Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Dynamics CRM 2016 - Cl...
Microsoft Dynamics CRM (Archived)

Dynamics CRM 2016 - Claim-based authentication issue (internal access).

(0) ShareShare
ReportReport
Posted on by Community Member Microsoft Employee

Hi!

I have test environment with two servers in one domain (both Windows Server 2012 R2).

ServerA is running CRM 2016 On-Premise and ADFS 3.0. I configured the internal access Claim-based authentication using this guid https://www.interactivewebs.com/blog/index.php/crm/how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server/.

On Dynamics CRM site I have WCF service which can retrieve CRM organizations. To access CRM I've used OrganizationServiceProxy and CredentialCache.DefaultNetworkCredentials (source code from SDK).

Dynamics CRM and WCF services are running under NetworkService app pool identity.

ServerB is a domain controller with console application from which wcf service (ServerA) is calling (WSHttpBinding). Console application is working under domain administrator. ServerA is trust for delegation.

Also I've set some spn's:

setspn -s host/sts1.mydomain.com adfsuser

setspn -s host/sts1.mydomain.com@MYDOMAIN.COM adfsuser

setspn -s host/ServerA ServerA$

setspn -s host/ServerA.MYDOMAIN.COM ServerA$

Error happens when I try to call wcf service on ServerA: 

Unable load list of CRM organizations.Exception has been thrown by the target of an invocation. - mscorlib
Inner Exception:
Value cannot be null.
Parameter name: securityTokenResponse - Microsoft.Xrm.Sdk

Authentication failed: 

System.IdentityModel.Tokens.SecurityTokenValidationException: The NetworkCredentials provided were unable to create a Kerberos credential, see inner exception for details. ---> System.IdentityModel.Tokens.SecurityTokenException: InitializeSecurityContent failed. Ensure the service principal name is correct. ---> System.ComponentModel.Win32Exception: No credentials are available in the security package

I've spent a lot of time to make this work (trying to configure Kerberos delegation) but the only solution I've found is to set credentials explicitly in source code (or using connection strings). But I need to make this work without hardcoded credentials.

Is it Kerberos delegation issue and how configure it?

I would be very pleased for any idea for solving this issue.

*This post is locked for comments

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,235 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans