Unable to sign in to Microsoft Dynamics CRM 2011 after renewing the IFD certificate
This article provides a solution to an issue where you can't sign in to Microsoft Dynamics CRM 2011 after renewing the IFD certificate.
Applies to: Microsoft Dynamics CRM 2011
Original KB number: 2804284
Symptoms
After renewing the Microsoft Dynamics CRM Internet Facing Deployment (IFD) Certificate through the Microsoft Dynamics CRM Deployment Manager, an AD FS generic error message is shown when you try to sign into CRM. Additionally, the following error message can be found in the Event Viewer on the AD FS server:
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> Microsoft.IdentityServer.Protocols.WSTrust.StsConnectionException: MSIS7004: An exception occurred while connecting to the federation service. The service endpoint URL 'net.tcp://localhost:1501/adfs/services/trusttcp/windows' may be incorrect or the service is not running. ---> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.tcp://localhost:1501/adfs/services/trusttcp/windows that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
Cause
AD FS 2.0 Service Communications certificate is missing in AD FS.
Resolution
Configure the AD FS Server service to use the new or existing certificate. To do it, follow these steps:
- Open AD FS 2.0 Management.
- Browse to
AD FS 2.0\Service\Certificates. - Right-click Certificates, and then select Set Service Communications Certificate.
- Select the new certificate from the certificate selection UI.
- Select OK.
More information
It's recommended to follow all the steps in the How to change the AD FS 2.0 service communications certificate after it expires to check whether the AD FS settings are correct.