ADFS setup error when using CRM 2016 and ADFS and Windows 2012 R2


An error occurred. Contact your administrator for more information” error when accessing CRM with ADFS/IFD set up.
After completing ADFS/IFD setup where ADFS is installed on a Windows Server 2012 R2 machine, you receive the below error:

 To resolve this issue you must enable Forms Authentication:

1.       Connect to the ADFS server

2.       Open the ADFS management console and click Authentication Policies

adfsauth

 

 

 

 

 

3.       Under Primary Authentication, click Edit next to Global Settings

adfsprimary

 

 

 

 

4.    Put a check mark in the Forms Authentication option on the Extranet and Intranet sections

adfserror

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5.    Click OK

6.       You should now be able to log in to CRM successfully

Thanks to Ian Holton, Client Field Engineer at Tribridge for putting this together!


ADFS 2.1 Mex Endpoint Errors with CRM 2011 & Windows Server 2012. Here’s your fix.


When you install ADFS on a Windows Server 2012, the built-in ADFS role included is ADFS 2.1. When setting up Microsoft Dynamics CRM 2011 (UR13+ required), you will get an error message that tells you that IFD Authentication fails when trying to access the discovery service by external applications.

Apparently the documentation for update UR13 says this has been fixed, but not 100% true. There is still the manually steps shown below.

So, when you try to access this via your browser: https://crm.yourdomain.com/xrmservices/2011/discovery.svc?wsdl=wsdll, you will see within the XML a metadata node that contains the following:

<wsx:MetadataReference>

xmlns=”http://www.w3.org/2005/08/addressing“>https://adfs.yourdomain.local/adfs/ls/mex</Address>

wsx:MetadataReference>

Comparing that our Production CRM 2011 Server running on ADFS 2.0 you will see:

<wsx:MetadataReference>

xmlns=”http://www.w3.org/2005/08/addressing“>

https://adfs.yourdomain.local/adfs/services/trust/mex

Solution:

The current solution is to run the PowerShell script provided in http://support.microsoft.com/kb/2828015.

A power shell script will fix the problem with ADFS 2.1 having a known issue publishing metadata for mex endpoints. After configuring claims based authentication in Microsoft Dynamics CRM 2011, mex endpoints are not reachable.

Step 1: Start PowerShell Console

Step 2: Execute the Script contained in KB Article

Step 3: Either Restart both the CRM and ADFS Servers, or restart the ADFS Service, IIS on both machines.

Make sure with all ADFS adventures that your browser cache is clear.

The current solution is to run the PowerShell script provided in http://support.microsoft.com/kb/2828015.

My fellow MVP from down under, George Doubinski ran into this issue late last night, as has now offered to move from Australia, take up US citizenship just to vote for me if I ever decided to run for President!  Thanks George but I might be headed your way!

Update: here’s the new KB link for Windows Server 2012. I have confirmed this is fixed in ADFS 2.1
http://support.microsoft.com/kb/2827748


Update Rollup 13 – Self Healing .MSP Patch Location CRM 2011 Install on Windows Server 2012


Installing CRM 2011 on Windows Server 2012 requires to use the Microsoft Self healing Process – manual patch that you download from the Windows Catalog. I searched all over and had a hard time finding it. Thanks to my good friend Corey Hanson at Microsoft for providing a direct link to the patch. The patch is listed on the KB article under manual installation, but its a bit unclear for those looking for the Self Healing Patch.

http://catalog.update.microsoft.com/v7/site/Search.aspx?q=Setup%20Update%20CRM

Once you download the patch, add this to a directory on the CRM server. You will then run a command line install of CRM 2011 in order to have the installer use this patch. The CRM 2011 setup program will be updated upon release of Update Rollup 14, no longer requiring this manual patch for installing on Windows Server 2012. Instruction on how to create the configuration file and use the patch can be found here:
Example Sample Config.XML File – Save as XML – Do not save as TXT and rename.
 sampleconfig

Running from the command line:
commandline

Some more Gotchas:
Apparently, your must expand/unzip this file on a Windows 7 or Windows 8 machine, and then copy it over to the Windows 2012 Server. I kept getting messages that this patch will not work on this application and the serversetup.log file stated it was an invalid windows installer package.

2012installerror

 

Once I expanded (you can extract via right click too!) on my Windows 8 machine, and copied it over, everything worked like a charm.  This should save some people a few hours of scratching their heads..

Enjoy!