Dynamics CRM 2011 and Windows Server 2012 / AD FS 2.1

AaronRic

10,035

Like(0)

Report

We have had many questions about the supportability as well as issues when installing CRM 2011 on Windows Server 2012. Also, there have been questions around if Claims/IFD based authentication are supported with AD FS 2.1. In addition, there have been some issues with configuring the Outlook client when utilizing AD FS 2.1 environments.

I wanted to point out that currently the supportability of these products is in its testing phase. As these are both newly released products, it does take time for testing with the latest versions of CRM to determine its supportability. These have been added to our Compatibility KB article below:

Microsoft Dynamics CRM Compatibility List

There is no current timeline when this will be supported with CRM 2011; however, once this is supported, the article above will be updated with that information and I will post a comment on this blog post.

Comments

*This post is locked for comments

Vipin J 1,603
Posted at

I am getting this error any help please

Encountered error during federation passive request.

Additional Data

Protocol Name:

wsfed

Relying Party:

internalcrm.master.local

Exception details:

Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)

at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)

at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)

--- End of inner exception stack trace ---

at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)

at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)

at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)

at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)

at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)

at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)

at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)

at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)

at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)

at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)

at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)

at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)

--- End of inner exception stack trace ---

at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)

at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.Process(ProtocolContext context)

at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)

at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)

at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)

at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)

--- End of inner exception stack trace ---

at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)

at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)

at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)

at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)

at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)

at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)

at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)

at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)

at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)

at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)

at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)

at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)

Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)

at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)

at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)

at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)

Like (0)

Report

Community site session details

Dynamics CRM 2011 and Windows Server 2012 / AD FS 2.1

Comments

Jainam Kothari – Community Spotlight

Congratulations to the May Top 10 Community Leaders!

Announcing the Engage with the Community forum!