I am struggling for a few days with Dynamics CRM on premises. I think I boiled it down to ADFS so I am reaching out here for help. Here is a link to the CRM forum in case you want to get more info: http://social.microsoft.com/Forums/en-US/3dd2c9af-7680-4829-8b35-9152cc9a859a/plugin-registration-tool-failing?forum=crmdevelopment
Basically, using the system admin account I can log into CRM from any computer without any issues. Using that same account, on the CRM server and the server hosting ADFS I can log into CRM to retrieve information like name of the organization (like the Plugin Registration Tool from MS does). However, when I do the same from another remote computer then it breaks. The same behavior happens with a custom console program that tries to connect to CRM.
It's somewhat puzzling why I can log into CRM with the admin account but then on the same computer using the same account I cannot log in to retrieve information. The difference between the two scenarios is that in the first case I am presented with a login screen in Internet Explorer but in the second scenario I obviously don't get a login screen (I use System.ServiceModel.Description.ClientCredentials to pass in the credentials).
Looking at fiddler, it turns out that the response I am getting is actually exactly that HTML page to log into the account. Once that is passed back the program throws an exception. Now the question is why this is happening and how I can fix it. Here is what I see in Fiddler:
a) 200 HTTPS sts.[domain].com:444 /adfs/services/trust/mex?xsd=xsd0
b) 302 HTTP sts.[domain].com /adfs/services/trust/13/username
c) 200 HTTP Tunnel to sts.[domain].com:443
d) 302 HTTPS sts.[domain].com /adfs/serices/trust/13/username/default.aspx
e) 200 HTTP Tunnel to sts.[domain].com:444
f) 200 HTTPS sts.[domain].com:444 /adfs/ls/?wa-wsignin1.0&wtrealm=https%3a%2f...
a) and all the previous "/adfs/services/trust/mex..." start with 3 digit hex characters before the <... and end with a 0. I am not sure if this is normal.
That last step f breaks. Below is the request and response for that transaction.
Request:
GET
https://sts.[domain].com:444/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fsts.[domain].com%2f&wctx=rm%3d1%26id%3de4aebd76-c068-48fb-a9d0-a789fdf9856d%26ru%3dhttps%253a%252f%252fsts.[domain].com%252fadfs%252fservices%252ftrust%252f13%252fusername%252fdefault.aspx&wct=2014-09-18T17%3a28%3a55Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword
HTTP/1.1
Content-Type: application/soap+xml; charset=utf-8
Accept-Encoding: gzip, deflate
Host: sts.[domain].com:444
Respone:
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
< head><meta http-equiv="X-UA-Compatible" content="IE=8" /><title>
Sign In
< /title><link rel="stylesheet" type="text/css" href="MasterPages/StyleSheet.css" /><meta name="robots" content="noindex, nofollow" /></head>
<body>
<form name="aspnetForm" method="post" action="/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fsts.[domain].com%2f&wctx=rm%3d1%26id%3de4aebd76-c068-48fb-a9d0-a789fdf9856d%26ru%3dhttps%253a%252f%252fsts.[domain].com%252fadfs%252fservices%252ftrust%252f13%252fusername%252fdefault.aspx&wct=2014-09-18T17%3a28%3a55Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword"
id="aspnetForm">
< input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTY2MTc3NjUzM2RkjjIW9UHu5Y9twnRBWg+xeuICC2E=" />
<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="0EE29E36" />
< input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBQL99cGTDALnmcnFAQKzpa6MBwKo77JuAunYybIMxkiOVtoW9jbNbvbjpHhO9DCwW3I=" /><input type="hidden" name="__db" value="16"
/>
<div class="MainArea">
<div class="Header">
<span id="ctl00_PageTitleLabel">Sign In</span>
</div>
<div class="GroupLargeMargin">
<div class="TextSizeXLarge">
<span id="ctl00_STSLabel">sts.[domain].com</span>
</div>
</div>
<div class="MainActionContainer">
<div class="GroupXLargeMargin"><span>Type your user name and password.</span></div>