web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / ADFS Issue - 2015 Onpr...
Microsoft Dynamics CRM (Archived)

ADFS Issue - 2015 Onpremises 'Your server is not available or does not support this application' error with MSCRM App.

(0) ShareShare
ReportReport
Posted on by Veer Balla 105

HI Experts,

I installed 2015 Onpremises & ADFS on the same Windows Server 2012, single server hosting precisely.

Its working fine on Web and when trying to access from App we are getting "Your server is not available or does not support this application" error. 

We don't know if there are any rules configuring ADFS and CRM on same server. Checking the event logs on server, we encountered couple of issues regarding ADFS. I am posting the complete errors below

Issue 1 :

The Federation Service encountered an error while processing the WS-Trust request.
Request type: schemas.microsoft.com/.../issue

Additional Data
Exception details:
Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)

Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)

Issue 2 :

The Federation Service failed to find a domain controller for the domain NT AUTHORITY.

Additional Data
Domain Name: NT AUTHORITY
Error: 1212

User Action
Use Nltest to determine why DC locator is failing. Nltest is part of the Windows Support Tools.

Issue 3 :

Encountered error during federation passive request.

Additional Data

Protocol Name:
wsfed

Relying Party:
https://xxxxxxx.devtpit.com/

Exception details:
Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.GetUserUpns(IClaimsIdentity identity)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.UpdatePrincipalWithUpn(IClaimsPrincipal principal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSsoSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)

Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.Configuration.ADAttributeStoreLookupUtility.BeginQuery(String query, String[] queryParameters, AsyncCallback callback, Object state)
at Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountLookup.RetrieveAdAttributes(String query, IEnumerable`1 queryParameters).

Please let us know where we are doing it wrong.

Regards,

Veerendra.B

 

 

 

*This post is locked for comments

I have the same question (0)
  • Arpita Saini Profile Picture
    Arpita Saini on at

    - Which device are you using

    -Can you confirm if CRM APP is accessible in windows 8.1 in desktop app

    -Do you see the ADFS form authentication page at least ?

  • Mohamed CRM Profile Picture
    Mohamed CRM 210 on at

    Ihave same Errors:

    - CRM is not accessible from same network on any PC,

    - Yes sts authentication prompt then crm.crm.domain.com prompt again.

    - After that error message with CRM internal parity relay in IE .

  • Mohamed CRM Profile Picture
    Mohamed CRM 210 on at

    all that happened after security widows updated and still investigating ....

  • Community Member Profile Picture
    Community Member on at

    did you ever sort this out?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans