While trying to run the OAuth provider setup in Microsoft Dynamics CRM, to configure among other things the Post-instillation setup to allow connectivity by devices and applications. I was banging my head on a problem following the instructions:
Follow these steps to configure the OAuth provider in Microsoft Dynamics 365.
Log on to the Microsoft Dynamics 365 server as an administrator.
In a Windows PowerShell console window, run the following script.
$ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
$ClaimsSettings.Enabled = $true
Set-CrmSetting -Setting $ClaimsSettings
Get-CrmSetting : The term ‘Get-CrmSetting’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.At line:1 char:19+ $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings+ ~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Get-CrmSetting:String) , CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
Driving me nuts!
Turns out from these instructions found here: https://msdn.microsoft.com/en-us/library/dn531010.aspx
That an additional step is required:
To configure the Dynamics 365 server to enable federated claims, follow these steps.
Log on as administrator on the Dynamics 365 server that hosts the deployment service role and open a Windows PowerShell command window.
Add the Dynamics 365Windows PowerShell snap-in (Microsoft.Crm.PowerShell.dll). More information: TechNet: Administer the deployment using Windows PowerShell
Enter the following Windows PowerShell commands.
Now it works!
A previously working IFD deployment of CRM 2016 (but could be CRM 2015 or CRM 2013). About 1 year after you set the system up, you start receiving: An error has occurred. Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization’s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.
When researching this error, we suspected what it was, and related to an article we covered here: http://www.interactivewebs.com/blog/index.php/crm-2013/microsoft-crm-2013-or-2015-event-id-1309-adfs-ifd-resolution/
However we never found and EVENT ID 1309 or anything close to that in our logs. The closest error we found (and we are not even certain that it was pointing as a result fo this problem) was the error: EVENT ID 415
The SSL certificate does not contain all UPN suffix values that exist in the enterprise. Users with UPN suffix values not represented in the certificate will not be able to Workplace-Join their devices. For more information, see http://go.microsoft.com/fwlink/?LinkId=311954.
This problem arises from a Certificate Rollover that the ADFS server does about 1 month out from your 1 year anniversary. The problem is that the ADFS certificate rolls over, but the CRM configuration does not pickup that new certificate.
o locate your ADFS Certificates, navigate to the ADFS Console. Under “Service”, click on “Certificates”, where you will find a Primary and Secondary certificate. If the current date is close to the date of your Primary certificate “Effective Date”, it’s safe to assume that this is the underlying issue.
To resolve this issue:
1. Navigate to the ADFS Console >> Trust Relationships >> Relying Party Trusts.2. Right click on the trust and select “Update from Federation Metadata…”a. If there are two trusts, do them both. This may be a case where you have one for Internal and External.
3. Open Command Prompt. Be sure to right-click and “Run as Administrator”.a. From within CMD, type “iisreset”.
4. Open “Services” and restart the “ADFS” service.
a. If ADFS does not start, be sure to check the “Windows Internal Database” service and make sure it is started, and then try restarting the ADFS service.
If these initial steps do not resolve your issue for any reason, continue with the following steps below:
5. Navigate to “CRM Deployment Manager”.a. Run “Configure Claims-Based Authentication” wizard, upper right hand corner.b. Click “Next” all the way through the wizard, nothing needs to be changed here.
6. Run “Configure Internet Facing Deployment” wizard.a. Click “Next” all the way through the wizard, nothing needs to be changed here either.
7. Now, perform Steps 1-4 again as outlined above.a. Update Federation Metadatab. IISResetc. Restart ADFS Service
Your users should be able to log-in to Dynamics CRM again. I hope you find this helpful and that it resolved your issue.
For no particular reason you end up with an error message: Outlook Mac Office 365 Sorry, we’re having server problems, so we can’t add Office 365 SharePoint right now. Please try again later”
This starts to ask you for two or three factor authentication on your email accounts that are based on Office 365 product. My issues started December 2016
1. Make sure you have quitted Outlook and other Office apps. Go to KeyChain Access
2. Search “Exchange” under Login –> All Items and delete everything 3. Search “Office” and delete everything 4. Search “ADAL” and delete everything 5. Launch Outlook 6. You will get the activation prompt. If the account is already added, you will see the password prompt for app and ADAL again. Please do 2-Factor Authentication if asked. And then you should be able to login.
Cannot be sure what changed at Microsoft end to cause this, but obviously it is related to certificates.