Skip to main content

Notifications

Announcements

Join us in the Community for an AMA: December 12th Register Today
News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / AD FS
Microsoft Dynamics CRM (Archived)

AD FS

(0) ShareShare
ReportReport
Posted on by Prashnat Verma 287

Hi,

I have been working on AD FS with with CRM & got stuck with this issue below.

/////////////////////////////////////////////////////////////////////////////////////////////

Log Name: AD FS/Admin
Source: AD FS
Date: 4/18/2018 2:34:50 PM
Event ID: 364
Task Category: None
Level: Error
Keywords: AD FS
User: crmadmin
Computer: V
Description:
Encountered error during federation passive request.

Additional Data

Protocol Name:
wsfed

Relying Party:
https://**********/

Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://*****/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)


Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
<EventID>364</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2018-04-18T10:34:50.615202900Z" />
<EventRecordID>5603</EventRecordID>
<Correlation ActivityID="{00000000-0000-0000-199C-0080000000F3}" />
<Execution ProcessID="7432" ThreadID="3816" />
<Channel>AD FS/Admin</Channel>
<Computer>VEXTSRSS.****</Computer>
<Security UserID="S-1-5-21-1593450963-3619244252-1636940853-8644" />
</System>
<UserData>
<Event xmlns="schemas.microsoft.com/.../Events">
<EventData>
<Data>wsfed</Data>
<Data>https://*******/</Data>
<Data>Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://******/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

</Data>
</EventData>
</Event>
</UserData>
</Event>

Thanks

Prashant Verma

*This post is locked for comments

  • Prashnat Verma Profile Picture
    Prashnat Verma 287 on at
    RE: AD FS

    hi @David

    Now my error has changed to below.

    -------------------------------------------------------------------------------------

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    <error xmlns:xsd="www.w3.org/.../XMLSchema&quot; xmlns:xsi="www.w3.org/.../XMLSchema-instance&quot;>

    <exception>

    Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Security.Cryptography.CryptographicException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #DA7E8EEDDetail: <OrganizationServiceFault xmlns:i="www.w3.org/.../XMLSchema-instance&quot; xmlns="schemas.microsoft.com/.../Contracts&quot;> <ErrorCode>-2147220970</ErrorCode> <ErrorDetails xmlns:d2p1="schemas.datacontract.org/.../System.Collections.Generic&quot;> <KeyValuePairOfstringanyType> <d2p1:key>CallStack</d2p1:key> <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema&quot; i:type="d4p1:string"> at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature() at System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement() at System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor) at System.IdentityModel.Metadata.MetadataSerializer.WriteMetadata(Stream stream, MetadataBase metadata) at Microsoft.Crm.Authentication.Claims.MetadataGenerator.CreateExternalFederationMetadata(Uri relyingPartyIdentifier, String certificateName, Stream stream) at Microsoft.Crm.Authentication.Claims.MetadataGenerator.GenerateExternalCrmFederationMetadata(Stream stream) at Microsoft.Crm.Application.Components.Handlers.FederationMetadata.ProcessRequestInternal(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)</d2p1:value> </KeyValuePairOfstringanyType> </ErrorDetails> <Message>System.Security.Cryptography.CryptographicException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #DA7E8EED</Message> <Timestamp>2018-04-19T10:35:44.6259668Z</Timestamp> <InnerFault i:nil="true" /> <TraceText i:nil="true" /> </OrganizationServiceFault>

    </exception>

    <parameters xsi:nil="true"/>

    <displaytitle/>

    <displaytextencoded/>

    <displaytext/>

    <description>Keyset does not exist</description>

    <file>Not available</file>

    <line>Not available</line>

    <details>Not available</details>

    <traceInfo/>

    <requesturl>

    internalcrm.*****/.../FederationMetadata.ashx

    </requesturl>

    <pathAndQuery>/Handlers/FederationMetadata.ashx</pathAndQuery>

    <source>ASHX_XML</source>

    <stacktrace>

    [CryptographicException: Keyset does not exist ] at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature() at System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement() at System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor) at System.IdentityModel.Metadata.MetadataSerializer.WriteMetadata(Stream stream, MetadataBase metadata) at Microsoft.Crm.Authentication.Claims.MetadataGenerator.CreateExternalFederationMetadata(Uri relyingPartyIdentifier, String certificateName, Stream stream) at Microsoft.Crm.Authentication.Claims.MetadataGenerator.GenerateExternalCrmFederationMetadata(Stream stream) at Microsoft.Crm.Application.Components.Handlers.FederationMetadata.ProcessRequestInternal(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    </stacktrace>

    </error>

    Thanks

  • David Jennaway Profile Picture
    David Jennaway 14,063 on at
    RE: AD FS

    When does the error occur - is it when setting up claims authentication, or when a user tries to login to CRM via ADFS ?

    Also, is the trust name in the error message the same as the name in ADFS ?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join us in the Community for an AMA: December 12th Register Today

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,253 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,188 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans