Configuring AD FS 2.1 with Microsoft Dynamics CRM 2011

When configuring AD FS 2.1 with Microsoft Dynamics CRM 2011, a 404 error may occur when trying to access the mex endpoint. This may occur during any CRM action, however is most prevalent is during the configuration for the Microsoft Dynamics CRM for Outlook client.
1. Microsoft Dynamics CRM 2011 Update Rollup 13 or later has not been applied to the Microsoft Dynamics CRM Server.

2. AD FS 2.1 has a known issue publishing metadata for mex endpoints. After configuring claims based authentication in Microsoft Dynamics CRM 2011, mex endpoints are not reachable.
1. Apply Microsoft Dynamics CRM 2011 Update Rollup 13 or later.

2. In order to support AD FS 2.1, it is necessary to execute the following PowerShell script:

a. Start PowerShell ISE or your text editor of choice 

b. Create a file called UpdateMEXEndpoint.ps1

c. Copy the content below to the UpdateMEXEndpoint.ps1 file 

    #optional params
$RemoveSnapInWhenDone = $False

if (-not (Get-PSSnapin -Name Microsoft.Crm.PowerShell -ErrorAction SilentlyContinue))
    Add-PSSnapin Microsoft.Crm.PowerShell
    $RemoveSnapInWhenDone = $True

$Id=(Get-CrmAdvancedSetting -ConfigurationEntityName FederationProvider -Setting ActiveMexEndpoint).Attributes[0].Value

$setting = New-Object "Microsoft.Xrm.Sdk.Deployment.ConfigurationEntity"
$setting.LogicalName = $ConfigurationEntityName
if($Id) { $setting.Id = $Id }

$setting.Attributes = New-Object "Microsoft.Xrm.Sdk.Deployment.AttributeCollection"
$keypair = New-Object "System.Collections.Generic.KeyValuePair[String, Object]" ($SettingName, $SettingValue)

Set-CrmAdvancedSetting -Entity $setting

    Remove-PSSnapin Microsoft.Crm.PowerShell

d. Run the above script from within PowerShell using the syntax below:

UpdateMEXEndpoint.ps1 –SettingValue “https://<ADFS STSHOST>/adfs/services/trust/mex”

If the STS lives on
> UpdateMEXEndpoint.ps1 –SettingValue “”

This will update your CRM deployment to connect to AD FS using the endpoint provided in the Setting Value parameter. 

More information

ADFS team has brought out a hot fix that will fix this issue from the ADFS side. The ADFS fix heals the ADFS federation metadata and publishes the missing mex endpoints, thereby resolving the issue at it's root.

1.      Install fix in on ADFS server.

2.      Restart ADFS server. In the background, the fix would have allowed ADFS to publish \mex endpoint in the ADFS federation metadata. 

3.      Log on to CRM server.

4.      Rerun the “configure claims” and “configure IFD” wizards of CRM. Rerunning this will cause CRM to consume the healed ADFS federation metadata and populate the correct \mex value in the DB table.


5.      To be sure,please run the below SQL query against the MSCRM_CONFIG.

select activemexendpoint from federationprovider

  Ensure that it shows a URL similar to:

https://<ADFS STSHOST>/adfs/services/trust/mex

6.      Reset IIS on CRM server to destroy rebuild and cached content in IIS that was based on the old DB values. 


7.      Configure outlook client.

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2828015 - Last Review: 10/01/2013 20:48:00 - Revision: 3.0

Microsoft Dynamics CRM 2011

  • kbmbsmigrate kbsurveynew KB2828015