Fix: CRM Dynamics 365 Claims Relying Party Error
You may receive an error after attempting single sign-on using Active Directory Federation Services (ADFS) to your Microsoft Dynamics 365 CRM application. The error is displayed below.
An error occurred
Authentication attempt failed. Select a different sign in option or close the web browser and sign in again. Contact your administrator for more information.
Activity ID: 879cf8cf-
Relying party: Dynamics 365 Claims Relying Party
User agent string: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; MS-RTC LM 8; .NET CLR 1.1.4322; MS-RTC EA 2; InfoPath.3; wbx 1.0.0; Zoom 3.6.0; rv:11.0) like Gecko
These are possible reasons for the error above.
- Check to see if your certificate was listed as revoked by your Certificate Authority (CA). At times certificates in use by a party are compromised. Once this is communicated to the certification authority, they will declare this certificate as "revoked". The certification authority such as GoDaddy, cannot go to each and every client who uses this certificate to communicate to servers or verify digital signatures. Therefore, the CA will update a central CRL - certificate revocation list published via the internet.
Run the following command in Powershell to disable revocation checks for your encryption certificate.
Set-AdfsRelyingPartyTrust –TARGETNAME “<displaynameOfCRMRelyingParty>” –EncryptionCertificateRevocationCheck “None”
- Verify your ADFS claim rules in ADFS -> Relying Party Trust -> Edit Rules. In addition, check your authentication policies in ADFS -> Authentication policies if form authentication is enabled or not.
You can also check if a certificate for CRM has expired. This link
walks you through how to delete an old Microsoft CRM certificate.