You’re offline. This is a read only version of the page.
1,695
I have been battling with this for weeks now and always get the same error when trying to configure the IFD.
We have a live CRM system with ADFS 3.0 and IFD configured which works fine.
I want to install a development system with external access. Do i need a WAP server? can anybody point me i the direction of an idiots guide to setting this up, bearing in mind that both Live and Dev systems will be on the same domain
Fort my dev system i have access to 3 windows 2012R2 servers One with external Ip addresses
*This post is locked for comments
Hi David,
I finally managed to get back onto this project. I have a development server running VS servers for SQL and for CRM / ADFS , ie your option 2 setup.
I am coming up with the error 'An error occurred during an attempt to access the AD FS configuration database. Error message : MSIS7612: Each identifier for a relying party trust must be unique across all relaying trusts in AD FS configuration'
This error is displayed whilst following this thread www.interactivewebs.com/.../how-to-set-up-crm-2015-ifd-on-windows-2012-and-adfs-3-0. I get to the section ADFS Relying Party Trust for the IFD Endpoint , and when trying at step 2
Step 2: On the Select Data Source page, click Import data about the relying party published online or on a local network, and then type the URL to locate the federationmetadata.xml file. This federation metadata is created during IFD Setup.
Log from the ADFS Even viewer
Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
<EventID>364</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2015-11-26T16:12:53.952964400Z" />
<EventRecordID>33</EventRecordID>
<Correlation ActivityID="{00000000-0000-0000-3F00-0080000000FD}" />
<Execution ProcessID="1560" ThreadID="4280" />
<Channel>AD FS/Admin</Channel>
<Computer>DEV001.********.*****</Computer>
<Security UserID="S-1-5-21-348858520-2694446665-60202977-1389" />
</System>
<UserData>
<Event xmlns="schemas.microsoft.com/.../Events">
<EventData>
<Data>wsfed</Data>
<Data>https://pfinternal.*******.**.**/</Data>
<Data>Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://pfinternal.******.***.***/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
</Data>
</EventData>
</Event>
</UserData>
</Event>
have you any pointers that may help
At what point do you get the error when setting this up ? Is it within the configuration within ADFS, or in one of the CRM wizards in Deployment Manager ?
It should be possible to get this to work, but it's not a configuration I'd normally recommend. I'd normally go with either of these approaches:
HI,
I have tried following this link to set up . www.interactivewebs.com/.../how-to-set-up-crm-2015-ifd-on-windows-2012-and-adfs-3-0
The set up is, 1 windows 2012R2 server, with 2 virtual servers One VS with SQL 2014 and the other to host CRM2015 & ADFS3. Everything works up to the point that I try and configure the IFD. I get an error stating that the endpoints have to be unique. The External Ip addresses , internal addresses and DNS names are different to the live servers. Only thing I can think of which may be causing the problem would be the accounts I have the services running on. I will try resetting everything up again today with new active directory accounts and see if that resolves the issue. any other pointers would be very helpful
Hi
Is your dev environment on separate server and deployment ?
You can user same ADFS if DNS names are not the same.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,240
Super User 2024 Season 2
#2
Martin Dráb
230,149
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (