After configuring the claims for Microsft Dynamics CRM in Deployment Manager, the internal Federation Metadata URL for CRM is generated. The Internal Federation Metadata URL will have the format below:
https://<internalcrm>.<domain>.com/FederationMetadata/2007-06/FederationMetadata.xml
When you try to access the CRM internal Federation Metadata URL the following error message may be received:
Service Unavailable
HTTP Error 503. The service is unavailable."
The same behavior can be observed while the URL is accessed either on the CRM server or the ADFS server.
Symptoms
The above error message occurs if there are stale records in the ACL related to CRM or other websites on the same port as CRM being used now.
Cause
The issue will be resolved by removing the stale records in the ACL. Please follow the below steps to perform the same:
a. Run the following command to show the existing records
NETSH HTTP SHOW URLACL (command)
The above should show us all the reserved namespaces
b. Please look in the results to verify if you have an RUL like the example below:
Reserved URL : https://+:444/adfs/services/
Can't lookup sid, Error: 1332
SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243- 975697593)
c. If the URL is present, please run the following command to delete the URL
netsh http delete urlacl url=https://+:443/FederationMetadata/2007-06/
d. Please perform an IISRESET
After the above steps you should be able to browse the Federation Metadata URL successfully
Resolution
http://technet.microsoft.com/en-us/library/cc725935(v=ws.10).aspx