Asked by:
Cannot Log In

Question
-
Login suddenly does not work for all users anymore. When I go to http://crm.[domain].com I get to the usual login page on https://sts.[domain].com:444/... to put in the user name and pwd. However, when trying to sign in I get a pop up window that asks for the username and password again. This did not happen before. After trying to enter the username and password a few time I get to https://auth.[domain].com with the message http error 401 - Unauthorized: Access is denied.
Could it be that some password on the CRM, SQL, etc server has expired for some key service running CRM? If so which account would this be? What else could cause this?
Friday, August 2, 2013 11:03 PM
All replies
-
Hi
Can your users login via the internal address?
Cheers
Roshan
Friday, August 2, 2013 11:05 PM -
Roshan, I checked and I get the same error.Saturday, August 3, 2013 1:02 AM
-
I also checked all the links below internally and they come back fine and the login issue happens even internally.
https://sts.[domain].com:444/federationmetadata/2007-06/federationmetadata.xml
* Looks correct internally.
* Externally I get something strange:
<ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256"><ds:digestvalue> FrmryW66Xh...</ds:digestvalue></ds:digestmethod>
Address<auth:description>The e-mail address of the user</auth:description><auth:claimtype optional="true" uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706"><auth:displayname>Given Name</auth:displayname><auth:description>The
...
https://sts.[domain].com:444/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256
....</auth:description></auth:claimtype>https://internalcrm.[domain].com/federationmetadata/2007-06/federationmetadata.xml
* Looks fine internallyhttps://auth.[domain].com/federationmetadata/2007-06/federationmetadata.xml
* Looks fine internally
* Looks fine externallyAny help is appreciated
Saturday, August 3, 2013 6:28 PM -
If you take a look at the certificates in ADFS, have they expired or auto rolled over recently? If so, take a look at this KB article which should help.
Neil - My CRM Blog
Sunday, August 4, 2013 1:05 AM