificate revocation settings or certificate is not within its validity period. 

     

    You can use Windows PowerShell commands for AD FS 2.0 to configure the revocation settings for the relying party encryption certificate. 

    Relying party trust's encryption certificate revocation settings: CheckChainExcludeRoot 

    The following errors occurred while building the certificate chain:  

    The certificate is revoked.

    User Action: 

    Ensure that the relying party trust's encryption certificate is valid and has not been revoked. 

    Ensure that AD FS 2.0 can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. 

    Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS 2.0 Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

    Log File 2:

    Encountered error during federation passive request. 

    Additional Data 

    Exception details: 

    Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException: ID3242: The security token could not be authenticated or authorized.

       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)

       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

       --- End of inner exception stack trace ---

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, MSISSession& session)

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSerializedToken(String signOnToken, WSFederationMessage incomingMessage)

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseCoreWithSecurityToken(SecurityToken securityToken, WSFederationMessage incomingMessage)

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponseForProtocolRequest(FederationPassiveContext federationPassiveContext, SecurityToken securityToken)

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSignInResponse(SecurityToken securityToken)

     

    System.ServiceModel.FaultException: ID3242: The security token could not be authenticated or authorized.

       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)

       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)

       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

     

    Regards,


    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    Tuesday, December 13, 2011 9:03 PM

Answers

  • There was a problem with certificate, we re-key the certificate and configured IFD again.

    It worked.

     

    Regards,


    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    • Marked as answer by Khaja Mohiddin Tuesday, December 27, 2011 10:29 AM
    Tuesday, December 27, 2011 10:29 AM