次の方法で共有


Configuring Dynamics CRM 2013 for Outlook client fails in an IFD/ADFS scenario when you use WAP to publish the CRM URL's

Imagine the scenario:

You have configured your CRM 2013 to use claims based authentication and configured IFD as well. Everything is working fine except CRM for Outlook. It fails at the configuration level itself with below error in the config log

11:24:25| Error|
Error connecting to URL:
https://crm.contoso.com/XRMServices/2011/Discovery.svc Exception:
System.InvalidOperationException: Metadata contains a reference that cannot be
resolved: 'https://adfs.contoso.com/adfs/ls?version=1.0&action=signin&realm=urn:AppProxy:com&appRealm=1e72fc64-781c-e411-80c6-0050568757b5&returnUrl=https://crm.contoso.com/XRMServices/2011/Discovery.svc?wsdl&client-request-id=D8A4D498-B0AD-0000-AFB9-D7D8ADB0CF01'.
---> System.Xml.XmlException: CData elements not valid at top level of an
XML document. Line 1, position 3.

   at
System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader,
XmlException exception)

   at
System.Xml.XmlUTF8TextReader.Read()

   at
System.Xml.XmlBaseReader.MoveToContent()

   at
System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.GetXmlReader(HttpWebResponse
response, Int64 maxMessageSize, XmlDictionaryReaderQuotas readerQuotas)

   at System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.DownloadMetadata(TimeoutHelper
timeoutHelper)

   at
System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper
timeoutHelper)

   --- End of inner
exception stack trace ---

   at
System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper
timeoutHelper)

   at
System.ServiceModel.Description.MetadataExchangeClient.ResolveNext(ResolveCallState
resolveCallState)

   at System.ServiceModel.Description.MetadataExchangeClient.GetMetadata(MetadataRetriever
retriever)

   at
System.ServiceModel.Description.MetadataExchangeClient.GetMetadata(Uri address,
MetadataExchangeClientMode mode)

   at
Microsoft.Xrm.Sdk.Client.ServiceMetadataUtility.RetrieveServiceEndpointMetadata(Type
contractType, Uri serviceUri, Boolean checkForSecondary)

11:24:26| Error|
Exception : Metadata contains a reference that cannot be resolved:
'https://adfs.contoso.com/adfs/ls?version=1.0&action=signin&realm=urn:AppProxy:com&appRealm=1e72fc64-781c-e411-80c6-0050568757b5&returnUrl=https://crm.contoso.com/XRMServices/2011/Discovery.svc?wsdl&client-request-id=D8A4D498-B0AD-0000-AFB9-D7D8ADB0CF01'. at Microsoft.Crm.Application.Outlook.Config.DeploymentsInfo.LoadOrganizations(AuthUIMode
uiMode, Form parentWindow)

   at
Microsoft.Crm.Application.Outlook.Config.ServerForm.LoadOrganizations(Boolean
forceUI)

   at
Microsoft.Crm.Application.Outlook.Config.ServerForm.<InitializeBackgroundWorkers>b__0(Object
sender, DoWorkEventArgs e)

   at
System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)

   at
System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)

11:24:26| Error|
Exception : CData elements not valid at top level of an XML document. Line 1,
position 3. at
System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader,
XmlException exception)

   at
System.Xml.XmlUTF8TextReader.Read()

   at
System.Xml.XmlBaseReader.MoveToContent()

   at
System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.GetXmlReader(HttpWebResponse
response, Int64 maxMessageSize, XmlDictionaryReaderQuotas readerQuotas)

   at
System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.DownloadMetadata(TimeoutHelper
timeoutHelper)

   at
System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper
timeoutHelper)

In the error message we can see the request hits WS-Federation endpoint https://adfs.contoso.com/adfs/ls/
but fails on Discovery service URL https://crm.contoso.com/XRMServices/2011/Discovery.svc?wsdl

saying “Error connecting to URL:
https://crm.contoso.com/XRMServices/2011/Discovery.svc Exception:
System.InvalidOperationException: Metadata contains a reference that cannot be
resolved

Further if you access the Discovery service URL directly from the internet you will see it being redirected to the ADFS Server. This is not good.

The Discovery service URL should be accessible using the Anonymous authentication after IFD/ADFS implementation.

A fiddler trace in the scenario gives a HTTP Status code 307 “temporary redirect” on accessing the discovery service.

A platform trace of CRM will not give any trace of this redirection happening in the background. This means the request does not hit CRM and the redirection happens before that.

You will hit this behaviour/ issue if you have configured ADFS WAP and published CRM external URL’s through that and the External Discovery service URL was set to True for “DisableTranslateUrlInResponseHeaders”, causing the redirection.

Information on WAP (Web Application Proxy) can be seen here

 

To resolve the issue you need to set the value for DisableTranslateUrlInResponseHeaders to False.

Below URL’s discusses what is DisableTranslateUrlInResponseHeaders and AD FS Preauthentication. If you want to know more about this refer to the below URL’s

https://technet.microsoft.com/en-in/library/dn383640.aspx

https://technet.microsoft.com/en-in/library/dn383641.aspx

Also make sure that Discovery service URL is not using ADFS Preauthentication. If the ADFS Preauth is in place, Web Application Proxy will redirect the HTTPS request to the AD FS server with URL encoded parameters. If not, we may get into a problem where CRM Outlook is not handling the 307 redirect correctly.

 

Best Regards

Dynamics CRM Support Team

Share this Blog Article on Twitter

Tweet

Follow Us on Twitter

Follow @MSDynCRMSupport