web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Too many identifiers i...
Microsoft Dynamics CRM (Archived)

Too many identifiers in ADFS set up

(0) ShareShare
ReportReport
Posted on by Community Member

We recently upgraded to CRM 2013. While trying to to configure IFD we get to this doc (http://technet.microsoft.com/en-us/library/gg188595.aspx), section 

*This post is locked for comments

I have the same question (0)
  • Community Member Profile Picture
    Community Member on at

    Seeing as this cut off my full question below is what's missing.

    section Configure a relying party trust, step 10.

    "On the Ready to Add Trust page, on the Identifiers tab, verify that Relying party identifiers has a single identifier such as the following:

    internalcrm.contoso.com

    If your identifier differs from the above example, click Previous in the Add Relying Party Trust Wizard and check the Federation metadata address"

    Every time we do this instead of just internalcrm.contoso.com we get:

    adfs.contoso.com/.../trust

    adfs.contoso.com/.../issuedtokenmixedasymentricbasic256

    adfs.contoso.com/.../issuedtokenmixedsymentricbasic256

    adfs.contoso.com/.../issuedtokenmixedasymentricbasic256

    adfs.contoso.com/.../issuedtokenmixedsymentricbasic256

    adfs.contoso.com/.../ls

    If we just pretend it's ok and power past it the final product gets stuck after it tries to log in. Anyone else encountered this and had any better luck?

    Our set up is Windows Server 20112 R2 with CRM 2013 SP1, ADFS is configured on the same machine and we are using a wildcard cert signed by an actual provider.

  • Satish Tiwari - CRM Profile Picture
    Satish Tiwari - CRM on at

    Make sure that in Deployment Properties, you have mentioned CRM internal URL like (internalcrm.contoso.com) and to do so, open deployment manager, Microsoft Dynamics CRM | Properties | Web address.

  • Community Member Profile Picture
    Community Member on at

    Yes, the internalcrm.contoso.com is what was placed into the deloyment manager. We have tried both with and without the ports after the address.

  • Satish Tiwari - CRM Profile Picture
    Satish Tiwari - CRM on at

    If you are using port 443 then there is no need to append port number in deployment properties. Can you check federation metadata URL of Claims RPT on ADFS server if that is correct ? It should be like internal.contoso.com/.../federationmetadata.xml. Also, try to browse this URL and check what identifier it shows us.

  • Community Member Profile Picture
    Community Member on at

    We are using 443 and my xml appears as it does in the instructions.

  • Community Member Profile Picture
    Community Member on at

    we are seeing the multiple endpoint references inside of the fed:TargetScopes

  • Suggested answer
    Satish Tiwari - CRM Profile Picture
    Satish Tiwari - CRM on at

    Thanks for the update. I was wondering if you can re-configure Claims and IFD from Deployment Manager and re-create both RPT in ADFS Server and let us know, if it helps us. Also, check federation metadata URL of IFD RPT, it should be like - auth.contoso.com/.../federationmetadata.xml and check event logs too, if there are any error related to RPT.

  • Community Member Profile Picture
    Community Member on at

    We are receiving an error under ADFS, event ID 102:

    There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.

    Additional Data

    Exception details:

    System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808. This could happen if there is another application already listening on this endpoint or if you have multiple service endpoints in your service host with the same IP endpoint but with incompatible binding configurations. ---> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted

      at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)

      at System.Net.Sockets.Socket.Bind(EndPoint localEP)

      at System.ServiceModel.Channels.SocketConnectionListener.Listen()

      --- End of inner exception stack trace ---

      at System.ServiceModel.Channels.SocketConnectionListener.Listen()

      at System.ServiceModel.Channels.ConnectionAcceptor.StartAccepting()

      at System.ServiceModel.Channels.ExclusiveTcpTransportManager.OnOpen()

      at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)

      at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)

      at System.ServiceModel.Channels.TcpChannelListener`2.OnOpen(TimeSpan timeout)

      at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

      at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)

      at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

      at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)

      at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

      at Microsoft.IdentityServer.ServiceHost.STSService.StartSTSService(ServiceHostManager serviceHostManager, ServiceState serviceState)

  • Suggested answer
    Satish Tiwari - CRM Profile Picture
    Satish Tiwari - CRM on at

    From the error call stack, it seems that port 808 is being used any other service/application too apart from ADFS. Can you run netstat in cmd on ADFS Server and check 808 is being used by how many applications ?

    Is the token signing / token decrypting certificate expired? You can check this in the ADFS management console.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans