Active Directory Federation Services (ADFS) creates and manages the two certificates used for the tokens issued. These are the Token-signing and Token-decrypting certificates. By default, these certificates are valid for one year from their creation and around the one-year mark, they will renew themselves automatically via the Auto Certificate Rollover feature in ADFS. Once this […]
Join me at the CRMUG Summit In Reno NV. This is the premier Dynamics CRM Event of the year. Don’t miss out, not too late to register below. More details.. http://www.crmugsummit.com/home Here’s my preliminary schedule. Please refer to the website! Monday, October 12 8:00pm-10:00pm @ Peppermill – Terrace Lounge Chapter Leader Bash Tuesday, October […]
It’s that time of year again, when all the CRM User base gets together for the biggest CRM user group event of the year. CRMUG Summit is a great place to learn, network and do all things CRM! Some details to the event can be found here. If you’re attending, see […]
Please find my latest presentation on ADFS from Microsoft Convergence 2013. This presentation includes topics like SSL Certificates, DNS Entries, Firewall, Common Deployments, ADFS Proxy Servers, IFD, ADFS Installation, Tips and Tricks, Troubleshooting and ADFS Errors. Please note the ADFS central link is not yet live on this site. This is the e-book I’m creating […]
Reviewing a client’s ADFS configuration, I found an unusually error message in the ADFS service federation metadata saying “Keyset does not exist”. After searching for all the usually culprits, this turned out to be one of the most commonly forgotten issues – Giving access to the service account to manage the private keys for the certificate. […]
CRM 2011 ADFS comes with a unqiue feature: Auto-Rollover for SSL Certification expiration. You must load the new SSL certificate on the box prior to the Auto-Rollover. We are finding out this might be as automatic as once thought. If your ADFS console looks like the following and your CRM is not working the steps […]
ADFS uses standard SSL certificates to secure it’s communicatons. SSL certificates are not static, and often change on a yearly basis. This will cause the warning condition in the ADFS management console as seen below: Once you enter the ADFS management console, under the relying party trust you will see: Once you replace […]
We could not find a document or knowledge base article as to where a CRM 4.0 Customer had installed and was using client side certificates with the REQUIRED flag checked. It turns out that while you can setup IIS to accept client side certificates selecting the REQUIRED option will break CRM functionality: Configuring the Outlook Client […]
When installing ADFS to support your CRM 2011 IFD installation, if you have any errors or stop the install, the install will leave directories under the default website that need to be deleted. You can run this from the command prompt: appcmd delete app “Default Web Site/adfs/ls This will delete the website. You can also […]
During the CRM 2011 installation process for ADFS/IFD, you will notice issues when resolving external non matching internal domain references (crm.microsoft.com to crm.go.local) especially when using the SSL certficates. This can take hours of tracing and troubleshooting to realize its related to a new lookback feature introduced with Windows 2003 Server SP1. The solution is […]