web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Sign Up for Ask a Community Pro Today!
Introducing our New Video Series: Community Spotlight
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Reverting from IFD/ADF...
Customer experience | Sales, Customer Insights,...
Suggested Answer

Reverting from IFD/ADFS to "local" login: Issues with discovery URL

(0) ShareShare
ReportReport
Posted on by rowdy146 125

Dear all,

due to security reasons we removed public access for our Dynamics 365 v9.1.16.20 on-prem environment.
Mobile users (with Resco Mobile CRM App) have been sucessfully covered by managed VPN solution via MDM.

Next step is to remove IFD/ADFS login method which we tried at first on a test box.
Browser access works fine by https://fqdn/ORGNAME

Currently we are struggling at connection with Resco Mobile CRM app (and also XRMToolbox).
Both obviously can´t access Discovery URLs to browse Organizations.

Error message in XRMToolbox
pastedimage1682604845714v1.png


Error message within Resco App:

Platform: iOS
XRMConnectFailed: HttpException: HTTP Error not found (404)

Crm2011ConnectFailed: RescoSoapException: Server-Fehler: MSIS7069: The specified request failed.

CRM4: Disco connection failed to :'fqdn/.../CrmDiscoveryService.asmx'
Crm4ConnectFailed: InvalidOperationException: Unexpected Http response (Html formatted)| HttpException: HTTP Error no error (200)

For my understanding the "orgname" portion is missing within discovery URL, it should be like: https://fqdn/ORGNAME/MSCRMServices/2007/AD/CrmDiscoveryService.asmx'
Pasting this URL into a browser shows discovery page.

Did we miss anything after going back to "local" AD login?
Can someone shed some light on this??

Thanks in advance for your help, let me know if I missed any information around this.
Oliver

I have the same question (0)
  • Suggested answer
    XM-22040801-0 Profile Picture
    XM-22040801-0 11 on at

    Hi,

    If you do not use IFD, you must add the name of the organization at the end of the url.

    Could you try with https://fqdn/ORGNAME instead of https://fqdn/ in XrmToolBox.

    Could you share your XrmToolBox parameters ?

    Do you set the url in the Deployment manager ?

  • rowdy146 Profile Picture
    rowdy146 125 on at

    Hi Xavier,

    first I have to correct: We are on v9.1.16.20

    In XRMToolbox I already used https://fqdn/ORGNAME but the ORGNAME portion is dropped as you can see in the log:

    pastedimage1682691309518v1.png

    pastedimage1682691337387v2.png

    pastedimage1682691346818v3.png

    pastedimage1682691381427v4.png

    pastedimage1682691495992v5.png

    pastedimage1682691509320v6.png

    This is what we have setup in deployment manager:

    pastedimage1682691545068v7.png

  • Suggested answer
    XM-22040801-0 Profile Picture
    XM-22040801-0 11 on at

    Ok, your configuration looks good.

    Can you navigate to the url https://****.local/XRMServices/2011/Discovery.svc in private navigation? Do you receive an authentication request? You should not receive any.

    Do you have a similar result ?

    pastedimage1682706949010v4.png

    Can you check if you have the same Authentication settings (in IIS) in the directory XRMDeployment and 2011 (must be the same as XRMDeployment) ?

    pastedimage1682706533916v1.png=>pastedimage1682706549103v2.png=>pastedimage1682706570363v3.png

  • Pedro Cadavez de Freitas Profile Picture
    Pedro Cadavez de Fr... on at

    Agree with Xavier Monin advice.

    Post installation articles around IFD and CRM extensibilities like outlook app will contain a section to disable windows authentication on some IIS CRM site folders. That needs to be reverted back:

    learn.microsoft.com/.../post-installation-configuration-guidelines-dynamics-365

  • rowdy146 Profile Picture
    rowdy146 125 on at

    Hi Xavier,

    this is what I get in a private Session, there´s no Authentication Window coming up:
    pastedimage1683011564842v1.png

    pastedimage1683011581435v2.png

    I get the servicepage when manually adding the ORGANIZATION portion to the URL.
    There´s also no authentication needed then:

    pastedimage1683012006630v3.png

    These are the authentication settings within IIS:

    pastedimage1683012232448v1.png
    pastedimage1683012255762v3.png

  • rowdy146 Profile Picture
    rowdy146 125 on at

    Pedro,

    we have deactivated IFD auth.

    The linked article points to steps that have to be done after activating IFD, did I get that right?

  • Pedro Cadavez de Freitas Profile Picture
    Pedro Cadavez de Fr... on at

    Yes, those should be checked and see if you need to revert something you did after enabling IFD.

  • Suggested answer
    XM-22040801-0 Profile Picture
    XM-22040801-0 11 on at

    Ok, we found something !

    https://****.local/XRMServices/2011/Discovery.svc and https://****.local/ORGNAME/XRMServices/2011/Discovery.svc must return the discovery service without error.

    We must fix the "Error, Retry this action. If the error persist ..".

    Can you navigate to https://****.local/XRMServices/2011/Discovery.svc and look in the Event Viewer of the server if you have a more explicit error ?

    You can also enable trace log (error level). See learn.microsoft.com/.../how-to-enable-tracing-in-dynamics-crm

    Otherwise, I have a few more questions.

    Do you have multiple organizations on the deployment?

    Did you restart the asynchronous service? Can you try to disable and re-enable the organization in the deployment manager? You can also try to remove the organization and re-import it.

  • Hüseyin Sahin Profile Picture
    Hüseyin Sahin on at

    Hi,

    can you please execute below queries:

    SELECT

          [ColumnName]

         ,[BitColumn]

         ,[NVarCharColumn]

         ,[Encrypted]

     FROM [MSCRM_CONFIG].[dbo].[DeploymentProperties]

    Where ColumnName like 'AD%'

    or ColumnName like 'IFD%'

    USE MSCRM_CONFIG

    select * from FederationProviderProperties

    select * from FederationProvider

    This will allow us to understand if the rollback of Claims and IFD was successfully done.

    In some scenarios there are still some leftovers in the DB.

    Can you connect / authenticate with PluginRegistrationTool?

    What is the result?

    a) How does it behave when you call the URL NON-FQDN? http://crm8tst/Orgname ?

    b) How does it behave when you call it via IP?

    Also a Edge Network Log / Chrome Network Log would help to understand further.

    The error message points to the URI did not return any Service.

    Where was the ADFS deployed? If it was on the same box there is a high chance that the Port / URLs are still registered with ADFS.

    You can verify via:

    NETSH SHOW HTTP URLACL

  • rowdy146 Profile Picture
    rowdy146 125 on at

    Hi Xavier,

    when opening the discovery page without ORGNAME in URL, I get these 3 errors in Eventlog.

    Error message of all 3 is slightly the same:
    pastedimage1683034688191v1.png

    We have 5 organizations enabled.
    Restartet Async Service some minutes ago, without any changes.
    Also dis- and enabled one of the organizations and removed and re-imported it. -> No change.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Sign Up for Ask a Community Pro Today!
Introducing our New Video Series: Community Spotlight

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the December Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 93 Super User 2025 Season 2

#2
TAHER_El_Mehdi Profile Picture

TAHER_El_Mehdi 30

#3
Satyam Prakash Profile Picture

Satyam Prakash 24

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans