After enabling claims for CRM 2011 through Microsoft Dynamics CRM 2011 Deployment Manager, you get the CRM FederationMetadata URL. But, when you try to browse the URL: https://..com/FederationMetadata/2007-06/FederationMetadata.xml , you receive one of the following errors:
HTTP 503 Service Unavailable error. OR HTTP 404 Not Found error
HTTP 503 Service Unavailable error.
OR
HTTP 404 Not Found error
This is because the IIS URL Rewrite module is not rewriting the URL correctly. CRM creates rules within the rewrite module, one of these rules is to load the handlers/FederationMetadata.ashx when FederationMetadata/2007-06/FederationMetadata.xml is requested.
We can address this issue, by doing:
Steps to uninstall/ re-install URL Re-write:
a. Navigate to Add/Remove programs b. Identify Microsoft URL Rewrite Module and uninstall it c. To re-install the module locate rewrite_1.1_amd64_rtw file in the CRM 2011 Server installation folder “UrlRewriteModule”
NOTE: You may have to reboot the CRM server; however, not mandatory.
a. Using command prompt run the following Command: NETSH HTTP SHOW URLACL b. The above should show us all the reserved namespaces. c. If any return with an error as shown below, then follow to step d: Reserved URL : https://+:444/adfs/services/ Can't lookup sid, Error: 1332 SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243- 975697593) d. Run the similar commands to delete reserved namespaces with errors: netsh http delete urlacl url=https://+:444/adfs/services/ NOTE: The URL’s in step d must be changed according to what we receive in step c. e. Reset IIS on the CRM server f. Configure CLAIMS again using Deployment Manager on CRM 2011 g. Now try accessing the FederationMetadata.xml URL: https://..com/FederationMetadata/2007-06/FederationMetadata.xml
a. Using command prompt run the following Command:
NETSH HTTP SHOW URLACL
b. The above should show us all the reserved namespaces. c. If any return with an error as shown below, then follow to step d:
Reserved URL : https://+:444/adfs/services/ Can't lookup sid, Error: 1332 SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243- 975697593)
d. Run the similar commands to delete reserved namespaces with errors:
netsh http delete urlacl url=https://+:444/adfs/services/
NOTE: The URL’s in step d must be changed according to what we receive in step c.
e. Reset IIS on the CRM server f. Configure CLAIMS again using Deployment Manager on CRM 2011 g. Now try accessing the FederationMetadata.xml URL: https://..com/FederationMetadata/2007-06/FederationMetadata.xml