locked
CRM 2011 (IFD) + ADFS 2.0 = 404 not found. RRS feed

  • Question

  • used the implemtation guide and the video http://www.youtube.com/watch?v=T9jZIxDTsBw

    to set up a test/dev crm2011 server with a internet facing Deployment using Claims based implemation.

    once I goto the dev url

    https://mycrm.mydomain.com:444 I get redirected to http:sts1.mydomain.com with a 404 not found.

    some back info.
    host record has the following records
     192.168.100.100 sts1.mydomain.com
    192.168.100.100 auth.mydomain.com
    192.168.100.100 mycrm.mydomain.com
    192.168.100.100 dev.mydomain.com

    I am using a self signed wild card cert  *.mydomain.com

    Iff I connect to http://mycrm:5555   (default install location) it works but its not using claims based authentication.

    if I changed it to https://mycrm.mydomain.com:444 redirects -> sts1.mydomain.com (as you would expect) but the url that is 404 is the following

    https://sts1.mydomain.com/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fmycrm.mydomain.com%3a444%2fdefault.aspx&wctx=rm%3d1%26id%3da820ae55-65a4-4ab2-a8d4-c301cdf1e0d7%26ru%3dhttps%253a%252f%252fmycrm.mydomain.com%253a444%252fdefault.aspx&wct=2011-04-18T13%3a19%3a19Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword

     

    to me it seems like the /adfs/ls  service is broken.?  did I miss something in the install (done this 3 times now)

     

    Monday, April 18, 2011 1:37 PM

Answers

  • ok I got it working... I will make a new post about it...

     

    there is an order of install that you need to do that is not explained in that video or by the IFD/claims document.

     

    Bassically.

    this order.

    create wild card Cert like *.mydomain.com

    install ADFS 2

    install CRM :  using new iis site port 5555 http 

    install sharepoint.. (that was my problem.. sharepoint needs to be installed AFTER STS/adfs installed) on a new site

    then dont forget to set SPNs on all domains you will use this is not documented and needs to happen.. (btw I hate spn's)

    eg: 

    setspn -a https/servername  MYDOMAIN\crmserver$

    setspn -a http/servername  MYDOMAIN\crmserver$

    setspn -a http/auth.mydomain.com  MYDOMAIN\crmserver$

    setspn -a https/auth.mydomain.com  MYDOMAIN\crmserver$

    setspn -a http/dev.mydomain.com  MYDOMAIN\crmserver$

    setspn -a https/dev.mydomain.com  MYDOMAIN\crmserver$

    setspn -a https/sts1.mydomain.com  MYDOMAIN\crmserver$

    setspn -a http/sts1.mydomain.com  MYDOMAIN\crmserver$

    set spns for all crm sub domains you need to use

    setspn -a https/org1.mydomain.com  MYDOMAIN\crmserver$

    setspn -a http/org1.mydomain.com  MYDOMAIN\crmserver$

    setspn -a https/org2.mydomain.com  MYDOMAIN\crmserver$

    setspn -a http/org2.mydomain.com  MYDOMAIN\crmserver$

     

    last but not least./...  set you spn for the sharepoint server if you intend to use STS/adfs with it

    setspn -a http/sharepoint.mydomain.com  MYDOMAIN\crmserver

    setspn -a https/sharepoint.mydomain.com  MYDOMAIN\crmserver

     

    you maybe wondering why http when this will only be needed for https.... dont know why.. it did not work with out it properly,,, go figure

     

     

    once this is set.. set you claims and relying trust as with the video,  (for internet facing and internal)

     

     

     

    any way.. I will create a one stop how to in the next couple of hours... have fun  Freib's out.

    • Marked as answer by freibuis Wednesday, April 27, 2011 4:02 AM
    Wednesday, April 27, 2011 4:01 AM

All replies

  • Hi,

    I think you have configured IFD correctly, but you need to enable the 443 port in your router for ADFS.

    Please check this URL for further details,

    http://blogs.msdn.com/b/crm/archive/2011/01/13/configuring-ifd-with-microsoft-dynamics-crm-2011.aspx


    Khaja Mohiddin
    Monday, April 18, 2011 3:11 PM
  • its on the same network and from the same machine as the CRM/adfs setup.

    host file is on all machines on the network for testing purposes

     

    I have read that blog post up and down and watched the vid like 100 times. and understand the adfs pretty well now.

     

    I think the service adfsPool is not working properly.. I will verify.

    Monday, April 18, 2011 3:58 PM
  • please check your firewall and dns.
    Khaja Mohiddin
    Monday, April 18, 2011 4:13 PM
  •  

    sure but I I said before I on on the same machine ;)   

     

    aslo when I do test from the same network all firewalls are off.. that was the first thing to go off once I debug ths

    oh .. I did mention that I am using host file for this test in the first post
    Monday, April 18, 2011 4:27 PM
  • ok I ran this in a VM to test a theory.

     

    ok  I solved it... ADFS kept installing parts of its APP_code into a none default website.

     

    on closer inspection it happens because a test sharepoint service was running partly on the default web service.

    so I rolled back the VM then installed in this order

    ADFS

    Sharepoint

    MSCRM

     

    on a side note I dont know why ADFS installed part of its code into the other web service and thats why /adfs/ls/ was missing on the default web instance...  Go figure..

    any way.. the Single Sign in now works but once it logs in it brings up a blank crm page..... now time to debug why this happens ;) to the forums I go!!!!!! 

     

    Tuesday, April 19, 2011 10:08 AM
  • Hi,

    Did you find any solution for this?

    I was getting the same issue when accessing CRM Site externally, then i enabled the 443 port in the router then it started working fine.

    Please check this thread also

    http://social.msdn.microsoft.com/Forums/en-US/crm/thread/7c92f02d-ede0-43ec-a78d-8b4fbea43e52

     

    regards,


    Khaja Mohiddin
    Wednesday, April 20, 2011 10:02 AM
  • ok I got it working... I will make a new post about it...

     

    there is an order of install that you need to do that is not explained in that video or by the IFD/claims document.

     

    Bassically.

    this order.

    create wild card Cert like *.mydomain.com

    install ADFS 2

    install CRM :  using new iis site port 5555 http 

    install sharepoint.. (that was my problem.. sharepoint needs to be installed AFTER STS/adfs installed) on a new site

    then dont forget to set SPNs on all domains you will use this is not documented and needs to happen.. (btw I hate spn's)

    eg: 

    setspn -a https/servername  MYDOMAIN\crmserver$

    setspn -a http/servername  MYDOMAIN\crmserver$

    setspn -a http/auth.mydomain.com  MYDOMAIN\crmserver$

    setspn -a https/auth.mydomain.com  MYDOMAIN\crmserver$

    setspn -a http/dev.mydomain.com  MYDOMAIN\crmserver$

    setspn -a https/dev.mydomain.com  MYDOMAIN\crmserver$

    setspn -a https/sts1.mydomain.com  MYDOMAIN\crmserver$

    setspn -a http/sts1.mydomain.com  MYDOMAIN\crmserver$

    set spns for all crm sub domains you need to use

    setspn -a https/org1.mydomain.com  MYDOMAIN\crmserver$

    setspn -a http/org1.mydomain.com  MYDOMAIN\crmserver$

    setspn -a https/org2.mydomain.com  MYDOMAIN\crmserver$

    setspn -a http/org2.mydomain.com  MYDOMAIN\crmserver$

     

    last but not least./...  set you spn for the sharepoint server if you intend to use STS/adfs with it

    setspn -a http/sharepoint.mydomain.com  MYDOMAIN\crmserver

    setspn -a https/sharepoint.mydomain.com  MYDOMAIN\crmserver

     

    you maybe wondering why http when this will only be needed for https.... dont know why.. it did not work with out it properly,,, go figure

     

     

    once this is set.. set you claims and relying trust as with the video,  (for internet facing and internal)

     

     

     

    any way.. I will create a one stop how to in the next couple of hours... have fun  Freib's out.

    • Marked as answer by freibuis Wednesday, April 27, 2011 4:02 AM
    Wednesday, April 27, 2011 4:01 AM
  • Hi Freib

    I met the same problem.

    I tried to follow your way to setting the spn,but my crm still can't work.

    any suggestions?

    Wednesday, August 3, 2011 2:39 AM
  • Hi Freib

    I met the same problem.

    I tried to follow your way to setting the spn,but my crm still can't work.

    any suggestions?


    OK,I've solved it .but the solve way didn't follow your step.
    Friday, August 5, 2011 8:00 AM