adfs/services/trust/mex Returns 503 on CRM 2013 Windows 2012 IFD – MEX EndPoint Fix

When browsing to your CRM server: /adfs/services/trust/mex  you receive an 503 Error.

In our case this was to “https://sts1.iwebscrm.com/adfs/services/trust/mex” and we received the 503 Error. This became evident as we were testing the importing and upgrading of custom JS scripts from CRM 4.0 and CRM 2011 to use the new SDK in CRM 2013 (also applicable to CRM 2015). When we used fiddler to look at why the test environment failed we noticed a call to the ADFS mex endpoint.

Screenshot 2014 08 29 00 54 30

Looking at the ADFS Logs for the server will show a 102 Error:

There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.

Additional Data
Exception details:
System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808. This could happen if there is another application already listening on this endpoint or if you have multiple service endpoints in your service host with the same IP endpoint but with incompatible binding configurations. —> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
— End of inner exception stack trace —
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
at System.ServiceModel.Channels.ConnectionAcceptor.StartAccepting()
at System.ServiceModel.Channels.ExclusiveTcpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
at System.ServiceModel.Channels.TcpChannelListener`2.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.IdentityServer.ServiceHost.STSService.StartSTSService(ServiceHostManager serviceHostManager, ServiceState serviceState)

The Cause

This is caused because the CRM Sandbox service is using port 808.  As you can read here: http://technet.microsoft.com/en-us/library/hh699823.aspx

The Fix

The fox for this is very easy. We need to use a PowerShell command to set the nettcpport port to 809 for ADFS.

1. Open PowerShell

2. Type: Set-ADFSProperties –nettcpport 809

3. Hit enter

Screenshot 2014 08 29 00 57 21

4. Use the Services to restart ADFS or restart the entire server. 

Now browsing to the URL will give a result looking more like this:

Screenshot 2014 08 29 00 58 16

5 Replies to “adfs/services/trust/mex Returns 503 on CRM 2013 Windows 2012 IFD – MEX EndPoint Fix”

      1. I have only just seen your reply. I have once again used your wonderful guide to move our test dev server to crm 2015. We now have our document management system working in CRM2011-2015 on both IFD and Non-IFD. Thanks again (and email me if you want a demo of what we have done)

Leave a Reply