Certificate issue on adding relaying party in CRM ADFS

(0) Share

Report

Posted on by Alagunellaikumar

6,210

Hi

While configuring ADFS server, I have given *.companyname.org. Then in the CRM deployment manager configure claim based authentication
1524.2.png

Then I am trying to add relaying party in ADFS below error occur see image below. Also i try to open the below url in IE, certificate issue occured
https://internalcrm.companyName.internal.com:444/FederationMetadata/2007-06/FederationMetadata.xml
5238.3.png

*This post is locked for comments

All responses (6)

Answers (2)

Verified answer

Alagunellaikumar 6,210 on at

Like (0)

Report
RE: Certificate issue on adding relaying party in CRM ADFS

Hi All,

This issue is due to my sts is not properly configured. The followings steps are done to resolve my issue.

First check ActiveMexEnpoint column value from FederationProvider table in MSCRM_Config and paste the value in the IE whether able to open or not

If not open then configure SPN
Setspn –a {get ActiveMexEndpoint column name value from SQL} domain\machine name of the server

Cross check *.{issuedto} in the Internet options->security->Local intranet-> Sites -> Add

{ issuedto} = ADFS and CRM SSL certificate issued to
Suggested answer

Brad Sprigg 985 on at

Like (0)

Report

RE: Certificate issue on adding relaying party in CRM ADFS

Hi Alagunellaikumar

The first thing I check in similar situations is that I can navigate to the URL that I am adding to ADFS, if doing that gives a certificate error or doesn't resolve, you will need to fix that before being able to add it to ADFS. If you have any reported certificate issue you will not be able to get that URL to work with CRM/ADFS.
Suggested answer

a33ik 84,323 Most Valuable Professional on at

Like (1)

Report

RE: Certificate issue on adding relaying party in CRM ADFS

That means that you forgot to do one of steps. I would suggest to turn on trace on CRM side, restart IIS, retry log in and check trace after error occurs. That should point you to source of error. Check this article that describes how to turn on trace - support.microsoft.com/.../907490
Alagunellaikumar 6,210 on at

Like (0)

Report

RE: Certificate issue on adding relaying party in CRM ADFS

Hi Andrii

Based on your guidance every step up is done but when i try to login CRM with the below url

[View:https://CRMOrganazationName.company.org:0:0]

login page is displayed but after providing credentials below error occur
Verified answer

a33ik 84,323 Most Valuable Professional on at

Like (1)

Report

RE: Certificate issue on adding relaying party in CRM ADFS

Hello,

Check this thread again - community.dynamics.com/.../219446 (and close it if my reply answers your question).

To make your IFD work you should use the same domains for all the servers like:

adfs.companyname.org

internalcrm.companyname.org

dev.companyname.org

auth.companyname.org

e.t.c.

Check this article - www.interactivewebs.com/.../how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server

I usually use it during configuration of IFD.
Suggested answer

Andreas Cieslik 9,265 on at

Like (0)

Report

RE: Certificate issue on adding relaying party in CRM ADFS

Here are guides for...

CRM 2013 IFD:

blogs.msdn.microsoft.com/.../step-by-step-configuring-crm-2013-internet-facing-deployment-ifd

CRM 2016 IFD on Windows 2012 R2 Server:

www.interactivewebs.com/.../how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server

It is important to not leave out steps in the configuration. If you have issue with certificate then please re-check the part on creating certificates in these guides. Next would be to check your DNS settings.

Cheers,

Andreas