web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / AD FS
Microsoft Dynamics CRM (Archived)

AD FS

(0) ShareShare
ReportReport
Posted on by Prashnat Verma 287

Hi,

I have been working on AD FS with with CRM & got stuck with this issue below.

/////////////////////////////////////////////////////////////////////////////////////////////

Log Name: AD FS/Admin
Source: AD FS
Date: 4/18/2018 2:34:50 PM
Event ID: 364
Task Category: None
Level: Error
Keywords: AD FS
User: crmadmin
Computer: V
Description:
Encountered error during federation passive request.

Additional Data

Protocol Name:
wsfed

Relying Party:
https://**********/

Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://*****/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)


Event Xml:
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
<EventID>364</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2018-04-18T10:34:50.615202900Z" />
<EventRecordID>5603</EventRecordID>
<Correlation ActivityID="{00000000-0000-0000-199C-0080000000F3}" />
<Execution ProcessID="7432" ThreadID="3816" />
<Channel>AD FS/Admin</Channel>
<Computer>VEXTSRSS.****</Computer>
<Security UserID="S-1-5-21-1593450963-3619244252-1636940853-8644" />
</System>
<UserData>
<Event xmlns="schemas.microsoft.com/.../Events">
<EventData>
<Data>wsfed</Data>
<Data>https://*******/</Data>
<Data>Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://******/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

</Data>
</EventData>
</Event>
</UserData>
</Event>

Thanks

Prashant Verma

*This post is locked for comments

I have the same question (0)
  • David Jennaway Profile Picture
    David Jennaway 14,065 on at

    When does the error occur - is it when setting up claims authentication, or when a user tries to login to CRM via ADFS ?

    Also, is the trust name in the error message the same as the name in ADFS ?

  • Prashnat Verma Profile Picture
    Prashnat Verma 287 on at

    hi @David

    Now my error has changed to below.

    -------------------------------------------------------------------------------------

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    <error xmlns:xsd="www.w3.org/.../XMLSchema&quot; xmlns:xsi="www.w3.org/.../XMLSchema-instance&quot;>

    <exception>

    Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Security.Cryptography.CryptographicException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #DA7E8EEDDetail: <OrganizationServiceFault xmlns:i="www.w3.org/.../XMLSchema-instance&quot; xmlns="schemas.microsoft.com/.../Contracts&quot;> <ErrorCode>-2147220970</ErrorCode> <ErrorDetails xmlns:d2p1="schemas.datacontract.org/.../System.Collections.Generic&quot;> <KeyValuePairOfstringanyType> <d2p1:key>CallStack</d2p1:key> <d2p1:value xmlns:d4p1="www.w3.org/.../XMLSchema&quot; i:type="d4p1:string"> at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature() at System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement() at System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor) at System.IdentityModel.Metadata.MetadataSerializer.WriteMetadata(Stream stream, MetadataBase metadata) at Microsoft.Crm.Authentication.Claims.MetadataGenerator.CreateExternalFederationMetadata(Uri relyingPartyIdentifier, String certificateName, Stream stream) at Microsoft.Crm.Authentication.Claims.MetadataGenerator.GenerateExternalCrmFederationMetadata(Stream stream) at Microsoft.Crm.Application.Components.Handlers.FederationMetadata.ProcessRequestInternal(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)</d2p1:value> </KeyValuePairOfstringanyType> </ErrorDetails> <Message>System.Security.Cryptography.CryptographicException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #DA7E8EED</Message> <Timestamp>2018-04-19T10:35:44.6259668Z</Timestamp> <InnerFault i:nil="true" /> <TraceText i:nil="true" /> </OrganizationServiceFault>

    </exception>

    <parameters xsi:nil="true"/>

    <displaytitle/>

    <displaytextencoded/>

    <displaytext/>

    <description>Keyset does not exist</description>

    <file>Not available</file>

    <line>Not available</line>

    <details>Not available</details>

    <traceInfo/>

    <requesturl>

    internalcrm.*****/.../FederationMetadata.ashx

    </requesturl>

    <pathAndQuery>/Handlers/FederationMetadata.ashx</pathAndQuery>

    <source>ASHX_XML</source>

    <stacktrace>

    [CryptographicException: Keyset does not exist ] at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey() at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm) at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) at System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature() at System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement() at System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor) at System.IdentityModel.Metadata.MetadataSerializer.WriteMetadata(Stream stream, MetadataBase metadata) at Microsoft.Crm.Authentication.Claims.MetadataGenerator.CreateExternalFederationMetadata(Uri relyingPartyIdentifier, String certificateName, Stream stream) at Microsoft.Crm.Authentication.Claims.MetadataGenerator.GenerateExternalCrmFederationMetadata(Stream stream) at Microsoft.Crm.Application.Components.Handlers.FederationMetadata.ProcessRequestInternal(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    </stacktrace>

    </error>

    Thanks

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans