Источник:
http://www.furnemont.eu/2012/01/crm-...dfs-error-317/
==============
While deploying a new CRM 2011 environment at a client site, I got errors with my ADFS setup:
- We used a wildcard certificate for all servers (on the same domain), purchased from RapidSSL
- ADFS is on a separate server
- CRM 2011 is on its own server
- DNS internal entries were made and could resolve correctly to both servers
The problem occurred right after enabling claims in CRM 2011 Deployment Manager: the internal CRM address specified in the deployment manager could not be resolved and a couple of 317 & 364 errors were logged on the ADFS server.
I tried creating SPNs for both servers, remove and import the certificates again on both server, recreate the relying party for CRM, etc. but with no correct results.
Since the SSL certificates were created with lowercase characters for the domain, I changed the CRM web addresses to lowercase as well, which made the ADFS authentication form appear!
But I could still not get passed the 317 error after logging in with valid credentials…
Then I found
this post were a PowerShell command was shown:
Add-PSSnapin Microsoft.Adfs.PowerShell
Set-ADFSRelyingPartyTrust -TargetName RPNameInADFS -EncryptionCertificateRevocationCheck None
Reset IIS on the ADFS server and voilà, it worked for me!
Источник:
http://www.furnemont.eu/2012/01/crm-...dfs-error-317/