web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM 2011: An error occ...
Microsoft Dynamics CRM (Archived)

CRM 2011: An error occurred when processing the security tokens in the message.

(0) ShareShare
ReportReport
Posted on by Community Member

Hello

I have a CRM 2011 on premise system and a C# web application.

The web application receives data from a source and connects to CRM to create contacts.

I am getting the below 2 errors.

Could you advise me please?

We have updated our security certificates recently.

Error 1:

System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when processing the security tokens in the message.

   --- End of inner exception stack trace --- 

Server stack trace:

   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)

   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)

   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)

   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

 Exception rethrown at [0]:

   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

   at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message)

   at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)

   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Issue(AuthenticationCredentials authenticationCredentials)

   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateInternal(AuthenticationCredentials authenticationCredentials)

   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateFederationInternal(AuthenticationCredentials authenticationCredentials)

   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(AuthenticationCredentials authenticationCredentials)

   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.Authenticate(ClientCredentials clientCredentials)

   at Microsoft.Xrm.Sdk.Client.OrganizationServiceConfiguration.Authenticate(ClientCredentials clientCredentials)

   at Microsoft.Xrm.Sdk.Client.ServiceProxy`1.AuthenticateClaims()

   at Microsoft.Xrm.Sdk.Client.ServiceProxy`1.AuthenticateCore()

   at Microsoft.Xrm.Sdk.Client.ServiceProxy`1.Authenticate()

   at Microsoft.Xrm.Sdk.Client.ServiceProxy`1.ValidateAuthentication()

   at Microsoft.Xrm.Sdk.Client.ServiceContextInitializer`1.Initialize(ServiceProxy`1 proxy)

   at Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy.RetrieveMultipleCore(QueryBase query)

   at Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy.RetrieveMultiple(QueryBase query

 

Error 2:

- Unable to connect to https://xyzcrm/XRMServices/2011/Organization.svc due to InvalidOperationException: Metadata contains a reference that cannot be resolved: 'xyzcrm/.../Organization.svc'., InnerException:System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

   at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)

   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

   --- End of inner exception stack trace ---

   at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

   at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)

   at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)

   at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)

   at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)

   --- End of inner exception stack trace ---

   at System.Net.HttpWebRequest.GetResponse()

   at System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.DownloadMetadata(TimeoutHelper timeoutHelper)

   at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper) and StackTrace:   at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper)

   at System.ServiceModel.Description.MetadataExchangeClient.ResolveNext(ResolveCallState resolveCallState)

   at System.ServiceModel.Description.MetadataExchangeClient.GetMetadata(MetadataRetriever retriever)

   at System.ServiceModel.Description.MetadataExchangeClient.GetMetadata(Uri address, MetadataExchangeClientMode mode)

   at Microsoft.Xrm.Sdk.Client.ServiceMetadataUtility.RetrieveServiceEndpointMetadata(Type contractType, Uri serviceUri, Boolean checkForSecondary)

   at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1..ctor(Uri serviceUri, Boolean checkForSecondary)

   at Microsoft.Xrm.Sdk.Client.OrganizationServiceConfiguration..ctor(Uri serviceUri)

   at Microsoft.Xrm.Sdk.Client.ServiceConfigurationFactory.CreateConfiguration[TService](Uri serviceUri)

   at Microsoft.Xrm.Sdk.Client.ServiceProxy`1..ctor(Uri uri, Uri homeRealmUri, ClientCredentials clientCredentials, ClientCredentials deviceCredentials)

 


Thanks

Bab

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    jestuder Profile Picture
    jestuder 158 on at

    Can you provide as much detail as to what you have changed recently when this issue started to happen?

  • Suggested answer
    Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at

    i assume you are using Claims Based Authentication?

    Did you update the certificates also on CRM (try to reconfigure Claims Based Authentication and IFD from the deployment manager) as well as on the ADFS Side ?

    Have you also granted the CRM Application Pool Account and ADFS Account read permissions over the certificates private key?

    You can use this document for guidelines : www.microsoft.com/.../details.aspx

  • Community Member Profile Picture
    Community Member on at

    Hi Guys

    Steps done are:
    - Change communication certificate on server through ADFS MMC
    - IIS reset and application pool reset
    - Reconfiguring Claims-Based Authentication providing new certificate and restart CRM services
    - IIS reset and Application pool reset on server

    Thanks
    Bab

  • Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at

    Hi Bab,

    Did that solve your issue?

    Did you also grant read access on the certificate private key for the relevant accounts? 

  • Community Member Profile Picture
    Community Member on at

    Yes it has been done but still the same issue exists

  • Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at

    Did you also install the new certificate under the machine Trusted Root Certificates certificate store - where the web application is running?

  • Community Member Profile Picture
    Community Member on at

    Hi Radu

    Yes that is correct.

    Regards

    Bab

  • Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at

    I'd suggest enabling the ADFS Debug Logs migration-blog.com/.../adfs-how-to-enable-trace-debugging-and-advanced-access-logging while reproducing the issue and see if those offer more details.

    Also, some CRM Platform collected in parallel might come in handy as well - at least we can see if the request is reaching the CRM Platform or not.

  • Community Member Profile Picture
    Community Member on at

    Hello

    Just to let you know it is a update from SHA-1 to SHA-2.

    Thanks

    Bab

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans