Dynamics Customer Engagement V9版本配置面向Internet的部署时候
作者:互联网
微软动态CRM专家罗勇 ,回复299或者20190120可方便获取本文,同时可以在第一间得到我发布的最新博文信息,follow me!我的网站是 www.luoyong.me 。
Dynamics 365 Server 版本 9.0 在2018年12月5日已经可以下载了,简体中文版下载网址是:https://www.microsoft.com/zh-CN/download/details.aspx?id=57478 。
我最近也下载了一个,在配置IFD的过程中发现了一个问题,在【配置面向Internet的部署】时候,输入面向Internet的服务器所在的外部域后,【下一步】按钮不可点击,无论你输入什么值。
咋回事?我也看了AD FS错误日志如下:
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
https://demo.luoyong.me/
Exception details:
Microsoft.IdentityServer.RequestFailedException:
MSIS7012: An error occurred while processing the request. Contact your
administrator for details. --->
Microsoft.IdentityServer.Service.SecurityTokenService.EmptyOrMissingWSFederationPassiveEndpointException:
MSIS5004: The WSFederationPassiveEndpoint address is not configured on
the relying party trust identified by the endpoint
'https://demo.luoyong.me/'. It is required to process the current
request.
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.ValidateAndUpdateReplyToForSigninMessage(MSISSignInRequestMessage&
wsFedSigninRequest, WrappedHttpListenerRequest httpRequest)
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSerializedToken(MSISSignInRequestMessage
wsFederationPassiveRequest, WrappedHttpListenerContext context,
SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested,
Boolean isApplicationProxyTokenRequired)
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext
context, SecurityToken securityToken, SecurityToken
deviceSecurityToken)
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext
federationPassiveContext, SecurityToken securityToken, SecurityToken
deviceSecurityToken)
--- End of inner exception stack trace ---
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext
federationPassiveContext, SecurityToken securityToken, SecurityToken
deviceSecurityToken)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.Process(ProtocolContext context)
at
Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext
protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Microsoft.IdentityServer.Service.SecurityTokenService.EmptyOrMissingWSFederationPassiveEndpointException:
MSIS5004: The WSFederationPassiveEndpoint address is not configured on
the relying party trust identified by the endpoint
'https://demo.luoyong.me/'. It is required to process the current
request.
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.ValidateAndUpdateReplyToForSigninMessage(MSISSignInRequestMessage&
wsFedSigninRequest, WrappedHttpListenerRequest httpRequest)
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSerializedToken(MSISSignInRequestMessage
wsFederationPassiveRequest, WrappedHttpListenerContext context,
SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested,
Boolean isApplicationProxyTokenRequired)
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext
context, SecurityToken securityToken, SecurityToken
deviceSecurityToken)
at
Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext
federationPassiveContext, SecurityToken securityToken, SecurityToken
deviceSecurityToken)
这个错误的意思我倒是明白了,就是WSFederationPassiveEndpoint这个没有配置支持我的CRM访问地址。打开名称为【CRM IFD Relying Party】的信赖方信任,切换到它的【Endpoints】这个Tab,会发现这个Tab中的内容是空的,如果正常的话是有值的,值应该是 Https://auth.luoyong.me 。你还会发现这个信赖方信任的【Identifiers】中的三个其中有一个是uri:IfdMicrosoftDynamicsCrm ,这个本来应该是 https://auth.luoyong.me 的。
那我可以修改创建信赖方信任的时候导入的Xml文件吗?尝试了不行。后来我搜索到了答案,MSCRM The next button is disabled on IFD configuration wizard ,具体做法是登录Dynamics 365 Customer Engagement对应的数据库,执行如下SQL(其中一个是查看现状的):
USE MSCRM_CONFIG SELECT a.NVarCharColumn FROM [dbo].[FederationProviderProperties] awhere ColumnName ='ExternalRelyingPartyPassiveIdentifier'update [FederationProviderProperties]set NVarCharColumn ='https://auth.luoyong.me/'where ColumnName ='ExternalRelyingPartyPassiveIdentifier'
然后重启下IIS,关闭部署管理器(Deployment Manager) 重新打开即可,这样IFD就可以配置成功了,截图给大家看下安装完简体中文版本的Dynamics 365 Customer Engagement V9版本的界面。
标签:Customer,Web,Engagement,WSFederation,Internet,IdentityServer,SecurityToken,Micro 来源: https://blog.51cto.com/luoyong/2667047