HTTP 503 - Service Unavailable error while accessing the Microsoft Dynamics CRM Federation Metadata URL after configuring the claims based Authentication

After configuring the claims for Microsft Dynamics CRM in Deployment Manager, the internal Federation Metadata URL for CRM is generated. The Internal Federation Metadata URL will have the format below:

https://<internalcrm>.<domain>.com/FederationMetadata/2007-06/FederationMetadata.xml

When you try to access the CRM internal Federation Metadata URL the following error message may be received:

Service Unavailable

HTTP Error 503. The service is unavailable."

The same behavior can be observed while the URL is accessed either on the CRM server or the ADFS server.

Symptoms

The above error message occurs if there are stale records in the ACL related to CRM or other websites on the same port as CRM being used now.

Cause

The issue will be resolved by removing the stale records in the ACL. Please follow the below steps to perform the same:

a. Run the following command to show the existing records

NETSH HTTP SHOW URLACL (command)

The above should show us all the reserved namespaces

b. Please look in the results to verify if you have an RUL like the example below:

Reserved URL : https://+:444/adfs/services/  
Can't lookup sid, Error: 1332 
SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243- 975697593)

c. If the URL is present, please run the following command to delete the URL

netsh http delete urlacl url=https://+:443/FederationMetadata/2007-06/

d. Please perform an IISRESET


After the above steps you should be able to browse the Federation Metadata URL successfully

Resolution

http://technet.microsoft.com/en-us/library/cc725935(v=ws.10).aspx

More Information

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×