Error
When attempting to login to an IFD (Internet Facing Deployment of CRM) you receive this error:
Event code: 3005 Event message: An unhandled exception has occurred. Event time: 10/06/2014 1:54:52 AM Event time (UTC): 9/06/2014 3:54:52 PM Event ID: 6da606a9a6794c2a8f504cc6b8b3be3e Event sequence: 2 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-130468028783689054 Trust level: Full Application Virtual Path: / Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\ Machine name: VSERVER08 Process information: Process ID: 1540 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: SecurityTokenException Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer. at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Request information: Request URL: https://auth.interactivewebs.com:444/default.aspx Request path: /default.aspx User host address: 101.164.212.248 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 8 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: True Stack trace: at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Custom event details:
The Problem
For unidentified problems, the ADFS authentication is failing and needs to be reset.
Solution:
Run the Deployment Manager with same certificate
These instructions are the last part of the instructions we have created for updating an out of date SSL certificate used in an IFD deployment. Basically we are following the same instructions, but skipping the step of replacing with a new SSL certificate. We are just running the deployment again against the same certificate.
1. Run the CRM deployment manager:
2. Run the Configure Claims-based Authentication
Select the default settings.
Which should be the default from your IFD setup
But when you get to the Certificate, you need to select the new certificate.
Which should be visible from the list after importing it in the steps above.
3. Run the Configure Internet Facing Deployment action and just step though it with the default settings.
4. Restart the AD FS 2.0 Windows Service
Configure AD
Set the Service Communication Certificate
1. Start AD FS 2.0 Management
2. Expand certificates and select Set Service Communications Certificate
3. Select the new certificate that will be listed here.
Update Relying Party Trusts
1. From the AD FS 2.0 Management, Select your replying party trusts and update from the federation metadata one by one.
Update both listed. They will likely have a red cross before you do this.
Restart Services
Restart AD FS Service:
and restart IIS the usual way.
And you should be done. Login to your CRM IFD again and enjoy.
Thanks a ton, worked like a champ
Welcome.
Thank you so much. Its saved my life. 🙂
Welcome!
Solved my issue.
1)ran claims based auth setup and ifd setup with existing settings.
2)skipped: Set the Service Communication Certificate
3)updated trusted relying parties
4)restarted ad fs windows service and did an iisreset
5)yay
Glad it helps you. Thanks for the feedback.
Thank you SO much. I really appreciate this list. I had been missing one thing, and spent a long time trying to figure out what was missing. You rock.
You’re welcome!