web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Claims login fails wit...
Microsoft Dynamics 365 | Integration, Dataverse...
Answered

Claims login fails with ADFS error after some organization have been disabled

(2) ShareShare
ReportReport
Posted on by CW-11121959-0 51
I have setup a new 9.1 on-premise environment to migrate my 8.2 organizations. I have configured ADFS, have imported some 8.2 orgs and created a new vanilla org.
 
I am able log in to all the orgs and run standard Dynamics functionality. But have the following issues:
 
1. When I disable any organization in the Deployment Manager and iireset I am no longer able to login to the enabled organizations and get the following ADFS error:
  • Error details: MSIS7042: The same client browser session has made '6' requests in the last '2' seconds. Contact your administrator for details.
2. The sandbox isolated plug-ins fail in my imported databases
3. My frontend and async trace logs are full of these errors
 
Crm Exception: Message: CertificateData for CertificateType: AppFabricIssuer not found., ErrorCode: -2147098055
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception
System.ComponentModel.Win32Exception (0x80004005): The target principal name is incorrect
System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.
System.InvalidOperationException: The client certificate is not provided. Specify a client certificate in ClientCredentials. 
 
All the errors seem to be authentication/certificate related errors but it is strange that I am able to login and run all parts of a standard CRM application (if I have all my organizations enabled). I would think if I have account or certificate errors I would never be able to login.
 
Any help would be appreciated.
 
I have setup many 8.2 environments in the exact same way and have never had these errors.
 
 
Categories:
Dynamics 365 general
I have the same question (0)
  • Verified answer
    ArchitectMadhan Profile Picture
    ArchitectMadhan 458 on at
    Hi,
     

    The error MSIS7042 indicates that the same client browser session has made multiple requests in a short period, which is often due to a loop detection mechanism in ADFS.  This can happen if a relying party (RP) is not configured correctly and repeatedly requests tokens. Here are some steps to troubleshoot this:

    • Check Relying Party Trusts: Ensure that the relying party trusts in ADFS are correctly configured and not causing repeated token requests.
    • Adjust Loop Detection Settings: You can adjust the loop detection settings in ADFS using PowerShell. For example: 
      Set-AdfsProperties -LoopDetectionMaximumTokensIssuedInterval 5 -LoopDetectionTimeIntervalInSeconds 20
      This command sets the maximum tokens issued interval and the time interval in seconds.
    • Review ADFS Logs: Enable ADFS tracing to get more detailed logs and identify the root cause of the issue.

    2. Sandbox Isolated Plug-ins Fail

    Sandbox isolated plug-ins can fail due to several reasons, often related to misconfiguration of the sandbox service. Here are some steps to troubleshoot:

    • Check Sandbox Service Configuration: Ensure that the sandbox service is correctly configured and running. Misconfiguration can cause isolated plug-ins to fail.
    • Review Plugin Registration: Verify that the plug-ins are correctly registered and that their isolation mode is set to "Sandbox".
    • Examine Plugin Code: Ensure that the plug-in code does not attempt to perform operations that are restricted in the sandbox environment, such as accessing the file system or certain network protocols.

    3. Frontend and Async Trace Logs Errors

    The errors in your trace logs seem to be related to authentication and certificate issues. Here are some steps to address these:

    • Check Certificates: Ensure that all required certificates are correctly installed and configured. The error CertificateData for CertificateType: AppFabricIssuer not found suggests a missing or misconfigured certificate.
    • Review SPN Configuration: The error The target principal name is incorrect indicates a possible issue with Service Principal Names (SPNs). Verify that the SPNs are correctly configured for your services.
    • Update Client Credentials: Ensure that client certificates are correctly specified in the client credentials.
    If you find this solution useful, please like it and accept it as answer.
    -ArchitectMadhan

     

  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 300,917 Super User 2025 Season 2 on at
    Moved the question to the CRM forum.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Siv Sagar Profile Picture

Siv Sagar 93 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 76

#3
Martin Dráb Profile Picture

Martin Dráb 64 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans