web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / ADFS 4.0 compatibility...
Microsoft Dynamics CRM (Archived)

ADFS 4.0 compatibility with CRM 2016 On Premises

(0) ShareShare
ReportReport
Posted on by bpoindexter

Is ADFS 4.0 compatible with CRM 2016 On Premises?

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    ThomasN Profile Picture
    ThomasN 3,190 on at

    Hi bpoindexter, thanks for reaching out.

    As of today ADFS 3.0 is the highest update supported by Dynamics 365 and 2016 on-premise. See link below for details.

    technet.microsoft.com/.../hh699671.aspx

    Hope this helps.

  • Suggested answer
    Pierre Andre Joubert Profile Picture
    Pierre Andre Joubert 175 on at

    Not sure if you have gone any further with this, but...

    Yes it is supported, there is no change to ADFS that prevents a CRM 2016 / 365 on-premises relying party from been configured.

    There are changes to ADFS 4.0 where the proxy is now completely separate and requires separate Web Application Proxy (WAP) server(s) to be configured.

    The MS documentation covers this here:  technet.microsoft.com/.../dn609803.aspx

    I also recently posted basic reference info on the configuration considerations for the D365 8.2 update for on-premise with Server 2016, ADFS 4.0 and WAP.  You can find the post here: http://bit.ly/D365IFDWAP

    Hope this helps

  • AgilePoint AgileXRM Profile Picture
    AgilePoint AgileXRM 155 on at

    Hi bpoindexter,

    We installed Dynamics 365/CRM with Update 2.1 with AD FS 4.0, but it causes intermittent token errors.

    It works sometimes and it fails other times!

    So I'd say AD FS 4.0 is not supported (yet).

  • Community Member Profile Picture
    Community Member on at

    We're using ADFS 4.0 with Dynamics 365 on-premise and it's working well.  We also use the WAP feature to keep our servers isolated from the Internet.  However, we're now trying to implement the Dynamics 365 Outlook App and we've running into an issue.  The App uses OAuth2 and that is significantly different and improved in ADFS 4.0.  We can not get the Dynamics Outlook App to authenticate with our ADFS 4.0 environment.  The Outlook Client works fine, but is not MFA aware, so we employ a custom additional authentication rule on our RP.

    Have you succeeded in getting authentication to the Dynamics 365 App for Outlook to work with ADFS 4.0?  Current references, including the setup command PowerShell script provided in Dynamics 365  "Settings>Dynamics 365 App for Outlook" reference ADFS 3.0 commands.  Any suggestions are appreciated.  Thanks Dan

  • AgilePoint AgileXRM Profile Picture
    AgilePoint AgileXRM 155 on at

    Hi Dan,

    The AD FS 4.0 compatibility problem does not show in typical use cases.

    For instance if the users are just using the CRM web app through https://orgname.domain.com it works fine every time. 

    But using the CRM SDK's own LoginControlTester.exe tool it is easy to reproduce the issue.

    First, change the logging level to Verbose in  this file LoginControlTester.exe.config in the <switches> section.

    Then run the LoginControlTester tool and fill the fields as shown below (NOTE: In Server use the internal CRM URL)

    LoginTesterTool4.png

    Click Login and you get this:

    LoginTesterTool2.png

    Select first Org and click Login and you get these two popups which means everything worked. 

    LoginTesterTool3.png   LoginTesterTool4.png

    But clicking the Login a second time (on the first page) it fails:

    LoginTesterTool5.png

    The error file opened from the link above says this:

    Source : mscorlib
    Method : HandleReturnMessage
    Date : 26/07/17
    Time : 17:51:31
    Error : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
    Stack Trace : Server stack trace:
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
    at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
    at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
    at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)
    ======================================================================================================================
    Inner Exception Level 1 :
    Source : Not Provided
    Method : Not Provided
    Date : 26/07/17
    Time : 17:51:31
    Error : At least one security token in the message could not be validated.
    Stack Trace : Not Provided
    ======================================================================================================================

    And in the Tools verbose log file called LoginControlTesterLog.txt, you'll find more details:

    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Created CrmConnectionManager
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : CheckBoxState = False
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : CheckBoxState = False
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : SetConfigKeyInfo, Key Count = 13
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Connecting to the Microsoft Dynamics CRM server...
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Using CRM deployment type Prem
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : SSL Connection = True
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Discovery URI is = crm.aidev.loc/.../Discovery.svc
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Initializing UII core connections to Microsoft Dynamics CRM...
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Connecting to the Microsoft Dynamics CRM server...
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Retrieving organizations from CRM...
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : DiscoverOrganizations - Initializing Discovery Server Object with crm.aidev.loc/.../Discovery.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - attempting to connect to CRM server @ crm.aidev.loc/.../Discovery.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - created CRM server proxy configuration for crm.aidev.loc/.../Discovery.svc - duration: 00:00:00.2624787
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - proxy requiring authentication type : Federation
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - Authenticated via Federation. Auth Elapsed:00:00:00.1067817
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - service proxy created - total create duration: 00:00:00.3722563
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : DiscoverOrganizations - Discovery Server Get Orgs Call Complete - Elapsed:00:00:00.4247037
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Found 2 Org(s)
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Connecting to the Microsoft Dynamics CRM server...
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Using CRM deployment type Prem
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : SSL Connection = True
    Microsoft.Xrm.Tooling.CrmConnectControl Verbose: 16 : DiscoveryServer indicated organization service location = crm.aidev.loc/.../Organization.svc
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Organization Service URI is = crm.aidev.loc/.../Organization.svc
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Validating connection to Microsoft Dynamics CRM...
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Initializing UII core connections to Microsoft Dynamics CRM...
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Validating connection to Microsoft Dynamics CRM...
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : Process is bypassed.. OrgDetail object was provided
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoveryServer indicated organization service location = crm.aidev.loc/.../Organization.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : Organization Service URI is = crm.aidev.loc/.../Organization.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : ConnectAndInitCrmOrgService - Initializing Organization Service Object
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : ConnectAndInitCrmOrgService - Requesting connection to Org with CRM Version: 8.2.1.176
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : ConnectAndInitCrmOrgService - Using ISerivceManagement
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : ConnectAndInitCrmOrgService - attempting to connect to CRM server @ crm.aidev.loc/.../Organization.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : ConnectAndInitCrmOrgService - created CRM server proxy configuration for crm.aidev.loc/.../Organization.svc - duration: 00:00:00.1293431
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : ConnectAndInitCrmOrgService - proxy requiring authentication type : Federation
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : ConnectAndInitCrmOrgService - Authenticated via Federation. Auth Elapsed:00:00:00.0319331
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : ConnectAndInitCrmOrgService - service proxy created - total create duration: 00:00:00.1612762
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : ConnectAndInitCrmOrgService - Proxy created, total elapsed time: 00:00:00.1625290
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : Beginning Validation of CRM Connection
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : Validation of CRM Connection Complete, total duration: 00:00:00.1247456
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : New Batch Manager Created, Max #of Batches:50000, Max #of RequestsPerBatch:5000
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Connection to CRM Complete [First connection was successful]
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : CheckBoxState = False
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : Claims Connection Token Debug:
    SecurityToken is Not Null
    Current Time is: 07/26/2017 15:17:50 + 2 Min for ValidFrom Check Only
    Token ValidFrom is 07/26/2017 15:17:48, Is Valid = True
    Token ValidTo is 07/26/2017 23:17:48, Is Valid = True
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : Executed Command - RetrieveEntity : GetEntityMetadata : duration: 00:00:00.0628716
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : SetConfigKeyInfo, Key Count = 13
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Connecting to the Microsoft Dynamics CRM server...
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Using CRM deployment type Prem
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : SSL Connection = True
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Discovery URI is = crm.aidev.loc/.../Discovery.svc
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Information: 8 : DiscoverOrganizations - Initializing Discovery Server Object with crm.aidev.loc/.../Discovery.svc
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Initializing UII core connections to Microsoft Dynamics CRM...
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - attempting to connect to CRM server @ crm.aidev.loc/.../Discovery.svc
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Connecting to the Microsoft Dynamics CRM server...
    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Retrieving organizations from CRM...
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - created CRM server proxy configuration for crm.aidev.loc/.../Discovery.svc - duration: 00:00:00.1244064
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - proxy requiring authentication type : Federation
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - Authenticated via Federation. Auth Elapsed:00:00:00.0159697
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Verbose: 16 : DiscoverOrganizations - service proxy created - total create duration: 00:00:00.1403761
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error: 2 : ERROR REQUESTING ORGS FROM THE DISCOVERY SERVER [Second connection failed]
    Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error: 2 : Source : mscorlib
    Method : HandleReturnMessage
    Date : 26/07/17
    Time : 17:17:53
    Error : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
    Stack Trace : Server stack trace:
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
    at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)
    ======================================================================================================================
    Inner Exception Level 1 :
    Source : Not Provided
    Method : Not Provided
    Date : 26/07/17
    Time : 17:17:53
    Error : At least one security token in the message could not be validated.
    Stack Trace : Not Provided
    ======================================================================================================================

    Microsoft.Xrm.Tooling.CrmConnectControl Error: 2 : Error Message: Exception logged by the CRM Connector control:
    Source : mscorlib
    Method : HandleReturnMessage
    Date : 26/07/17
    Time : 17:17:53
    Error : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
    Stack Trace : Server stack trace:
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
    at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
    at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
    at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)
    ======================================================================================================================
    Inner Exception Level 1 :
    Source : Not Provided
    Method : Not Provided
    Date : 26/07/17
    Time : 17:17:53
    Error : At least one security token in the message could not be validated.
    Stack Trace : Not Provided
    ======================================================================================================================

    Microsoft.Xrm.Tooling.CrmConnectControl Error: 2 : Error Message: Your security settings aren’t configured correctly. Contact your administrator to update your security settings.
    Source : mscorlib
    Method : HandleReturnMessage
    Date : 26/07/17
    Time : 17:17:53
    Error : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
    Stack Trace : Server stack trace:
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
    at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
    at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
    at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)
    ======================================================================================================================
    Inner Exception Level 1 :
    Source : Not Provided
    Method : Not Provided
    Date : 26/07/17
    Time : 17:17:53
    Error : At least one security token in the message could not be validated.
    Stack Trace : Not Provided
    ======================================================================================================================

    Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is = Your security settings aren’t configured correctly. Contact your administrator to update your security settings.

    However the actual error found in CRM Traces is more revealing:

    ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris.

    Audience: 'https : //crm.aidev.loc:444/XRMServices/2011/Discovery.svc'

    As you can see the Audience URI is wrong. It should be https://crm.aidev.loc:444 without the rest of the stuff.

    Why does the Audience URI include the path? Probably because it is a bug.

    External apps connecting to an IFD CRM fail (second time) when they try to connect either to the internal CRM URL or discovery service URL. 

    Please fix this Microsoft. Thanks.

  • Pierre Andre Joubert Profile Picture
    Pierre Andre Joubert 175 on at

    Hi Dan,

    There is still an issue with the App for Outlook and D365 on-premises.  I have been dealing with Microsoft on this although there is no fix at the moment.

    I will let you know once I have more.

    Regards

    Pierre

  • Pierre Andre Joubert Profile Picture
    Pierre Andre Joubert 175 on at

    Hi AgilePoint,

    How are the web server urls in the deployment admin configured?  Do you use crm.aidev.loc? Also do you have separate internal and external relying parties in ADFS?

    Regards

    Pierre

  • Community Member Profile Picture
    Community Member on at

    Hi AgilePoint, Thanks for the detailed explanation of the issue.  I have a ticket open with Microsoft, however, the engineer assign is not aware of this, so I shared the thread.  Unfortunately, looks like we’re dependent upon a fix from Microsoft before we’ll be able to use the Dynamics 365 Outlook App.  I’m hoping for some sort of workaround and will post it we get it. 

    I also see that Pierre Joubert is working on an issue with Microsoft.  As flakey as authentication is with the Outlook App, it sometimes works and I’ve discovered that it works more often from my Mac Outlook 2016 client and it never works from Outlook on Windows…

    Thanks Dan

  • AgilePoint AgileXRM Profile Picture
    AgilePoint AgileXRM 155 on at

    Hi Pierre,

    All web server URLs are https://crm.aidev.loc:444

    We have separate Internal and External RPs

    Thanks

  • Pierre Andre Joubert Profile Picture
    Pierre Andre Joubert 175 on at

    Hi AgilePoint,

    I have performed the same test using the Login Tester to my "Internal" URL defined in me web addresses as well as to my individual orgs and it has logged in without error.

    The ADFS Audience error is caused by ADFS not been aware of the URL.  The appending of the "/XRMServices/2011/Discovery.svc" to the base URL as it is required to identify the ORGs within your CRM environment.

    ADFS not knowing the URL is indicative of the RPs not been populated correctly.  Does the internal URL appear in your internal RP? And do the org URLs appear in the external RP?

    Also, can you update the federation data of the RPs without errors? (right-click -> update, or from the actions menu)

    Regards

    Pierre Joubert

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans