Certificate issue on adding relaying party in CRM ADFS

(0) Share

Report

Posted on by Alagunellaikumar

6,212

Hi

While configuring ADFS server, I have given *.companyname.org. Then in the CRM deployment manager configure claim based authentication
1524.2.png

Then I am trying to add relaying party in ADFS below error occur see image below. Also i try to open the below url in IE, certificate issue occured
https://internalcrm.companyName.internal.com:444/FederationMetadata/2007-06/FederationMetadata.xml
5238.3.png

*This post is locked for comments

I have the same question (0)

All responses (6)

Answers (2)

Suggested answer

Andreas Cieslik 9,267 on at

Like (0)

Report
Copy link

Link copied!

Here are guides for...

CRM 2013 IFD:

blogs.msdn.microsoft.com/.../step-by-step-configuring-crm-2013-internet-facing-deployment-ifd

CRM 2016 IFD on Windows 2012 R2 Server:

www.interactivewebs.com/.../how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server

It is important to not leave out steps in the configuration. If you have issue with certificate then please re-check the part on creating certificates in these guides. Next would be to check your DNS settings.

Cheers,

Andreas

Was this reply helpful? Yes No
Verified answer

a33ik 84,331 Most Valuable Professional on at

Like (1)

Report
Copy link

Link copied!

Hello,

Check this thread again - community.dynamics.com/.../219446 (and close it if my reply answers your question).

To make your IFD work you should use the same domains for all the servers like:

adfs.companyname.org

internalcrm.companyname.org

dev.companyname.org

auth.companyname.org

e.t.c.

Check this article - www.interactivewebs.com/.../how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server

I usually use it during configuration of IFD.

Was this reply helpful? Yes No
Alagunellaikumar 6,212 on at

Like (0)

Report
Copy link

Link copied!

Hi Andrii

Based on your guidance every step up is done but when i try to login CRM with the below url

[View:https://CRMOrganazationName.company.org:0:0]

login page is displayed but after providing credentials below error occur

Was this reply helpful? Yes No
Suggested answer

a33ik 84,331 Most Valuable Professional on at

Like (1)

Report
Copy link

Link copied!

That means that you forgot to do one of steps. I would suggest to turn on trace on CRM side, restart IIS, retry log in and check trace after error occurs. That should point you to source of error. Check this article that describes how to turn on trace - support.microsoft.com/.../907490

Was this reply helpful? Yes No
Suggested answer

Brad Sprigg 985 on at

Like (0)

Report
Copy link

Link copied!

Hi Alagunellaikumar

The first thing I check in similar situations is that I can navigate to the URL that I am adding to ADFS, if doing that gives a certificate error or doesn't resolve, you will need to fix that before being able to add it to ADFS. If you have any reported certificate issue you will not be able to get that URL to work with CRM/ADFS.

Was this reply helpful? Yes No
Verified answer

Alagunellaikumar 6,212 on at

Like (0)

Report
Copy link

Link copied!
Hi All,

This issue is due to my sts is not properly configured. The followings steps are done to resolve my issue.

First check ActiveMexEnpoint column value from FederationProvider table in MSCRM_Config and paste the value in the IE whether able to open or not

If not open then configure SPN
Setspn –a {get ActiveMexEndpoint column name value from SQL} domain\machine name of the server

Cross check *.{issuedto} in the Internet options->security->Local intranet-> Sites -> Add

{ issuedto} = ADFS and CRM SSL certificate issued to

Was this reply helpful? Yes No