Configuring AD FS 2.1 with Microsoft Dynamics CRM 2011

Article ID: 2828015 - View products that this article applies to.
Expand all | Collapse all

Symptoms

When configuring AD FS 2.1 with Microsoft Dynamics CRM 2011, a 404 error may occur when trying to access the mex endpoint. This may occur during any CRM action, however is most prevalent is during the configuration for the Microsoft Dynamics CRM for Outlook client.

Cause

1. Microsoft Dynamics CRM 2011 Update Rollup 13 or later has not been applied to the Microsoft Dynamics CRM Server.

2. AD FS 2.1 has a known issue publishing metadata for mex endpoints. After configuring claims based authentication in Microsoft Dynamics CRM 2011, mex endpoints are not reachable.

Resolution

1. Apply Microsoft Dynamics CRM 2011 Update Rollup 13 or later.

2. In order to support AD FS 2.1, it is necessary to execute the following PowerShell script:

a. Start PowerShell ISE or your text editor of choice 

b. Create a file called UpdateMEXEndpoint.ps1

c. Copy the content below to the UpdateMEXEndpoint.ps1 file 

Param
(
    #optional params
    [string]$ConfigurationEntityName="FederationProvider",
    [string]$SettingName="ActiveMexEndpoint",
    [object]$SettingValue,
    [Guid]$Id
)
$RemoveSnapInWhenDone = $False

if (-not (Get-PSSnapin -Name Microsoft.Crm.PowerShell -ErrorAction SilentlyContinue))
{
    Add-PSSnapin Microsoft.Crm.PowerShell
    $RemoveSnapInWhenDone = $True
}

$Id=(Get-CrmAdvancedSetting -ConfigurationEntityName FederationProvider -Setting ActiveMexEndpoint).Attributes[0].Value

$setting = New-Object "Microsoft.Xrm.Sdk.Deployment.ConfigurationEntity"
$setting.LogicalName = $ConfigurationEntityName
if($Id) { $setting.Id = $Id }

$setting.Attributes = New-Object "Microsoft.Xrm.Sdk.Deployment.AttributeCollection"
$keypair = New-Object "System.Collections.Generic.KeyValuePair[String, Object]" ($SettingName, $SettingValue)
$setting.Attributes.Add($keypair)

Set-CrmAdvancedSetting -Entity $setting

if($RemoveSnapInWhenDone)
{
    Remove-PSSnapin Microsoft.Crm.PowerShell
}

d. Run the above script from within PowerShell using the syntax below:

UpdateMEXEndpoint.ps1 –SettingValue “https://<ADFS STSHOST>/adfs/services/trust/mex”

Example:
If the STS lives on sts.contoso.com
>
> UpdateMEXEndpoint.ps1 –SettingValue “https://sts.contoso.com/adfs/services/trust/mex”

This will update your CRM deployment to connect to AD FS using the endpoint provided in the Setting Value parameter. 

More information


ADFS team has brought out a hot fix that will fix this issue from the ADFS side. The ADFS fix heals the ADFS federation metadata and publishes the missing mex endpoints, thereby resolving the issue at it's root.



1.      Install fix in http://support.microsoft.com/kb/2827748 on ADFS server.

2.      Restart ADFS server. In the background, the fix would have allowed ADFS to publish \mex endpoint in the ADFS federation metadata. 

3.      Log on to CRM server.

4.      Rerun the “configure claims” and “configure IFD” wizards of CRM. Rerunning this will cause CRM to consume the healed ADFS federation metadata and populate the correct \mex value in the DB table.

 

5.      To be sure,please run the below SQL query against the MSCRM_CONFIG.
 

select activemexendpoint from federationprovider

  Ensure that it shows a URL similar to:

https://<ADFS STSHOST>/adfs/services/trust/mex


6.      Reset IIS on CRM server to destroy rebuild and cached content in IIS that was based on the old DB values. 

 

7.      Configure outlook client.


Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2828015 - Last Review: October 1, 2013 - Revision: 3.0
Applies to
  • Microsoft Dynamics CRM 2011
Keywords: 
kbmbsmigrate kbsurveynew KB2828015

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com