Dynamics Community Forum Thread Details

Hi guys.

Had CRM 2015 on premises server. Went from HTTP to HTTPS (claims based authentication). We haven't configured IFD yet. Currently only claims based authentication between CRM server and ADFS 4.0 is established.

After we went from HTTP to HTTPS, Outlook CRM addin stopped working. We ran a configuration again and put: https://crm.domain.com/OrganizationName, we get a credentials pop-up windows where we put UPN and after that an error appears. We have even went with upgrading CRM from 2015 to 2016 on server side, but the error on outlook addin client side reamins the same :( please help

19:54:18|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm._serverUrlConnectButton_Click
19:54:18|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.TestConnection
19:54:18|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.TestConnection
19:54:18|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm._serverUrlConnectButton_Click
19:54:18|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm.RunEnvironmentDiagnostics
19:54:18|Verbose| Method entry: Microsoft.Crm.Application.Outlook.ConfigDiagnostics.DiagnosticEngine.Run(Environment)
19:54:18|Verbose| Method entry: Microsoft.Crm.Application.Outlook.ConfigDiagnostics.LocalTimeDiagnostic.ExecuteInternal
19:54:18|   Info| Current UTC date/time from halcom.local: 11/06/2016 18:54:18
19:54:18|   Info| NetApiStatus for NetApiBufferFree: 0
19:54:18|   Info| Client UTC Date/Time: 11/06/2016 18:54:18
19:54:18|   Info| Difference (in minutes) between client time and actual time: 0.000224168333333333
19:54:18|Verbose| Method exit: Microsoft.Crm.Application.Outlook.ConfigDiagnostics.LocalTimeDiagnostic.ExecuteInternal
19:54:18|Verbose| Method exit: Microsoft.Crm.Application.Outlook.ConfigDiagnostics.DiagnosticEngine.Run(Environment)
19:54:18|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm.RunEnvironmentDiagnostics
19:54:18|   Info| Attempting AD (https) org service connection.
19:54:51|   Info| Fill organization comboBox with server information.
19:54:51|Verbose| Method entry: Microsoft.Crm.Application.Outlook.Config.ServerForm._selectOrganizationButton_Click
19:54:51|Verbose| Method exit: Microsoft.Crm.Application.Outlook.Config.ServerForm._selectOrganizationButton_Click
19:54:52| Error| Exception : An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Server stack trace:
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Xrm.Sdk.IOrganizationService.Execute(OrganizationRequest request)
   at Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy.ExecuteCore(OrganizationRequest request)
   at Microsoft.Crm.Application.SMWrappers.ClientOrganizationServiceProxyBase.Execute(OrganizationRequest request)
   at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProviderBase`1.VerifyUser(IClientOrganizationContext context)
   at Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvider`1.SignIn(AuthUIMode uiMode, IClientOrganizationContext context, Control parentWindow, Boolean retryOnError)
   at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo`1.GetAuthenticatedProvider(OrganizationDetail orgDetail, Control parentWindow)
   at Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadDataToServerInfo()
   at Microsoft.Crm.Application.Outlook.Config.ServerForm.<InitializeBackgroundWorkers>b__3(Object sender, DoWorkEventArgs e)
   at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
19:54:52| Error| Exception : At least one security token in the message could not be validated.
19:54:52| Error| Dynamic Help Link: go.microsoft.com/fwlink;lcid=409&cv=8.1.0.371&opsys=6.3.9600.0&cid=1a03e5e4-9710-4344-8e95-055bfade4947&client=Outlook&error=System.ServiceModel.Security.MessageSecurityException%3a80131501%26System.ServiceModel.FaultException%3a80131501&method=HandleReturnMessage&st=
Server stack trace:
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Thanks for the reply.

Our company has public Certificate Authority so they have published me the cert.

There are no certificates warning (at least on browser side), root and intermediate certs are where they should be.

We have also ran this powershell commands on ADFS 4.0 side:

Set-ADFSRelyingPartyTrust -TargetName CRM -EncryptionCertificateRevocationCheck None

Set-ADFSRelyingPartyTrust -TargetName CRM -SigningCertificateRevocationCheck None

The steps you have provided (technet.microsoft.com/.../gg188575.aspx) have already been done. Claims based auth. thru IE internally works ok. IFD is not configured yet.

I had followed also this instructions "technet.microsoft.com/.../gg188615.aspx", but putting that registry key did not have any effect:

b.Open the registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MSCRMClient.

c.Create the registry string HomeRealmUrl.

I have even enabled Windows identity 3.5 on client win 10 x64 machine, that also did not help.

Cleared all the cached credentials, ran ccleaner, cleared %TMP%, rebooted dozens of time, and nothing helped.

Is maybe this related to IFD not being deployed yet? Like I said, only claim based authentication with ADFS 4.0 (on seperated server then CRM 2016) is currently configured.

For IFD there are still some things unclear, for example we would like to configure it thru WAP, but there isn't any good tutorial for configuring it with WAP (or we haven't found it yet). :/

CRM outlook addin stopped working after configuring Claims-Based Authentication

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Top 10 leaders for November!

Tips for Writing Effective Suggested Answers

Leaderboard

Featured topics

Product updates