This error has driven me crazy for a while: while using Microsoft CRM 2011 in IFD-mode, the external authentication would work correctly but not the internal access!
DNS were working correctly, the TMG server was configured correctly, the SSL certificate was correctly bound to the internal & external (we are using a wildcard SSL certificate) and ADFS was set up per the Microsoft installation document.
Now, to resolve the internal access issue, I had to remove the “:443” from the Deployment Manager Web addresses:
And now everything is working properly
While deploying a new CRM 2011 environment at a client site, I got errors with my ADFS setup:
- We used a wildcard certificate for all servers (on the same domain), purchased from RapidSSL
- ADFS is on a separate server
- CRM 2011 is on its own server
- DNS internal entries were made and could resolve correctly to both servers
The problem occurred right after enabling claims in CRM 2011 Deployment Manager: the internal CRM address specified in the deployment manager could not be resolved and a couple of 317 & 364 errors were logged on the ADFS server.
I tried creating SPNs for both servers, remove and import the certificates again on both server, recreate the relying party for CRM, etc. but with no correct results.
Since the SSL certificates were created with lowercase characters for the domain, I changed the CRM web addresses to lowercase as well, which made the ADFS authentication form appear!
But I could still not get passed the 317 error after logging in with valid credentials…
Then I found this post were a PowerShell command was shown:
Set-ADFSRelyingPartyTrust -TargetName RPNameInADFS -EncryptionCertificateRevocationCheck None
Reset IIS on the ADFS server and voilà, it worked for me!