Symptoms
After configuring Microsoft Dynamics CRM 2013 Internet Facing Deployment (IFD), using an Active Directory Federation Services Web Application Proxy on Windows Server 2012 R2, users may receive an HTTP 404 error message when attempting to access the external IFD URL for CRM.
Users may also observe a redirect loop between the CRM IFD URL and the ADFS URL used during IFD configuration.
The following error may also be logged in the Event Viewer Application Log on the Active Directory Federation Services web server:
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made 'X' requests in the last 'Y' seconds. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.UpdateLoopDetectionCookie(WrappedHttpListenerContext context)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.SendSignInResponse(WSFederationContext context, MSISSignInResponse response)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Cause
The Active Directory Federation Services Web Application Proxy Server translated the URL for the HTTP Response Headers
Resolution
1. Log in as an Administrator on the Windows Server 2012 R2 server that hosts the WAP role
2. Obtain the IDs of the WAP applications for CRM. In a Windows PowerShell window, type the following command:
Get-WebApplicationProxyApplication | Format-Table ID, Name, ExternalURL
3. Note the IDs of the following CRM endpoints that were specified during the configuration of CRM Internet Facing Deployment
Web Application Server Domain
Discovery Web Service Domain
External Domain URL
4. Run the following command via PowerShell, using the IDs obtained in the previous steps, to disable URL Translation in Response Headers
Set-WebApplicationProxyApplication -ID <WebApplicationServerDomainID> -DisableTranslateUrlInResponseHeaders
Set-WebApplicationProxyApplication -ID <DiscoveryWebServiceDomainID> -DisableTranslateUrlInResponseHeaders
Set-WebApplicationProxyApplication -ID <ExternalDomainURLID> -DisableTranslateUrlInResponseHeaders
5. Restart ADFS Services on both the ADFS Server and Web Application Proxy Server