web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Can't access the C...
Microsoft Dynamics CRM (Archived)

Can't access the CRM externally via IFD. ADFS error

(0) ShareShare
ReportReport
Posted on by Community Member

Not able to access the CRM externally via IFD. I get an ADFS error page.

The URL of the error page is:

 

The ADFS log:

Log Name:      AD FS/Admin

Source:        AD FS

Date:          1/12/2016 12:27:23 PM

Event ID:      184

Task Category: None

Level:         Error

Keywords:      AD FS

User:          

Computer:      

Description:

A token request was received for a relying party identified by the keymbut the request could not be fulfilled because the key does not identify any known relying party trust.

Key:  

This request failed.

 

User Action

If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />

    <EventID>184</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000001</Keywords>

    <TimeCreated SystemTime="2016-12-01T02:57:23.253714400Z" />

    <EventRecordID>15388</EventRecordID>

    <Correlation ActivityID="{00000000-0000-0000-5409-0080010000CB}" />

    <Execution ProcessID="3196" ThreadID="4124" />

    <Channel>AD FS/Admin</Channel>

  </System>

  <UserData>

    <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">

      <EventData>

      </EventData>

    </Event>

  </UserData>

</Event>

 

 

Log Name:      AD FS/Admin

Source:        AD FS

Date:          1/12/2016 12:27:23 PM

Event ID:      1000

Task Category: None

Level:         Warning

Keywords:      AD FS

Description:

An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. 

 

Additional Data

 

Caller:

 

 

OnBehalfOf user:

 

 

ActAs user:

 

 

Target Relying Party:

 

 

Device identity:

 

 

User action:

Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />

    <EventID>1000</EventID>

    <Version>0</Version>

    <Level>3</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000001</Keywords>

    <TimeCreated SystemTime="2016-12-01T02:57:23.253714400Z" />

    <EventRecordID>15389</EventRecordID>

    <Correlation ActivityID="{00000000-0000-0000-5409-0080010000CB}" />

    <Execution ProcessID="3196" ThreadID="4124" />

    <Channel>AD FS/Admin</Channel>

    <Security UserID="S-1-5-21-3306385709-3272232148-1382196688-5145" />

  </System>

  <UserData>

    <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">

      <EventData>

</Data>

        <Data>

        </Data>

        <Data>

        </Data>

        <Data>

        </Data>

      </EventData>

    </Event>

  </UserData>

</Event>

Any help much appreciated.

Thanks in advance.

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Andreas Cieslik Profile Picture
    Andreas Cieslik 9,267 on at

    Hello Sandeep,

    have you followed a guide similar to this one?

    blogs.msdn.microsoft.com/.../step-by-step-configuring-crm-2013-internet-facing-deployment-ifd

    Microsoft Solution for this event id is:

    Review the key data, which is the URI that is specified for the relying party trust. If the URI appears to be valid and trustworthy, verify that it is configured for the relying party in the AD FS 2.0 snap-in. You can manage the URI on the Identifiers tab in the relying party trust properties.

    Have you checked this?

    In general I advice you not to post computer names or domain accounts in this forum for security reasons.

    Cheers,

    Andreas

  • Community Member Profile Picture
    Community Member on at

    Hi Andreas,

    Thank you for your response. Yes, I have followed the steps of IFD similar to the above mentioned. And I think I have narrowed down to two doubts. The DNS record orgname.crm.com and dev.crm.com are at the moment not accessible externally. Is this causing the problem?

  • AbiRami Profile Picture
    AbiRami 516 on at

    Hi Sandeep,

    Refer the link below,

    www.interactivewebs.com/.../crm-2013-ifd-an-error-occurred-an-error-occurred-contact-your-administrator-for-more-information

    Thanks :)

  • Verified answer
    David Jennaway Profile Picture
    David Jennaway 14,065 on at

    You do need to make sure the DNS records for orgname.crm.com and dev.crm.com are available externally and resolve to the correct servers. This may be all you need to fix this, or you may have other errors

  • Verified answer
    Andreas Cieslik Profile Picture
    Andreas Cieslik 9,267 on at

    Yes.

    Good samples and description is also here:

    technet.microsoft.com/.../gg188591(v=crm.6).aspx

  • Community Member Profile Picture
    Community Member on at

    Does anyone have any idea about configuring the IFD with reverse proxies involving an F5 box? My department is having trouble getting the DNS records externally accessible with the f5 box involved.

  • Andreas Cieslik Profile Picture
    Andreas Cieslik 9,267 on at

    Sorry, I don't know the F5 box. I suggest you to start a new thread on that one.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans