CRM 2013 and ADFS 2.2: Requested Authentication Method is not supported on the STS

Issue:

CRM 2013 and ADFS 2.2: Requested Authentication Method is not supported on the STS

Event ID: 364

Encountered error during federation passive request.

Protocol Name:
wsfed

Exception details:
Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.InvalidAuthenticationTypePolicyException: MSIS7102: Requested Authentication Method is not supported on the STS.
at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.EvaluatePolicy(IList`1 mappedRequestedAuthMethods, AccessLocation location, ProtocolContext context, HashSet`1 authMethodsInToken, Boolean& validAuthMethodsInToken)

 

Cause/Problem:

We could not find an official Microsoft article stating this but I believe ADFS Server does not allow to be directly published on the Internet because of the potential security reasons, therefore all requests should go through ADFS Proxy (Web Application Proxy).

Note that ADFS Server and Web Application Proxy cannot be installed on the same host.

Resolution:

Install and configure Web Application Proxy.

ADFS and WAP Network Diagram

Configure that all external HTTPS requests from sts.domain.com are redirected to Web Application Proxy (192.168.0.3) and not ADFS Server.

Make sure ADFS and WAP server locally resolves sts.domain.com to ADFS Server (192.168.0.2). To do so configure Split-DNS, point-to-point DNS or manually write hosts (recommended) on ADFS and WAP server.
File: %SystemRoot%\System32\Drivers\etc\hosts

192.168.0.2 sts.domain.com

Connect to ADFS server, open AD FS Management and create CRM IFD Relying Party rule. Follow Microsoft Dynamics CRM 2011 Configuring Claims-based Authentication article.

Try to access https://crm.domain.com externally.

Windows Server: The service cannot be started, either because it is disabled or it has no enabled devices associated with it

Issue:

Win32: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Windows could not start the <service> on Local Computer. Error 1068: The dependency service or group failed to start.

 

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Cause/Problem:

IP Helper and VMware Tools services cannot be started.

Resolution:

Make sure Windows Management Instrumentation service is started and have startup type Automatic. To do so, open Services (services.msc) and find Windows Management Instrumentation service, double click it and change startup type to Automatic.

IIS 7+: HTTP Error 403.13 – Forbidden: Your client certificate was revoked, or the revocation status could not be determined

Issue:

HTTP Error 403.13 – Forbidden

Your client certificate was revoked, or the revocation status could not be determined.

If your webserver cannot contact certificate revocation (CRL) server or your certificate was revoked you will receive an error 403.13.

Cause/Problem:

N/A

Resolution:

Make sure your revocation list is accessible via LDAP or HTTP or disable revocation checks.

Open Registry Editor and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\<SSL Binding>

Add DWORD key: DefaultSslCertCheckMode with value 1

Restart your server.

Exchange Server 2013: 404 – File or directory not found

Issue:

404 – File or directory not found.

The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

I have two Exchange 2013 servers, one is playing as a Client Access Server (CAS) where the other as a Database Availability Group (DAG). I have been configuring multiple OWA Virtual Directories using PowerShell, adding and removing virtual sites when suddenly above error occurred.

Meaning of the error is actually very clear, something is missing, something got deleted. I could see OWA virtual directory is there but somehow I couldn’t open OWA interface from anywhere. What is going on!? Maybe .NET doesn’t parse the code? Application pool doesn’t have sufficient permissions? Tried to reset virtual directory, didn’t solve the problem nor did reinstall of the Exchange CAS server. Hm… Let’s take a step back, maybe there’s no issues on the CAS server.

It wasn’t! After a deep digging with the Firebug I discovered DAG server also contains virtual directories. When I opened the IIS console I could see OWA virtual directory is missing under the “Exchange Back End” site.

404 File or directory not found

Cause/Problem:

N/A

Resolution:

New-OwaVirtualDirectory -WebSiteName "Exchange Back End" -Server <DAG>

This PowerShell script solved the problem.

Exchange 2013: Error – Exception has been thrown by the target of an invocation.

Issue:

Exchange 2013 CU2 Error

 

Cause/Problem:

Error when you try to install Microsoft Exchange Server 2013 Cumulative Update 2. In an ExchangeSetup log you can find the following:

[08.15.2013 11:51:07.0535] [0] [ERROR] Exception has been thrown by the target of an invocation.
[08.15.2013 11:51:07.0535] [0] [ERROR] The type initializer for 'Microsoft.Exchange.Data.Directory.Globals' threw an exception.
[08.15.2013 11:51:07.0535] [0] [ERROR] The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. (Exception from HRESULT: 0x80070422)

 

Resolution:

That’s right, Exchange Setup for some reason disables all MS Exchange services which result an error in case you launch setup again. Start Exchange services and try to run setup again.

Make sure as well Windows Management Instrumentation and IP Helper services are started and have startup type Automatic.