CRM 2013: Cannot connect to Microsoft Dynamics CRM for Tablets

Issue:

You may receive the following error:

Apple iPad:

We’re sorry, Your server is not available or does not support this application

Windows 8.1 RT:

Windows Authentication window pops up.

Windows Authentication pop-up

Cause/Problem:

Incorrect permissions on the Web Application IIS server, OAuth provider not configured and client apps not registered.

Resolution:

Make sure your certificate is trusted by the client device. If you’re using self-signed certificate, install Root CA to the device.

Test your Internet-Facing Deployment to work in a browser without certificate warnings. To be able to successfully connect to a CRM deployment, you will need to run a Repair of Microsoft Dynamics CRM Server 2013 installation on the Web Application Server role where IIS service is installed. Open Program and Features, select Microsoft Dynamics CRM Server 2013 and Click Repair. Map installation media and wait for an operation to finish.

Repair Microsoft Dynamics CRM

Configure the OAuth provider on Microsoft Dynamics CRM server

Start a PowerShell window and execute the following script:

Import-Module "C:\Program Files\Microsoft Dynamics CRM\Tools\Microsoft.Crm.PowerShell.dll"
$fedurl = Get-CrmSetting -SettingType ClaimsSettings
$fedurl.FederationProviderType = 1
Set-CrmSetting $fedurl

Register the client apps

The mobile client apps for the Apple iPad and Windows 8 tablets and phone must be registered with AD FS.

Log on to the ADFS server and execute the PowerShell script:

Add-AdfsClient -ClientId ce9f9f18-dd0c-473e-b9b2-47812435e20d `
-Name "Dynamics CRM Mobile Companion" `
-RedirectUri ms-app://s-1-15-2-2572088110-3042588940-2540752943-3284303419-1153817965-2476348055-1136196650/, ms-app://s-1-15-2-1485522525-4007745683-1678507804-3543888355-3439506781-4236676907-2823480090/, urn:ietf:wg:oauth:2.0:oob

Try to connect with your tablet again.

For more information download Microsoft Dynamics CRM 2013 Implementation Guide.

SharePoint 2013: Keeps asking for credentials

Issue:

SharePoint keeps asking for credentials when accessing site with public IP address. After many attempts IIS returns HTTP 401.1 – Unauthorized: Logon Failed

Event ID: 6037
The program w3wp.exe, with the assigned process ID 8260, could not authenticate locally by using the target name HTTP/portal.celoxgroup.com.au. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.

Try a different target name.

 

Cause/Problem:

This problem occurs when IIS website uses Windows Integrated authentication and has a host header mapped to the local IP address. This is by security design to help prevent attacks to the server and authentication fails if the FQDN does not match the local computer name.

Resolution:

Add host headers to BackConnectionHostNames registry key to allow specific FQDN:

  • Open Registry Editor and navigate to HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  • Add new Multi-String Value and name it BackConnectionHostNames
  • In the Value data box type all host names located on the local server
  • Restart IIS

More information on Microsoft Article KB896861.