I am struggling for a few days with Dynamics CRM on premises. I think I
boiled it down to ADFS so I am reaching out here for help. Here is a link to the
CRM forum in case you want to get more info:
http://social.microsoft.com/Forums/en-US/3dd2c9af-7680-4829-8b35-9152cc9a859a/plugin-registration-tool-failing?forum=crmdevelopment
Basically, using the system admin account I can log into CRM from any
computer without any issues. Using that same account, on the CRM server and the
server hosting ADFS I can log into CRM to retrieve information like name of the
organization (like the Plugin Registration Tool from MS does). However, when I
do the same from another remote computer then it breaks. The same behavior
happens with a custom console program that tries to connect to CRM.
It's somewhat puzzling why I can log into CRM with the admin account but then
on the same computer using the same account I cannot log in to retrieve
information. The difference between the two scenarios is that in the first case
I am presented with a login screen in Internet Explorer but in the second
scenario I obviously don't get a login screen (I use
System.ServiceModel.Description.ClientCredentials to pass in the credentials).
Looking at fiddler, it turns out that the response I am getting is actually
exactly that HTML page to log into the account. Once that is passed back the
program throws an exception. Now the question is why this is happening and how I
can fix it. Here is what I see in Fiddler:
a) 200 HTTPS sts.[domain].com:444 /adfs/services/trust/mex?xsd=xsd0
b) 302
HTTP sts.[domain].com /adfs/services/trust/13/username
c) 200 HTTP Tunnel to
sts.[domain].com:443
d) 302 HTTPS sts.[domain].com
/adfs/serices/trust/13/username/default.aspx
e) 200 HTTP Tunnel to
sts.[domain].com:444
f) 200 HTTPS sts.[domain].com:444
/adfs/ls/?wa-wsignin1.0&wtrealm=https%3a%2f...
a) and all the previous "/adfs/services/trust/mex..." start with 3 digit hex
characters before the <... and end with a 0. I am not sure if this is
normal.
That last step f breaks. Below is the request and response for that
transaction.
Request:
GET
https://sts.[domain].com:444/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fsts.[domain].com%2f&wctx=rm%3d1%26id%3de4aebd76-c068-48fb-a9d0-a789fdf9856d%26ru%3dhttps%253a%252f%252fsts.[domain].com%252fadfs%252fservices%252ftrust%252f13%252fusername%252fdefault.aspx&wct=2014-09-18T17%3a28%3a55Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword
HTTP/1.1
Content-Type: application/soap+xml;
charset=utf-8
Accept-Encoding: gzip, deflate
Host:
sts.[domain].com:444
Respone:
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<
html xmlns="http://www.w3.org/1999/xhtml"
dir="ltr">
< head><meta http-equiv="X-UA-Compatible"
content="IE=8" /><title>
Sign In
< /title><link
rel="stylesheet" type="text/css" href="MasterPages/StyleSheet.css" /><meta
name="robots" content="noindex, nofollow" /></head>
<body>
<form name="aspnetForm" method="post"
action="/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fsts.[domain].com%2f&wctx=rm%3d1%26id%3de4aebd76-c068-48fb-a9d0-a789fdf9856d%26ru%3dhttps%253a%252f%252fsts.[domain].com%252fadfs%252fservices%252ftrust%252f13%252fusername%252fdefault.aspx&wct=2014-09-18T17%3a28%3a55Z&wauth=urn%3aoasis%3anames%3atc%3aSAML%3a1.0%3aam%3apassword"
id="aspnetForm">
< input type="hidden" name="__VIEWSTATE"
id="__VIEWSTATE" value="/wEPDwUKMTY2MTc3NjUzM2RkjjIW9UHu5Y9twnRBWg+xeuICC2E="
/>
<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR"
value="0EE29E36" />
< input type="hidden" name="__EVENTVALIDATION"
id="__EVENTVALIDATION"
value="/wEWBQL99cGTDALnmcnFAQKzpa6MBwKo77JuAunYybIMxkiOVtoW9jbNbvbjpHhO9DCwW3I="
/><input type="hidden" name="__db" value="16" />
<div
class="MainArea">
<div class="Header">
<span id="ctl00_PageTitleLabel">Sign In</span>
</div>
<div
class="GroupLargeMargin">
<div
class="TextSizeXLarge">
<span
id="ctl00_STSLabel">sts.[domain].com</span>
</div>
</div>
<div
class="MainActionContainer">
<div
class="GroupXLargeMargin"><span>Type your user name and
password.</span></div>