Excalibur Communications
asked on
CRM Relying Party Trust
Microsoft Dynamics CRM on premise. We have an issue where the ADFS self signed cert has expired. We have tried to disabled Claims Based Authentication, restart IIS to auto rollover the cert. However, claims based authentication will not complete and an error with the federationmetadata.xml is shown.
If we choose a wildcard cert the wizard completes fine. The issue is the metadata is different so the Relying Party trust don't update
IIS is running on port 443 and ADFS/CRM port 444 using server 2012 R2.
If we choose a wildcard cert the wizard completes fine. The issue is the metadata is different so the Relying Party trust don't update
IIS is running on port 443 and ADFS/CRM port 444 using server 2012 R2.
I think you need to remove the expired certificates from ADFS which requires a PowerShell command as per this support link from Microsoft, https://support.microsoft.com/en-gb/help/2686840/an-error-occurs-in-microsoft-dynamics-crm-using-claims-based-authentic
ASKER
That was the first thing which was tried.
1. On the Microsoft Dynamics CRM server, go to Deployment Manager and disable the Claims Based Authentication
2. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset
3. Re-configure Claims-Based Authentication from Deployment Manager keeping all the settings same
When on step 3 it would fail re-configuring and show a federationmetadata.xml error and never complete.
1. On the Microsoft Dynamics CRM server, go to Deployment Manager and disable the Claims Based Authentication
2. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset
3. Re-configure Claims-Based Authentication from Deployment Manager keeping all the settings same
When on step 3 it would fail re-configuring and show a federationmetadata.xml error and never complete.
Have you tried typing the federation metadata URL into a browser window? You should see an xml document. You might see an untrusted certificate error. Any reason why you can't use a non self-signed certificate?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.