Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Email Router error when loading data with a federated trusted user in Microsoft Dynamics CRM 2011


View products that this article applies to.

Symptom

Consider this scenario: Microsoft Dynamics CRM 2011 is in a separate Active Directory Domain as the users accessing the application. Authorization to access the Microsoft Dynamics CRM 2011 application is gained through the use of AD FS 2.0 or other federated service identity provider. The Microsoft Dynamics CRM 2011 deployment is configured so that the users in the separate (Home) domain gain access with their home domain credentials or Single Sign On (SSO) information through a federated trust of two AD FS 2.0 servers. The users can access Microsoft Dynamics CRM 2011 through
Outlook by implementing the HomeRealmURL registry key - http://technet.microsoft.com/en-us/library/gg188615.aspx

When configuring the Email Router for Microsoft Dynamics CRM 2011 from the home domain, there is an authentication error when selecting to load data for the deployment using the credentials of a user in the home domain. However, the load data option is successful in the Email Router configuration manager when using the credentials of a user in the same domain as Microsoft Dynamics CRM 2011. Here is an example of the error:

The E-mail Router Configuration Manager was unable to retrieve user and queue information from the Microsoft Dynamics CRM server. This may indicate that the Microsoft Dynamics CRM server is busy. Verify that URL 'https://crm2011.contoso.com/CRM2011' is correct. Additionally, this problem can occur if specified access credentials are insufficient. To try again, click Load Data. (metadata contains a reference that cannot be resolved: 'https://crm2011.contosoft.com/XrmServices/2011/Discovery.svc?wsdl'.)

The Load Data step may be successful with the same user credentials if the Load Data step was completed previously using credentials of a user in the same domain as CRM.

↑ Back to the top


Cause

Email router for Microsoft Dynamics CRM 2011 was not designed to recognize the HomeRealmURL registry key.

↑ Back to the top


Resolution

A change has been applied to the Microsoft Dynamics CRM 2011 Email Router application to recognize the HomeRealmURL registry key in order to use credentials of a user in a separate domain with Update Rollup 12. - http://support.microsoft.com/kb/2795627

After applying Update Rollup 12 for the Microsoft Dynamics CRM 2011 Email Router, follow the below steps to implement the HomeRealmURL registry key.

1. On the server hosting the email router, open the registry by selecting start and typing regedit in the search box
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MSCRM Email - if the key does not exist, right click Microsoft to create a new key labeled MSCRM Email
3. Create a String value labeled HomeRealmUrl, and enter in the trust/mex address of the AD FS server which is in the same domain as the user being
authenticated. Here is an example where Datum is the domain where the users reside: https://sts.Datum.com:444/adfs/services/trust/mex
4. In the Email Router Configuration manager on the deployments tab, edit the current deployment, select the radio button An online service provider under Deployment, and enter in the user credentials of a user in the Home domain.

↑ Back to the top


Keywords: kb

↑ Back to the top

Article Info
Article ID : 2811324
Revision : 1
Created on : 1/7/2017
Published on : 7/22/2014
Exists online : False
Views : 197