{"id":744,"date":"2014-07-21T10:20:07","date_gmt":"2014-07-21T04:50:07","guid":{"rendered":"https:\/\/www.inogic.com\/blog\/?p=744"},"modified":"2025-05-05T15:24:06","modified_gmt":"2025-05-05T09:54:06","slug":"unable-to-configure-dynamics-crm-outlook-client-for-org-configured-for-ifd-access","status":"publish","type":"post","link":"https:\/\/www.inogic.com\/blog\/2014\/07\/unable-to-configure-dynamics-crm-outlook-client-for-org-configured-for-ifd-access\/","title":{"rendered":"Unable to Configure Dynamics CRM Outlook Client for Org Configured for IFD Access"},"content":{"rendered":"

Introduction<\/span>:<\/strong><\/p>\n

Configuring Outlook Client usually involved making sure the regular stuff was\u00a0done\u00a0i.e.:<\/p>\n

    \n
  1. Adding the server url to trusted sites.<\/li>\n
  2. Checking whether the machine time matches the server time.<\/li>\n
  3. Able to access Dynamics CRM through Web Client.<\/li>\n
  4. Whether\u00a0Windows Identity foundation was installed.<\/li>\n
  5. Credentials cache cleared (Note: You can clear the credentials by going to the control panel -> credential manager. Then\u00a0 under Windows credentials, and generic credentials, remove any entry that starts with Microsoft_CRM)<\/li>\n<\/ol>\n

    All this was in order and it still did not allow configuration. We even went\u00a0through the Outlook diagnostics wizard that walks through the various possibilities but nothing came to the rescue.<\/p>\n

    We had configured Outlook Client for an On-Premise system recently and therefore the issue was probably due to the IFD configuration. Something was not right with the IFD configuration. One well known issue in this regard was\u00a0with using Windows Server 2012 and the mex endpoint issue as described here:\u00a0http:\/\/cognettacloud.com\/?p=861. But that was not the case here.<\/p>\n

    Problem<\/span>:<\/strong><\/p>\n

    Let me first show the error that we received while configuring the Outlook client:<\/p>\n

    \"Outlook<\/a>

    Outlook Configuration Wizard<\/p><\/div>\n

    \"Microsoft<\/a>

    Microsoft Dynamics CRM Error<\/p><\/div>\n

    The error log showed the following error:<\/p>\n

    10:50:38| Error| Error connecting to URL: https:\/\/uat.adventure.com:444\/XRMServices\/2011\/Discovery.svc<\/a> Exception: Microsoft.Crm.CrmException: Authentication failed
    \nat Microsoft.Crm.Outlook.ClientAuth.ClaimsBasedAuthProvider`1.AuthenticateClaims()
    \nat Microsoft.Crm.Outlook.ClientAuth.ClaimsBasedAuthProvider`1.SignIn()
    \nat Microsoft.Crm.Outlook.ClientAuth.ClientAuthProvidersFactory`1.SignIn(Uri endPoint, Credential credentials, AuthUIMode uiMode, IClientOrganizationContext context, Form parentWindow, Boolean retryOnError)
    \nat Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.DeploymentInfo.LoadOrganizations(AuthUIMode uiMode, Form parentWindow, Credential credentials)
    \nat Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.InternalLoadOrganizations(OrganizationDetailCollection orgs, AuthUIMode uiMode, Form parentWindow)<\/em><\/p>\n

    We also tried connecting CRM using Plugin registration tool and it failed too.<\/p>\n

    Resolution<\/span>:<\/strong><\/p>\n

    We found the following blog<\/a> that guided us to the real issue.<\/p>\n

    It was the ADFS mex issue – not the one about missing mex endpoint but the mex endpoint not running. Browsing the mex endpoint https:\/\/sts1.adventure.com\/adfs\/services\/trust\/mex<\/a> returned a 503 service unavailable. ADFS logs does not indicate any error about this when you try to login through the outlook client. However when you restart the ADFS service, look for the following error in the log:<\/p>\n

    Event ID: 102
    \nDescription:
    \nThere was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.<\/em><\/p>\n

    Additional Data
    \nException details:
    \nSystem.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808. This could happen if there is another application already listening on this endpoint or if you have multiple service endpoints in your service host with the same IP endpoint but with incompatible binding configurations. —> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol\/network address\/port) is normally permitted<\/p>\n

    ADFS & Dynamics CRM was installed on the same box in this case and so the Sandbox Service was running on this server. Incidentally the port being used by Sandbox Service & ADFS is the same port 808 and therefore the conflict in starting the mex endpoint.<\/p>\n

    The solution then was to change the ADFS service port from 808 to another one.<\/p>\n

    To change port, we can use the below powershell command. Here, we are setting port as 809 for ADFS\u00a0service.<\/p>\n

    Powershell command : \u00a0<\/strong><\/p>\n

    Set-ADFSProperties \u2013nettcpport 809<\/p>\n

    \"Windows<\/a>

    Administrator: Windows PowerShell<\/p><\/div>\n

    Note<\/em><\/strong>: The first step to running a powershell command that most sites list is to attach the snappin <\/em><\/p>\n

    add-pssnapin microsoft.adfs.powershell<\/em><\/p>\n

    However, running this command in Powershell in Windows Server 2012 returns an error. It appears that command is no longer required and the snappin is already attached.<\/em><\/p>\n

    After this you need to restart the ADFS service and check if you are able to browse mex endpoint url.<\/p>\n

    Conclusion<\/span>:<\/strong><\/p>\n

    Once you have verified the mex endpoint URL is running, you will be able to successfully connect to Dynamics CRM Web Services using all the client tools be it the Plugin Registration tool or the Outlook client. I did not try the Tablet client or the Mobile client but certainly that too would have failed to connect if the mex endpoint was not running. This is going to be one check that I would add after every IFD configuration to ensure this does not repeat. Thanks to Bhavesh the blog writer for pointing us in the right direction.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Introduction: Configuring Outlook Client usually involved making sure the regular stuff was\u00a0done\u00a0i.e.: Adding the server url to trusted sites. Checking whether the machine time matches the server time. Able to access Dynamics CRM through Web Client. Whether\u00a0Windows Identity foundation was installed. Credentials cache cleared (Note: You can clear the credentials by going to the control\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[21,22,24,29,41],"tags":[115,592,615,1118,1143],"class_list":["post-744","post","type-post","status-publish","format-standard","hentry","category-dynamics-crm-2013","category-dynamics-crm-2015","category-dynamics-crm-2016","category-ifd","category-outlook-client","tag-adfs-port","tag-dynamics-crm","tag-dynamics-crm-configuration","tag-microsoft-dynamics-crm-configuration","tag-microsoft-dynamics-crm-services"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/comments?post=744"}],"version-history":[{"count":0,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/744\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/media?parent=744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/categories?post=744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/tags?post=744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}