Dynamics CRM 2011 and Windows Server 2012 / AD FS 2.1
AaronRic
10,035
Like
Share
ReportWe have had many questions about the supportability as well as issues when installing CRM 2011 on Windows Server 2012. Also, there have been questions around if Claims/IFD based authentication are supported with AD FS 2.1. In addition, there have been some issues with configuring the Outlook client when utilizing AD FS 2.1 environments.
I wanted to point out that currently the supportability of these products is in its testing phase. As these are both newly released products, it does take time for testing with the latest versions of CRM to determine its supportability. These have been added to our Compatibility KB article below:
Microsoft Dynamics CRM Compatibility List
There is no current timeline when this will be supported with CRM 2011; however, once this is supported, the article above will be updated with that information and I will post a comment on this blog post.
Comments
-
I am getting this error any help please
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
Exception details:
Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
*This post is locked for comments