其他分享
首页 > 其他分享> > Dynamics Customer Engagement V9版本配置面向Internet的部署时候

Dynamics Customer Engagement V9版本配置面向Internet的部署时候

作者:互联网

微软动态CRM专家罗勇 ,回复299或者20190120可方便获取本文,同时可以在第一间得到我发布的最新博文信息,follow me!我的网站是 www.luoyong.me 。

Dynamics 365 Server 版本 9.0 在2018年12月5日已经可以下载了,简体中文版下载网址是:https://www.microsoft.com/zh-CN/download/details.aspx?id=57478

我最近也下载了一个,在配置IFD的过程中发现了一个问题,在【配置面向Internet的部署】时候,输入面向Internet的服务器所在的外部域后,【下一步】按钮不可点击,无论你输入什么值。

咋回事?我也看了AD FS错误日志如下:

Encountered error during federation passive request.

Additional Data

Protocol Name:
wsfed

Relying Party:
https://demo.luoyong.me/

Exception details:
Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> Microsoft.IdentityServer.Service.SecurityTokenService.EmptyOrMissingWSFederationPassiveEndpointException: MSIS5004: The WSFederationPassiveEndpoint address is not configured on the relying party trust identified by the endpoint 'https://demo.luoyong.me/'. It is required to process the current request.
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.ValidateAndUpdateReplyToForSigninMessage(MSISSignInRequestMessage& wsFedSigninRequest, WrappedHttpListenerRequest httpRequest)
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSerializedToken(MSISSignInRequestMessage wsFederationPassiveRequest, WrappedHttpListenerContext context, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
  --- End of inner exception stack trace ---
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.Process(ProtocolContext context)
  at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
  at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Microsoft.IdentityServer.Service.SecurityTokenService.EmptyOrMissingWSFederationPassiveEndpointException: MSIS5004: The WSFederationPassiveEndpoint address is not configured on the relying party trust identified by the endpoint 'https://demo.luoyong.me/'. It is required to process the current request.
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.ValidateAndUpdateReplyToForSigninMessage(MSISSignInRequestMessage& wsFedSigninRequest, WrappedHttpListenerRequest httpRequest)
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSerializedToken(MSISSignInRequestMessage wsFederationPassiveRequest, WrappedHttpListenerContext context, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponseCoreWithSecurityToken(WSFederationSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
  at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.BuildSignInResponse(WSFederationSignInContext federationPassiveContext, SecurityToken securityToken, SecurityToken deviceSecurityToken)

 这个错误的意思我倒是明白了,就是WSFederationPassiveEndpoint这个没有配置支持我的CRM访问地址。打开名称为【CRM IFD Relying Party】的信赖方信任,切换到它的【Endpoints】这个Tab,会发现这个Tab中的内容是空的,如果正常的话是有值的,值应该是 Https://auth.luoyong.me 。你还会发现这个信赖方信任的【Identifiers】中的三个其中有一个是uri:IfdMicrosoftDynamicsCrm ,这个本来应该是 https://auth.luoyong.me 的。

 

那我可以修改创建信赖方信任的时候导入的Xml文件吗?尝试了不行。后来我搜索到了答案,MSCRM The next button is disabled on IFD configuration wizard ,具体做法是登录Dynamics 365 Customer Engagement对应的数据库,执行如下SQL(其中一个是查看现状的):

复制代码

USE MSCRM_CONFIG 
SELECT a.NVarCharColumn  FROM [dbo].[FederationProviderProperties] awhere ColumnName ='ExternalRelyingPartyPassiveIdentifier'update [FederationProviderProperties]set NVarCharColumn ='https://auth.luoyong.me/'where ColumnName ='ExternalRelyingPartyPassiveIdentifier'

复制代码

然后重启下IIS,关闭部署管理器(Deployment Manager) 重新打开即可,这样IFD就可以配置成功了,截图给大家看下安装完简体中文版本的Dynamics 365 Customer Engagement V9版本的界面。

 


标签:Customer,Web,Engagement,WSFederation,Internet,IdentityServer,SecurityToken,Micro
来源: https://blog.51cto.com/luoyong/2667047