ADFS 2.1 Mex Endpoint Errors with CRM 2011 & Windows Server 2012. Here’s your fix.

When you install ADFS on a Windows Server 2012, the built-in ADFS role included is ADFS 2.1. When setting up Microsoft Dynamics CRM 2011 (UR13+ required), you will get an error message that tells you that IFD Authentication fails when trying to access the discovery service by external applications.

Apparently the documentation for update UR13 says this has been fixed, but not 100% true. There is still the manually steps shown below.

So, when you try to access this via your browser: https://crm.yourdomain.com/xrmservices/2011/discovery.svc?wsdl=wsdll, you will see within the XML a metadata node that contains the following:

<wsx:MetadataReference>

xmlns=”http://www.w3.org/2005/08/addressing“>https://adfs.yourdomain.local/adfs/ls/mex</Address>

wsx:MetadataReference>

Comparing that our Production CRM 2011 Server running on ADFS 2.0 you will see:

<wsx:MetadataReference>

xmlns=”http://www.w3.org/2005/08/addressing“>

https://adfs.yourdomain.local/adfs/services/trust/mex

Solution:

The current solution is to run the PowerShell script provided in http://support.microsoft.com/kb/2828015.

A power shell script will fix the problem with ADFS 2.1 having a known issue publishing metadata for mex endpoints. After configuring claims based authentication in Microsoft Dynamics CRM 2011, mex endpoints are not reachable.

Step 1: Start PowerShell Console

Step 2: Execute the Script contained in KB Article

Step 3: Either Restart both the CRM and ADFS Servers, or restart the ADFS Service, IIS on both machines.

Make sure with all ADFS adventures that your browser cache is clear.

The current solution is to run the PowerShell script provided in http://support.microsoft.com/kb/2828015.

My fellow MVP from down under, George Doubinski ran into this issue late last night, as has now offered to move from Australia, take up US citizenship just to vote for me if I ever decided to run for President!  Thanks George but I might be headed your way!

Update: here’s the new KB link for Windows Server 2012. I have confirmed this is fixed in ADFS 2.1
http://support.microsoft.com/kb/2827748

Comments are closed.