asked on

CRM Relying Party Trust

Microsoft Dynamics CRM on premise. We have an issue where the ADFS self signed cert has expired. We have tried to disabled Claims Based Authentication, restart IIS to auto rollover the cert. However, claims based authentication will not complete and an error with the federationmetadata.xml is shown.

If we choose a wildcard cert the wizard completes fine. The issue is the metadata is different so the Relying Party trust don't update

IIS is running on port 443 and ADFS/CRM port 444 using server 2012 R2.

Feridun Kadir

I think you need to remove the expired certificates from ADFS which requires a PowerShell command as per this support link from Microsoft, https://support.microsoft.com/en-gb/help/2686840/an-error-occurs-in-microsoft-dynamics-crm-using-claims-based-authentic

Excalibur Communications

ASKER

That was the first thing which was tried.

1. On the Microsoft Dynamics CRM server, go to Deployment Manager and disable the Claims Based Authentication

2. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset

3. Re-configure Claims-Based Authentication from Deployment Manager keeping all the settings same
When on step 3 it would fail re-configuring and show a federationmetadata.xml error and never complete.

Feridun Kadir

Have you tried typing the federation metadata URL into a browser window? You should see an xml document. You might see an untrusted certificate error. Any reason why you can't use a non self-signed certificate?

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.