I arrive at work one morning and decide to access CRM on one of our development environments configured for use with IFD. I cannot access it on the server, I cannot access it via a website away from the server through IFD. It lets me get to the sign in page and it accepts my credentials but then just gives an internet explorer error page complaining about unauthorised access. IIS reset does not fix it and the event viewer does show us that it is having a hissy fit about ADFS. I restarted the ADFS server and still nothing….
Users may not be able to login to Microsoft Dynamics CRM using internal claims based authentication or IFD. The user will be repeatedly prompted to sign in.
In the Microsoft Dynamics CRM user interface the user will see the message below:
HTTP Error 401 - Unauthorized Access is denied.
An error has occurred.
If you are having the same issue try the following sequence of events:
Try the following sequence to see if we can get your system up and running again:
1. On the Microsoft Dynamics CRM server, go to Deployment Manager and disable the Claims Based Authentication
2. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type IIS resetto complete an IIS reset
3. Re-configure Claims-Based Authentication from Deployment Manager keeping all the settings same
4. Re-configure IFD through the Microsoft Dynamics CRM Deployment Manager
5. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type IIS reset to complete an IIS reset
6. In ADFS Management Console on the ADFS server, update the corresponding Federation Metadata URLs
a. Go to the ADFS Server and open the ADFS management Console
b. Click Relying Party Trusts to display the internal and external relying party trusts
c. Right-click each and select Update Federation Metadata
d. Go to the Microsoft Dynamics CRM server, click the Start menu, select Run and type IIS reset to complete an IIS reset
e. Next, browse to Service on the ADFS server and restart the ADFS service