locked
Issue with Outlook Access via ADFS Proxy RRS feed

  • Question

  • Hi,

    We have CRM 2011 IFD, ADFS Federation Server and a Proxy Server as the front end.

    Web and Outlook can connect absolutely fine to CRM from the LAN, Web access works fine externally but Outlook doesn't.

    Kerboros is enabled on the CRM Website and we're using HTTPS throughout. Have updated the adfs endpoint for adfs/services/trust/13/username to be enabled on the proxy and not enabled, no difference

    Any ideas what could cause the Outlook client not to work but Web access is ok?

    17:13:00|  Error| Error connecting to URL: https://crm.123abc.com/XRMServices/2011/Discovery.svc Exception: Microsoft.Crm.CrmException: Authentication failed
       at Microsoft.Crm.Outlook.ClientAuth.ClaimsBasedAuthProvider`1.AuthenticateClaims()
       at Microsoft.Crm.Outlook.ClientAuth.ClaimsBasedAuthProvider`1.SignIn()
       at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvidersFactory`1.SignIn(Uri endPoint, Credential credentials, AuthUIMode uiMode, IClientOrganizationContext context, Form parentWindow, Boolean retryOnError)
       at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow, Credential credentials)
       at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.InternalLoadOrganizations(OrganizationDetailCollection orgs, AuthUIMode uiMode, Form parentWindow)

     


    Pete

    Thursday, December 5, 2013 5:15 PM

All replies

  • as CRM Client trace shows

    >Creating a client authentication form.
    [2013-12-05 13:54:06.287] Process:OUTLOOK |Organization:00000000-0000-0000-0000-000000000000 |Thread:   22 |Category: Application.Outlook |User: 00000000-0000-0000-0000-000000000000 |Level: Error |ReqId:  | ClientAuthConfiguration.TryGetContextUserUpn  ilOffset = 0x6
     at ClientAuthConfiguration.TryGetContextUserUpn(String& value)  ilOffset = 0x6
     at ClientAuthForm..ctor(Credential credentials, Boolean allowPhysicalStore, PassportConfiguration passportConfig, Uri endPoint, IClientOrganizationContext context)  ilOffset = 0x74
     at ClientAuthProvidersFactory`1.RetrieveUserCredentialsAndSignIn(Uri endPoint, Credential credentials, Form parentWindow, Boolean retryOnError, IClientOrganizationContext context)  ilOffset = 0x2E
     at ClientAuthProvidersFactory`1.SignIn(Uri endPoint, Credential credentials, AuthUIMode uiMode, IClientOrganizationContext context, Form parentWindow, Boolean retryOnError)  ilOffset = 0xBF
     at DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow, Credential credentials)  ilOffset = 0x41
     at DeploymentsInfo.InternalLoadOrganizations(OrganizationDetailCollection orgs, AuthUIMode uiMode, Form parentWindow)  ilOffset = 0x9C
     at DeploymentsInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow)  ilOffset = 0x112
     at ServerForm.LoadOrganizations(Boolean forceUI)  ilOffset = 0x44
     at BackgroundWorker.WorkerThreadStart(Object argument)  ilOffset = 0xD
     at StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)  ilOffset = 0xFFFFFFFF
     at StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)  ilOffset = 0xB1
     at ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)  ilOffset = 0x70
     at ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)  ilOffset = 0x0
     at QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()  ilOffset = 0x23
     at ThreadPoolWorkQueue.Dispatch()  ilOffset = 0xA2
    >Attempt to retrieve user's upn (user principle name) failed. Exception type:System.DirectoryServices.AccountManagement.PrincipalServerDownException
    Message:The server could not be contacted.
    StackTrace:
       at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
       at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
       at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType)
       at System.DirectoryServices.AccountManagement.UserPrincipal.get_Current()
       at Microsoft.Crm.Outlook.ClientAuth.ClientAuthConfiguration.TryGetContextUserUpn(String& value)


    Pete

    Thursday, December 5, 2013 5:17 PM