Run Set-WebApplicationProxyApplication -ID
on the WAP server for each published URL and see if that help
***********
Well it's been a long time since my last post but here's a good one that took far too long to resolve.
If you have a CRM 2016 IFD (Internet Facing Deployment) and are having authentication issues via ADFS this might apply to you.
You might be seeing errors like
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '1' seconds. Contact your administrator for details.
Also if you test it you'll find the external URL (Forms based auth) works.
And if you authenticate to the external url then the internal URL will start working.
Until you IISRESET the CRM server and it will break again.
Madness!
Turns out it's a bug in CRM 2016 Update 0.1 There was a change in how the ADFS token is handeled for Claims Based authentication.
This is why authencitaion via the external URL (Forms based) work, and once you have a good token from ADFS you can connect via either URL
And if you authenticate to the external url then the internal URL will start working.
Until you IISRESET the CRM server and it will break again.
Madness!
Turns out it's a bug in CRM 2016 Update 0.1 There was a change in how the ADFS token is handeled for Claims Based authentication.
This is why authencitaion via the external URL (Forms based) work, and once you have a good token from ADFS you can connect via either URL
Below from a ticket someone raised with Microsoft (2nd March, 2016)
We opened a support ticket with Microsoft and they have acknowledged it as a bug and are working on a fix for this (with no ETA)
From MS Support :
Cause: It’s a known bug with recently reported in 0.1 Update for CRM 2016.
Possible Case for the Issue: There were major code changes in Ara UR1 for authentication. The affected code is in Microsoft.Crm.Core.Security.Identity.IdentityExtensions.GetUserPrincipalName(). We are unable to cast to a from type ClaimsIdentity to a new type CrmIdentity.
Therefore, the variable is null, and we cannot retrieve the information.
Only solution for the moment is to uninstall the 0.1 update and wait.
It's worth noting the updates for other components (mail router, Report Server Extensions) are fine to install.
There are a ton of fixes in update 0.1 so I'm hoping they sort this out soon. Would be very good to be able to install CRM 2016 update 0.1
There are a ton of fixes in update 0.1 so I'm hoping they sort this out soon. Would be very good to be able to install CRM 2016 update 0.1
