In the last couple of weeks I spent quite a lot of time making an integration with SharePoint 2010 and CRM 2011 work.

From SharePoint I’m adding new leads in Crm using the Crm services. The main problem that I was facing was that every time I tried to access the services I would receive a

The request failed with HTTP status 401: Unauthorized.

Whatever I did I couldn’t get this to work.

Then my colleague, Chris, found the following article, which explained a lot:

( the Configuring Claims-based Authentication for Microsoft Dynamics CRM 2011 document helped us)

In our Crm environment we configured the External Access method and used this both internally an externally. It worked so we never worried about this in the past.

It looks like this is only becoming a problem when you try to access the services (or maybe I should say by pass the login form)

Configuring an internal access method resolves the issue of not being able to access the services.

To make this work did take quite a lot of time, so hopefully this blog can help some people struggling with the same issue.

To help you a bit more I’ve developed an application to test the connection to your Crm Service. If like to have a copy please download it form here:

Avatar for Pieter Veenstra

By Pieter Veenstra

Business Applications Microsoft MVP working as a Principal Architect at HybrIT Services Ltd. You can contact me using

7 thoughts on “ADFS Blocks access to CRM services”
  1. Peter,
    I am having the same issue with CRM 2011 IFD and trying to access the 4.0 discovery services. What exactly in the internal claims based authentication resolved the issue? I have everything set up (I think) according to the document, but I still can’t get to the 4.0 services. Something odd I will note is that the internalcrm URL is requiring a login prompt, which I don’t believe it should. Any guidance you could give is appreciated!

    1. Hi Mellissa,

      We had to rebuild our environment. First we created the ‘internal site’, without the ADFS login. After that we setup the ‘external site’.


  2. Pieter, were you able to connect to the legacy web services externally as well after implementing the internal site?
    I haven’t read through the description yet since I’m unsure if this will help me so bear with me if my question is slightly dumb.

    1. Hi Rickard,

      Good question. I guess we avoided using ADFS as we used the internal connection.

      The issue here is accesssing the services while the login form of ADFS interupts the communication with the service.

      1. The problem I’m having is to access the legacy discovery web service to be able to use a third party integration service that will access the CRM from “the outside”. I haven’t been able to solve this yet so any hints are warmly welcome 🙂

      2. Hi Rickard,

        Are your services hidden behind ADFS? if they are then it’s not possible to get to the services directly . It’s pretty much the same problem I had except for that in my case it was our own website contacting the CRM services so that I was able to avoid ADFS interupting the communication. In your case it’s an external call, so my solution will not apply to your problem.

        The best solution for you is to create another service which runs internally to the CRM services and offers the functionality that you need. You can then contact this service to do the work.

        Let me know how you get on.

  3. This is highly frustrating, now I’ve passed the 401-issue and instead faces a 404-issue. I can’t reach the asmx but if I put a text file in that directory I can read it. Have you (or anyone else) seen a similar behaviour?


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from SharePains by Microsoft MVP Pieter Veenstra

Subscribe now to keep reading and get access to the full archive.

Continue Reading