ADFS Blocks access to CRM services

In the last couple of weeks I spent quite a lot of time making an integration with SharePoint 2010 and CRM 2011 work.

From SharePoint I’m adding new leads in CRM using the CRM services. The main problem that I was facing was that every time I tried to access the services I would receive a

The request failed with HTTP status 401: Unauthorized.

Whatever I did I couldn’t get this to work.

Then my colleague, Chris, found the following article, which explained a lot:

http://www.microsoft.com/en-us/download/details.aspx?id=3621

( the Configuring Claims-based Authentication for Microsoft Dynamics CRM 2011 document helped us)

In our CRM environment we configured the External Access method and used this both internally an externally. It worked so we never worried about this in the past.

It looks like this is only becoming a problem when you try to access the services (or maybe I should say by pass the login form)

Configuring an internal access method resolves the issue of not being able to access the services.

To make this work did take quite a lot of time, so hopefully this blog can help some people struggling with the same issue.

To help you a bit more I’ve developed an application to test the connection to your Crm Service. If like to have a copy please download it form here:

https://crmserviceconnection.codeplex.com/


Discover more from SharePains

Subscribe to get the latest posts sent to your email.

Avatar of Pieter Veenstra

Is your business still running on paper trails, sprawling Excel files, or ageing Access databases? There's a better way — and I can show you exactly what it looks like. I'm the Technical Director of Vantage 365, a Microsoft solutions consultancy working with clients across the UK, the Netherlands, and worldwide. For over 30 years I've been turning messy, manual business processes into clean, automated systems that save time, reduce errors, and give teams the visibility they need to make better decisions. SharePains is not just any blog run by a Microsoft MVP. Have you ever used Try-Catch in Power Automate? The original post about Try-Catch in Power Automate can still be found on this site, https://sharepains.com/2018/02/07/try-catch-finally-in-power-automate-flow/ Or have you ever used the Pieter’s method to avoid variables and speed up your flows? https://sharepains.com/2020/03/11/pieters-method-for-advanced-in-flows/ You can contact me using contact@sharepains.com

Related Posts

7 thoughts on “ADFS Blocks access to CRM services

  1. Peter,
    I am having the same issue with CRM 2011 IFD and trying to access the 4.0 discovery services. What exactly in the internal claims based authentication resolved the issue? I have everything set up (I think) according to the document, but I still can’t get to the 4.0 services. Something odd I will note is that the internalcrm URL is requiring a login prompt, which I don’t believe it should. Any guidance you could give is appreciated!
    Melissa

    1. Hi Mellissa,

      We had to rebuild our environment. First we created the ‘internal site’, without the ADFS login. After that we setup the ‘external site’.

      Pieter

  2. Pieter, were you able to connect to the legacy web services externally as well after implementing the internal site?
    I haven’t read through the description yet since I’m unsure if this will help me so bear with me if my question is slightly dumb.

    1. Hi Rickard,

      Good question. I guess we avoided using ADFS as we used the internal connection.

      The issue here is accesssing the services while the login form of ADFS interupts the communication with the service.

      1. The problem I’m having is to access the legacy discovery web service to be able to use a third party integration service that will access the CRM from “the outside”. I haven’t been able to solve this yet so any hints are warmly welcome 🙂

      2. Hi Rickard,

        Are your services hidden behind ADFS? if they are then it’s not possible to get to the services directly . It’s pretty much the same problem I had except for that in my case it was our own website contacting the CRM services so that I was able to avoid ADFS interupting the communication. In your case it’s an external call, so my solution will not apply to your problem.

        The best solution for you is to create another service which runs internally to the CRM services and offers the functionality that you need. You can then contact this service to do the work.

        Let me know how you get on.

  3. This is highly frustrating, now I’ve passed the 401-issue and instead faces a 404-issue. I can’t reach the asmx but if I put a text file in that directory I can read it. Have you (or anyone else) seen a similar behaviour?

    Thanks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from SharePains

Subscribe now to keep reading and get access to the full archive.

Continue reading