Federation metadata URL is not available

(0) Share

Report

Posted on by Community Member

Hi all,

I have a problem where the system checks window is returning a red cross in the Federation metadata URL after renewing the wildcard certs.

Some details:

CRM and ADFS are on two separate servers and includes an ADFS Proxy in the DMZ.

Everything was working fine until we changed the certificates, after the new certificates were installed to all three servers

1. Server 2008 R2 - CRM 2011 – UR18

2. Server 2008 R2 - ADFS

3. Server 2008 R2 - ADFS Proxy

All service accounts were again granted read privileges on the new certs crm apppool, adsf service account on both the proxy and ADFS.

When running through the CRM deployment manager and configuring claims based authentication, the system checks returned a red x under Federation metadata URL with a description - The federation metadata URL "https://"adfs.domainname"/federationmetadata/2007-06/federationmetadata.xml". I then pasted this URL into IE and can browse to the ADFS instance with no certificate errors.

All DNS entries resolve correctly and I can browse to CRM via the local host.

Any assistance would be appreciated.

*This post is locked for comments

I have the same question (0)

All responses (7)

Answers (0)

Community Member on at

Like (0)

Report

I've been having the exact same problem since yesterday.

Haven't found a solution yet.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi Mark,

we have the same issue.

can you tell me what you did to resolve this issue?

thanks in advance

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Hi V.B.

we experience the same problem.

what did you do to resolve the problem?

thanks in advance for your answer

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

Unfortunately we could not resolve this issues and performed a re-install of CRM, not the news you would like to hear...

Was this reply helpful? Yes No
Suggested answer

Abarao Bhople 445 on at

Like (0)

Report

Hi MarkGi,

if you are facing same issue like Mark, make sure after replacing the Certificates on ADFS and ADFS Proxy sever set those certificates as a Primary and restarted ADFS services and IIS on both the servers.

for more details please refer below URL.

community.dynamics.com/.../356722

Thank you !

Was this reply helpful? Yes No
Suggested answer

Community Member on at

Like (2)

Report

One more thing to look which I found out after hardening the server:

While ADFS and CRM work fine if you disable TLSv1, you will not be able to update/pass check on the federation metadata.

In our case, I deployed everything, then harden it. No problems there. However, when it came time to renew the certificates, I could not get the wizard to go through (it could not read the federationmetadata.xml).

So, you can use a tool like IISCrypto to re-enable temporary TLSv1, get your cert renewed, and then disable it.

Was this reply helpful? Yes No
Suggested answer

AAToledano 92 on at

Like (0)

Report

Thanks!!!!! I've been stuck on this problema for hours until I read your post.

Was this reply helpful? Yes No

Community site session details

Federation metadata URL is not available

Helpful resources

Quick Links

Responsible AI policies

Neeraj Kumar – Community Spotlight

Congratulations to the November Top 10 Community Leaders!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

Featured topics

Product updates

Community site session details

Federation metadata URL is not available

Helpful resources

Quick Links

Responsible AI policies

Neeraj Kumar – Community Spotlight

Congratulations to the November Top 10 Community Leaders!

Subscribe to this forum!

Select categories

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

Featured topics

Product updates