web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / The authentication end...
Microsoft Dynamics CRM (Archived)

The authentication endpoint Kerberos/Username was not found

(0) ShareShare
ReportReport
Posted on by Community Member

Hi all,

We've got CRM 2016 on premises (SP 1.1) and IFD enabled with ADFS 3.0 (Windows 2012 R2). The CRM site can be accessed without any issues from any browser. But when we try to connect to the API using any custom application, like Plugin Registration tool or XrmToolbox, we get the following errors...

On plugin registration tool, if we select use default credentials...

The authentication endpoint Kerberos was not found on the configured Secure Token Service!

If we enter user name and password (domain/username or username@domain formats)...

The authentication endpoint Username was not found on the configured Secure Token Service!

I've confirmed following endpoints are enabled in AD FS and all services restarted and IISReseted...

  • /adfs/services/trust/13/username
  • /adfs/services/trust/13/kerberosmixed

Still we're stuck with same error messages. Most of the stuff found on Google talks about applying manual fixes on older versions of CRM and AD FS and we've exhausted trying almost all of them already. As soon as claims based authentication is disabled in CRM, everything starts working fine.

Also, it doesn't look like we're alone...

https://www.comunidad365.com/topico/error-de-autenticacion-mediante-api-crm-2016-onpremise-con-ifd/#.WbDap7LhrIW

Any help is much appreciated.

Thanks,

Nilhan 

*This post is locked for comments

I have the same question (0)
  • Abarao Bhople Profile Picture
    Abarao Bhople 445 on at

    Hi Nilhan,

    You may  try below URL 

    https://social.microsoft.com/Forums/en-US/f3171b35-d3a3-4730-bea7-8c1667b27bbe/the-authentication-endpoint-kerberos-was-not-found-on-the-configured-secure-token-service?forum=crm

    Thank you !

    Abarao Bhople

  • Community Member Profile Picture
    Community Member on at

    Thanks Abarao.

    All the user accounts we tested already have UPNs in AD. I believe that post is quite out-dated.

    Cheers,

    Nilhan

  • Philip Küsel Profile Picture
    Philip Küsel 30 on at

    Hi Nihlan.

    Are you sure you have the PluginRegistration Tool from the latest SDK.
    I recall that I've gotten this issue before, and it was due to some .dll files for it that was old.
    You can try to to replace the Microsoft.Xrm.*, as well as Microsoft..Crm.* .dll's with ones from "\Program Files\Microsoft Dynamics CRM\Server\bin" into the PluginRegistration folder.

    Best Regards.
    Philip

  • Community Member Profile Picture
    Community Member on at

    Thanks for the reply Philip. I'm pretty sure I'm using tool from latest SDK. Few others suggested using an older version as well. I'll double check both.

    Also note that issue is not only limited to Plugin Registration tool. Same can be seen in latest versions of Kingswaysoft, XrmToolbox and CRM Outlook plugin. So basically it is endemic to anything other than a browser. Our clients network security is overwhelmingly complex where almost everything is denied or blocked unless there's a identified/written requirement, right down to the last bit of detail. It's a security expert's heaven, but a software developer's nightmare.

    Hence the current line of troubleshooting is focused on the key differences in messages exchanged in browser and custom tool scenarios.

    Cheers,

    Nilhan

  • Verified answer
    Community Member Profile Picture
    Community Member on at

    Nailed it!

    Turns out Plugin Registration Tool and other .net apps try to use TLS 1.0 or SSL 3.0 and fails if neither works. In the network, all network devices leading up to the CRM server is hard wired to use TLS v1.2. Browsers are one step ahead as they negotiate with TLS v1.2.

    To fix it, add 2 registry keys as per following advisory (better to restart afterwards)...

    technet.microsoft.com/.../2960358.aspx

    Hope this helps someone.

    Cheers,

    Nilhan

  • Community Member Profile Picture
    Community Member on at

    Are you sure you're actually hitting the ADFS?  We have the same configuration as you and it works without issue.

    Try running fiddler on the client and use the user the username/password method (Kerberos will most likely not work with fiddler).   Check you're actually hitting the box.

  • Community Member Profile Picture
    Community Member on at

    How did you find out that it was a TLS issue?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans