Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. An error message may occur when trying to access Microsoft Dynamics CRM 2011 with Claims Based Authentication. "404-File or Directory Not Found"

An error message may occur when trying to access Microsoft Dynamics CRM 2011 with Claims Based Authentication. "404-File or Directory Not Found"

Symptoms

An error message may occur when trying to access Microsoft Dynamics CRM 2011 with Claims Based Authentication. "404-File or Directory Not Found"

The following error stack can be found in the event viewer after enabling the AD FS trace log on the AD FS server:

Log Name: AD FS 2.0 Tracing/Debug
Source: AD FS 2.0 Tracing
Date: mm/dd/yyyy 00:00:00 PM
Event ID: 67
Task Category: None
Level: Error
Keywords: ADFSProtocol
User: NETWORK SERVICE
Computer: SERVER
Description:
Failed to process the Web request because the request is not valid. Cannot get protocol message from HTTP query. The following errors occurred when trying to parse incoming HTTP request:

Microsoft.IdentityServer.Protocols.Saml.HttpSamlMessageException: MSIS7015: This request does not contain the expected protocol message or incorrect protocol parameters were found according to the HTTP SAML protocol bindings.
   at Microsoft.IdentityServer.Web.HttpSamlMessageFactory.CreateMessage(HttpContext httpContext)
   at Microsoft.IdentityServer.Web.FederationPassiveContext.EnsureCurrent(HttpContext context)

↑ Back to the top

Cause

IIS Applicationhost.config is incomplete. This could be caused by a corrupt or incomplete installation of AD FS. One or all of the following location paths and their settings have been removed:

<location path="Default Web Site/adfs">
<location path="Default Web Site/adfs/ls">
<location path="Default Web Site/adfs/ls/auth">
<location path="Default Web Site/adfs/ls/auth/integrated">
<location path="Default Web Site/adfs/ls/auth/sslclient">
<location path="Default Web Site/adfs/ls/auth/basic">

↑ Back to the top

Resolution

In order to fix this issue, you must follow the steps below:

1. Stop the IIS service on the AD FS server

2. Stop the AD FS service on the AD FS server

3. Make a copy of the applicationhost.config file and then open the applicationhost.config file located: c:\windows\system32\inetsrv.

4. Review this file for any missing file location paths. Update this file to include all file location paths as displayed below.

<location path="Default Web Site/adfs">
        <system.webServer>
            <handlers accessPolicy="Read" />
            <security>
                <access sslFlags="Ssl, Ssl128" />
                <authentication>
                    <windowsAuthentication enabled="false" useAppPoolCredentials="true">
                        <extendedProtection tokenChecking="Allow" />
                    </windowsAuthentication>
                    <clientCertificateMappingAuthentication enabled="false" />
                    <anonymousAuthentication enabled="true" />
                    <iisClientCertificateMappingAuthentication enabled="false" />
                    <digestAuthentication enabled="false" />
                </authentication>
            </security>
            <directoryBrowse enabled="false" showFlags="Date, Time, Size, Extension" />
            <defaultDocument enabled="true">
                <files>
                    <clear />
                    <add value="default.aspx" />
                </files>
            </defaultDocument>
        </system.webServer>
    </location>
    <location path="Default Web Site/adfs/ls">
        <system.webServer>
            <handlers accessPolicy="Read, Script" />
            <security>
                <access sslFlags="Ssl, Ssl128" />
                <authentication>
                    <windowsAuthentication enabled="true" useAppPoolCredentials="true">
                        <extendedProtection tokenChecking="Allow" />
                    </windowsAuthentication>
                    <clientCertificateMappingAuthentication enabled="false" />
                    <anonymousAuthentication enabled="true" />
                    <iisClientCertificateMappingAuthentication enabled="false" />
                    <digestAuthentication enabled="false" />
                </authentication>
            </security>
        </system.webServer>
    </location>
    <location path="Default Web Site/adfs/ls/auth">
        <system.webServer>
            <security>
                <authentication>
                    <windowsAuthentication enabled="false" useAppPoolCredentials="true" />
                    <clientCertificateMappingAuthentication enabled="false" />
                    <anonymousAuthentication enabled="false" />
                    <iisClientCertificateMappingAuthentication enabled="false" />
                    <digestAuthentication enabled="false" />
                </authentication>
            </security>
        </system.webServer>
    </location>
    <location path="Default Web Site/adfs/ls/auth/integrated">
        <system.webServer>
            <handlers accessPolicy="Read, Script" />
            <security>
                <authentication>
                    <windowsAuthentication enabled="true" useAppPoolCredentials="true" />
                    <clientCertificateMappingAuthentication enabled="false" />
                    <anonymousAuthentication enabled="false" />
                    <iisClientCertificateMappingAuthentication enabled="false" />
                    <digestAuthentication enabled="false" />
                </authentication>
            </security>
        </system.webServer>
    </location>
    <location path="Default Web Site/adfs/ls/auth/sslclient">
        <system.webServer>
            <handlers accessPolicy="Read, Script" />
            <security>
                <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert, Ssl128" />
                <authentication>
                    <windowsAuthentication enabled="false" useAppPoolCredentials="true" />
                    <clientCertificateMappingAuthentication enabled="false" />
                    <anonymousAuthentication enabled="true" />
                    <iisClientCertificateMappingAuthentication enabled="false" />
                    <digestAuthentication enabled="false" />
                </authentication>
            </security>
        </system.webServer>
    </location>
    <location path="Default Web Site/adfs/ls/auth/basic">
        <system.webServer>
            <handlers accessPolicy="Read, Script" />
            <security>
                <authentication>
                    <windowsAuthentication enabled="false" useAppPoolCredentials="true" />
                    <clientCertificateMappingAuthentication enabled="false" />
                    <anonymousAuthentication enabled="true" />
                    <iisClientCertificateMappingAuthentication enabled="false" />
                    <digestAuthentication enabled="false" />
                </authentication>
            </security>
        </system.webServer>
    </location>

4. Start the IIS service on the AD FS server


5. Start the AD FS service on the AD FS server

↑ Back to the top

Keywords: kbmbsmigrate, kbmbspartner, vkball, kb

↑ Back to the top

Article Info
Article ID : 2847921
Revision : 1
Created on : 1/8/2017
Published on : 5/17/2013
Exists online : False
Views : 67