Microsoft Dynamics CRM (Archived)

CRM 2016, ADFS 3.0 , IFD Internal URl not working from CRM Server

(0) Share

Report

Posted on by Community Member

We have two servers

1 for ADFS

1 for CRM

The IFD config part is done and our external url https://orgname.mydomain.com works perfectly

The internal url https://crm2016.mydomain.com does not work. If you enter this URL from the CRM server it shows the authentication popup(which it should not) then redirects to our ADFS server correctly https://sts1.mydomain.com/............

But instead of a login screen it shows HTTP 400 Bad request

When I do a setspn -l crm2016admin <this is the user logged in and used to do everything>

I get a list of spns it has

host/sts1.mydomain.com

host/mydomain.com

Am I missing any SPN entry regarding the FQDN of the ADFS server(or Server name)

*This post is locked for comments

I have the same question (0)

All responses (3)

Answers (0)

Suggested answer

Nadeeja Bomiriya 6,804 on at

Like (0)

Report

Hi Sudeep,

Checkout below thread similar issue. They have suggested running below command.

setspn -A HTTP/$servername$.$domain$.com.au $username$

community.dynamics.com/.../154848

Below article may also be useful in troubleshooting SPN issues.

blogs.msdn.microsoft.com/.../configuring-service-principal-names

Was this reply helpful? Yes No
Suggested answer

Alagunellaikumar 6,212 on at

Like (0)

Report

Hi
Please follow the below possible approach

Solution:1
192.168.3.39=CRM Server
192.168.3.43=ADF server

192.168.3.39   {CRM Organization}. “issued to”

192.168.3.43 ADFS-FederationName. “issued to”

192.168.3.39   auth. “issued to”

192.168.3.39   internalcrm. “issued to”

Create above URL in the DNS entry as “Host A” record should not “C Alias Name”

Solution:2

Add the https://federationServiceName."issuedto" or *."issuedto" sites to your Local intranet sites in your browser.

federationServiceName: Name defined at the time of ADFS installation

issuedto: certificate issue to

eg:

https://sts1.contoso.com add this url in your IE local intranet site

Solution:3

Cause:

You have wrongly configured the spn between CRM and ADFS.

Here CRM, ADFS and SQL installed on separate server

ADFS server:      domain\adfs01

CRM server:       domain\crm01

SQL server:         domain\sql02

I have check all the server and ADFS logged in(service account) against below command

Setspn -l domain\adfs01
Setspn -l domain\ crm01
Setspn -l domain\ sql02
Setspn -l domain\CRMServiceaccount or CRM installable account

Check is there any http/federationServiceName.Issuedto or federationservicename.issuedto is added

federationServiceName: Name defined at the time of ADFS installation

issuedto: certificate issue to

if it is then remove it

setspn -d http/federationServiceName.Issuedto domain\adfs01

federationServiceName: Name defined at the time of ADFS installation

issuedto: certificate issue to

Then login with internal CRM URL.

Was this reply helpful? Yes No
Royal King 27,686 on at

Like (0)

Report

Hello Sudeep

Are you able to resolve this issue? If so can you share how you resolved it? We also have same issue in one of our environment.

Was this reply helpful? Yes No