Skip to main content

Notifications

Announcements

Join us in the Community for an AMA: December 12th Register Today
News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / ADFS 3.0 IFD - ID3242...
Microsoft Dynamics CRM (Archived)

ADFS 3.0 IFD - ID3242: The security token could not be authenticated or authorized.

(0) ShareShare
ReportReport
Posted on by Community Member Microsoft Employee

Hello,

I have been pulling my hair out over last week trying to resolve this issue. After configuring IFD on dynamics 365 server on premise. I am able to log in via browser with no issue, but when i use sdk, particularly CrmServiceClient to connect i get the following error. ID3242: The security token could not be authenticated or authorized. I am sure the username and password are correct, i have  tried with multiple different users and different username formatting (domain\user , user, user@domain.com) all resulting in same error. login test provided the following:

======================================================================================================================

Source	: System.ServiceModel
Method	: ReadResponse
Date	: 8/15/2017
Time	: 8:28:52 AM
Error	: ID3242: The security token could not be authenticated or authorized.
Stack Trace	: at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)
   at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateFederationInternal(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceConfiguration.Authenticate(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ClaimsIFDFailOverAuth[T](IServiceManagement`1 servicecfg, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, Int32 depthLevel, Boolean tryNetworkCred)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.CreateAndAuthenticateProxy[T](IServiceManagement`1 servicecfg, Uri ServiceUri, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, String LogString)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
   at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
   at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)
======================================================================================================================

Source	: System.ServiceModel
Method	: ReadResponse
Date	: 8/15/2017
Time	: 8:29:19 AM
Error	: ID3242: The security token could not be authenticated or authorized.
Stack Trace	: at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)
   at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateFederationInternal(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceConfiguration.Authenticate(AuthenticationCredentials authenticationCredentials)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ClaimsIFDFailOverAuth[T](IServiceManagement`1 servicecfg, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, Int32 depthLevel, Boolean tryNetworkCred)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.CreateAndAuthenticateProxy[T](IServiceManagement`1 servicecfg, Uri ServiceUri, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, String LogString)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
   at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
   at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)
======================================================================================================================

Source	: mscorlib
Method	: HandleReturnMessage
Date	: 8/15/2017
Time	: 8:31:26 AM
Error	: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Stack Trace	: Server stack trace: 
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)
   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)
   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
   at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)
   at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)
======================================================================================================================
Inner Exception Level 1	: 
Source	: Not Provided
Method	: Not Provided
Date	: 8/15/2017
Time	: 8:31:26 AM
Error	: At least one security token in the message could not be validated.
Stack Trace	: Not Provided
======================================================================================================================


======================================================================================================================
Source : System.ServiceModelMethod : ReadResponseDate : 8/15/2017Time : 8:28:52 AMError : ID3242: The security token could not be authenticated or authorized.Stack Trace : at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)   at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateFederationInternal(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceConfiguration.Authenticate(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ClaimsIFDFailOverAuth[T](IServiceManagement`1 servicecfg, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, Int32 depthLevel, Boolean tryNetworkCred)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.CreateAndAuthenticateProxy[T](IServiceManagement`1 servicecfg, Uri ServiceUri, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, String LogString)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)   at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)   at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)======================================================================================================================
Source : System.ServiceModelMethod : ReadResponseDate : 8/15/2017Time : 8:29:19 AMError : ID3242: The security token could not be authenticated or authorized.Stack Trace : at System.ServiceModel.Security.WSTrustChannel.ReadResponse(Message response)   at System.ServiceModel.Security.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateFederationInternal(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceConfiguration.Authenticate(AuthenticationCredentials authenticationCredentials)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ClaimsIFDFailOverAuth[T](IServiceManagement`1 servicecfg, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, Int32 depthLevel, Boolean tryNetworkCred)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.CreateAndAuthenticateProxy[T](IServiceManagement`1 servicecfg, Uri ServiceUri, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, String LogString)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)   at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)   at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)======================================================================================================================
Source : mscorlibMethod : HandleReturnMessageDate : 8/15/2017Time : 8:31:26 AMError : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.Stack Trace : Server stack trace:    at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)   at Microsoft.Xrm.Sdk.Discovery.IDiscoveryService.Execute(DiscoveryRequest request)   at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)   at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)   at Microsoft.Xrm.Tooling.Connector.CrmServiceClient.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential)   at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)======================================================================================================================Inner Exception Level 1 : Source : Not ProvidedMethod : Not ProvidedDate : 8/15/2017Time : 8:31:26 AMError : At least one security token in the message could not be validated.Stack Trace : Not Provided======================================================================================================================

*This post is locked for comments

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join us in the Community for an AMA: December 12th Register Today

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,253 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,188 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans