cub-e.net

just coding...

Dynamics CRM IFD (Windows server 2012 R2 ADFS 3.0) ile CRM for Outlook Baglanma Problemi

Eger sizde benim gibi Dynamics CRM kurulumunuz ile ADFS 3.0'i ayni server uzerinde kullaniyorsaniz Outlook Client Configuration Wizard ile yapilandirma sirasinda authentication probleminden dolayi bir hata alabilirsiniz.
Log dosyasini incelediginizde asagidaki gib bir hata mesaji olacaktir.

"Error connecting to URL: https://org.contoso.com/XRMServices/2011/Discovery.svc Exception: Microsoft.Crm.CrmException: Authentication failed"

Bu hata ile ilgili nette buldugun bircok cozeum yolunu denesem de sonuc vermedi. Bende Fiddler ile arka tarafatki iletisimde neler oldugunu izlemeye karar verdim. Fiddler ile gordum ki Configuration Wizard'in gitmeye calistigi bir adreste 503 hatasi almaktayim, Adres ise su formattaydi: 

"https://adfs.contoso.com/adfs/services/trust/mex"

Evet sorun ADFS'deydi. CRM web arabiriminde sorunsuzca gorevini yerine getiren ADFS Outlook Client'da ise hataya neden olmaktaydi. Bunun uzerine hemen ADFS Servera gittim ve arastirmalara basladim.
ADFS Serverda Event Viewer'da  sorunun kaynagini yakaladim:

Event ID:      102
Description:
There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. 
 
Additional Data 
Exception details: 
System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808. This could happen if there is another application already listening on this endpoint or if you have multiple service endpoints in your service host with the same IP endpoint but with incompatible binding configurations. ---> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted
 

Yani ADFS Server 808 nolu bir portu kullanmaktaydi. 808 Portu ayni zamanda Asynchronous Service tarafinda da kullanilmakta.
ProtocolPortDescriptionExplanation

TCP

808

CRM server role communication

The Asynchronous Service and Web Application Server services communicate to the Sandbox Processing Service through this channel. The default port is 808, but can be changed in the Windows registry by adding the DWORD registry value TcpPort in the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM\.

Yeri gelmisken bahsedeyim CRM tarafindan kullanilan diger portalarin listesi de soyle:
ProtocolPortDescriptionExplanation

TCP

80

HTTP

Default web application port. This port may be different as it can be changed during Microsoft Dynamics CRM Server Setup. For new websites, the default port number is 5555.

TCP

135

MSRPC

RPC endpoint resolution.

TCP

139

NETBIOS-SSN

NETBIOS session service.

TCP

443

HTTPS

Default secure HTTP port. The port number may differ from the default port. This secure network transport must be manually configured. Although this port is not required to run Microsoft Dynamics CRM, we strongly recommend it. For information about how to configure HTTPS for CRM, see “Make Microsoft Dynamics CRM client-to-server network communications more secure” in Post-installation and configuration guidelines for Microsoft Dynamics CRM in the Installing Guide.

TCP

445

Microsoft-DS

Active Directory service required for Active Directory access and authentication.

UDP

123

NTP

Network Time Protocol.

UDP

137

NETBIOS-NS

NETBIOS name service.

UDP

138

NETBIOS-dgm

NETBIOS datagram service.

UDP

445

Microsoft-DS

Active Directory service required for Active Directory access and authentication.

UDP

1025

Blackjack

DCOM, used as an RPC listener.

Listenin tamamina bu adresten ulasabilirsiniz. https://technet.microsoft.com/en-us/library/hh699823.aspx

Sorunumuza geri donersek 808 nolu portu degistirmem gerekiyordu. Iste asagidaki komut da tam bu ise yariyor:
Set-ADFSProperties –nettcpport 809

ADFS portunu 809 olarak degistirdim ve servisi yeniden baslattim. 
Configuration Wizard'a geri dondum ve tekrar denedim sorun cozulmustu. Zaten Fiddler'da da ilgili bolumu sorunsuzca gectigini gordum. 

Umarim sizlere de faydali olur.

*************************
21/05/2015 tarihinde ek:
Yukaridaki durum update rollup 0.1 yukledikten sonra yine devam etti. Konuyu arastirinca bu sefer de 49443 portunda ayni sorunun oldugunu gordum. Konuyu inceleyince bu portu da ADFS TlsClientPort oldugunu ogrendim.
Bu portu da yukaridaki konutla baska bir porta yonlendirdim.
Set-ADFSProperties -tlsclientport 42223

firewall ve diger ayarlari yaptiktan sonra ADFS Servisi yeniden baslattim ve hersey yoluna girdi. 
Loading