CRM 2011: Could not find GUID for server – Update Rollup 11v2 Breaks ADFS

We ran into an authentication issue with Microsoft CRM 2011 using ADFS/IFD running Update Rollup 11v2. After being installed, the external endpoint would no longer display, providing the following error:

CRM2011_UnexpectedError

 

 

 

 

 

The error log from the event viewer showed the following error (Could not find GUID for Server)  immediately before even receiving the ADFS login prompt:

When Update Rollup 11v2 is removed and, CRM functions normally. No errors. Reinstall Update Rollup 11v2 and the same issue as above occurs. A workaround to this issue is changing the Anonymous Authentication identity from specific user (IUSR) to Application pool identity. Steps are below:

Step 1:

On the CRM server, open the Internet Information Services (IIS) Manager

Step 2:  

In IIS Manager, click the CRM site

Step 3:

In the Features View, double-click Authentication

Step 4:

Select Anonymous Authentication , and then click Edit in the Actions pane

Step 5:

In the Edit Anonymous Authentication Credentials dialog box, click the Application pool Identity , and then click Ok:

IISApplicationPoolIdentity

 Step 6.

Perform an IISRESET on CRM and ADFS servers. Now you can browse the ADFS endpoint for External!

Performing this change (recommended by Microsoft support) makes ADFS/IFD endpoint for Microsoft Dynamics CRM 2011 work with Update Rollup 11v2. Reverting this change breaks CRM when Update Rollup 11v2 is installed.

Special thanks to Gage Pennisi, my young apprentice, for identifying and resolving the issue.