Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Reverting from IFD/ADF...
Customer experience | Sales, Customer Insights,...
Suggested answer

Reverting from IFD/ADFS to "local" login: Issues with discovery URL

(0) ShareShare
ReportReport
Posted on by rowdy146 125

Dear all,

due to security reasons we removed public access for our Dynamics 365 v9.1.16.20 on-prem environment.
Mobile users (with Resco Mobile CRM App) have been sucessfully covered by managed VPN solution via MDM.

Next step is to remove IFD/ADFS login method which we tried at first on a test box.
Browser access works fine by https://fqdn/ORGNAME

Currently we are struggling at connection with Resco Mobile CRM app (and also XRMToolbox).
Both obviously can´t access Discovery URLs to browse Organizations.

Error message in XRMToolbox
pastedimage1682604845714v1.png


Error message within Resco App:

Platform: iOS
XRMConnectFailed: HttpException: HTTP Error not found (404)

Crm2011ConnectFailed: RescoSoapException: Server-Fehler: MSIS7069: The specified request failed.

CRM4: Disco connection failed to :'fqdn/.../CrmDiscoveryService.asmx'
Crm4ConnectFailed: InvalidOperationException: Unexpected Http response (Html formatted)| HttpException: HTTP Error no error (200)

For my understanding the "orgname" portion is missing within discovery URL, it should be like: https://fqdn/ORGNAME/MSCRMServices/2007/AD/CrmDiscoveryService.asmx'
Pasting this URL into a browser shows discovery page.

Did we miss anything after going back to "local" AD login?
Can someone shed some light on this??

Thanks in advance for your help, let me know if I missed any information around this.
Oliver

  • Hüseyin Sahin Profile Picture
    Hüseyin Sahin on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    Hello Oliver,

    can you please raise a case with Microsoft Support as we need to have a detailed look on the behavior?

    You can share the Case ID here and we will get in touch with you.

    Thx!

  • rowdy146 Profile Picture
    rowdy146 125 on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    PS: Managed to deal with the LoginControlTester Tool, the result is the same as with e.g. Resco Mobile App or XRMToolbox:

    pastedimage1683620117696v1.png

    Also the same when adding the ORGANIZATION Portion to the "Server" String

  • rowdy146 Profile Picture
    rowdy146 125 on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    Hi @all,

    can someone shed some more light on the behaviour with the supplied information or is there something else missing?

    Best

    Oliver

  • rowdy146 Profile Picture
    rowdy146 125 on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    Regarding 1): tried it but had no improve.
    Created crmtrace and also net-export with http binding, see attached files

    trace.zip

    Regarding 2): did you mean to create crmtrace & net-export to be created with https binding?
    Or is it ok to have it only with http?

    This is the output of your powershell:

    PS C:\WINDOWS\system32> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
PS C:\WINDOWS\system32> $downloadURL ='https://crm8tst.domain.local/XRMServices/2011/Discovery.svc?WSDL'
PS C:\WINDOWS\system32> $downloadRequest = Invoke-WebRequest -Uri $downloadURL
PS C:\WINDOWS\system32> $downloadRequest | fl


StatusCode        : 200
StatusDescription : OK
Content           :
                    
    
                    An error has occurred.
                    

    
                    Try this action again. If the problem continues, check the Microsoft Dynamics 365 Community for
                    solutions or contact your organization's Microso...
RawContent        : HTTP/1.1 200 OK
                    Transfer-Encoding: chunked
                    Allow: OPTIONS,GET,HEAD,POST
                    x-ms-service-request-id: 19228e0e-9fa5-41d4-8fe0-4c403f3eda63
                    Strict-Transport-Security: max-age=31536000; includeSubDomains...
Forms             : {}
Headers           : {[Transfer-Encoding, chunked], [Allow, OPTIONS,GET,HEAD,POST], [x-ms-service-request-id,
                    19228e0e-9fa5-41d4-8fe0-4c403f3eda63], [Strict-Transport-Security, max-age=31536000;
                    includeSubDomains]...}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : System.__ComObject
RawContentLength  : 294



PS C:\WINDOWS\system32> $downloadRequest | fl RawContent


RawContent : HTTP/1.1 200 OK
             Transfer-Encoding: chunked
             Allow: OPTIONS,GET,HEAD,POST
             x-ms-service-request-id: 19228e0e-9fa5-41d4-8fe0-4c403f3eda63
             Strict-Transport-Security: max-age=31536000; includeSubDomains
             REQ_ID: 19228e0e-9fa5-41d4-8fe0-4c403f3eda63
             Public: OPTIONS,GET,HEAD,POST
             Timing-Allow-Origin: *
             Cache-Control: no-cache
             Content-Type: text/html; charset=utf-8
             Date: Thu, 04 May 2023 09:55:10 GMT
             Expires: -1
             Set-Cookie: ReqClientId=359fb3c0-0287-4c13-867a-5b46ee91cf4b; expires=Thu, 04-May-2073 09:55:09 GMT;
             path=/; secure; HttpOnly
             Server:


             
    
             An error has occurred.
             

    
             Try this action again. If the problem continues, check the Microsoft Dynamics 365 Community for solutions
             or contact your organization's Microsoft Dynamics 365 Administrator. Finally, you can contact
             Microsoft Support.
             
    




PS C:\WINDOWS\system32>

  • Hüseyin Sahin Profile Picture
    Hüseyin Sahin on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    1) Can you try to reproduce the behavior with HTTP only instead of HTTPS? just want to be sure that there is no Cert issue between 

    2) Can you take a verbose CRM Trace while reproducing side by side with edge://net-export 

    As the issue is pointing that there no URI answering the call but that could be just the result of a previous error. 

    Please also run below PowerShell: 

    #Force Tls1.2 if need to be from the client

    [Net.ServicePointManager]::SecurityProtocol =

    [Net.SecurityProtocolType]::Tls12

     

    $downloadURL =

    'https://url/XRMServices/2011/Discovery.svc?WSDL'

    $downloadRequest = Invoke-WebRequest -Uri $downloadURL

    $downloadRequest | fl

    $downloadRequest | fl RawContent

  • rowdy146 Profile Picture
    rowdy146 125 on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    ok, you were right.
    Just removed http binding with IISRESET afterwards, but have no improvement:

    pastedimage1683123070605v1.png

  • Suggested answer
    XM-22040801-0 Profile Picture
    XM-22040801-0 11 on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    You have 2 binding, only 1 is recommended.

    Could you remove the HTTP binding and retry ? Keep only HTTPS.

  • rowdy146 Profile Picture
    rowdy146 125 on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    Hi, 

    only one binding on root site for my understanding:
    pastedimage1683121949188v1.png

    Here are the providers, found all execpt XrmServices/2011/Discovery.svc

    pastedimage1683121988421v2.png

    pastedimage1683122145519v1.png

    pastedimage1683122010203v4.png

    pastedimage1683122217458v2.png

    pastedimage1683122028078v6.png

  • Suggested answer
    XM-22040801-0 Profile Picture
    XM-22040801-0 11 on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    Hi,

    Do you have only one binding in IIS ?

    Can you share the Providers of the Windows Authentication of :

    - Root directory (Microsoft Dynamics CRM)

    - nga

    - AppWebServices

    - XrmServices

    - XrmServices/2011

    - XrmServices/2011/Discovery.svc

    See learn.microsoft.com/.../post-installation-configuration-guidelines-dynamics-365

  • rowdy146 Profile Picture
    rowdy146 125 on at
    RE: Reverting from IFD/ADFS to "local" login: Issues with discovery URL

    PS: Seems hard to get logincontroltester.exe for a coding noob - have just requested help by our programmer..

    Found PluginRegistrationTool in the meantime which behaves (for my understandig) similar to XRMToolbox when trying to connect like this:

    pastedimage1683119498795v1.png

    Source : Microsoft.Xrm.Sdk
    Method : .ctor
    Date : 03.05.2023
    Time : 15:07:35
    Error : Data[0] = "The provided uri did not return any Service Endpoints!
    {0}"
    Data[1] = ""
    Stack Trace : at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1..ctor(Uri serviceUri, Boolean checkForSecondary)
    at Microsoft.Xrm.Sdk.Client.ServiceConfigurationFactory.CreateManagement[TService](Uri serviceUri, Boolean enableProxyTypes, Assembly assembly)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.CreateAndAuthenticateProxy[T](IServiceManagement`1 servicecfg, Uri ServiceUri, Uri homeRealm, ClientCredentials userCredentials, ClientCredentials deviceCredentials, String LogString, CrmLogEntry logSink)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials, CrmLogEntry logSink)
    at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.DiscoverOrganizations(Uri discoveryServiceUri, Uri homeRealmUri, NetworkCredential networkCredential, CrmLogEntry logSink)
    at Microsoft.Xrm.Tooling.CrmConnectControl.CrmConnectionManager.ValidateServerConnection(CrmOrgByServer selectedOrg)
    ======================================================================================================================

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,253 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,188 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans