Recently our organization upgraded from AD FS 2.0 to AD FS 4.0. After this upgrade our applications that connect to the Organization service using the CRM SDK failed to connect. We originally attributed this to using the depricated CrmConnection class and refactored our code to use the Xrm.Tooling.Connector namespace.
Now, we are getting intermittent successful connections using the CrmServiceClient class. Here is our setup:
Crm 2016 ON PREMISE version 8.0.198
Claims Based authentication enabled
SSL enabled
IFD Disabled
Load Balanced via F5
Usually, we will get 2-3 successful connections followed by a couple minutes worth of failed connections. When it fails, we get the following error messages:
"At least one security token and the message could not be validated" - failed authentication
"An unsecured or incorrectly secured fault was received from the other party"
Here is how we are currently configuring the CrmServiceClient class:
CrmServiceClient connection = new CrmServiceClient(connectionString);
_orgService = connection.OrganizationServiceProxy;
....then standard crud functionality of the orgservice
(more code can be provided upon request)
connection string example:
<add name="xxx" connectionString="AuthType=AD; Domain=xxx; UserName={domain}\xxxxxx; Password=xxxx; Url=https://xxxxxx/{orgname}; useUniqueInstance=true; LoginPrompt=Never; useSsl=true; "/>
Here is what we have tried:
- various changes to the connection string. username with and without the domain, auth type AD and IFD, and specifying a home realm uri
- using the CrmServiceClient overloaded constructors to create the instance without using a connection string
- creating the OrganizationServiceProxy without the CrmServiceClient
- disabling claims based authentication and making sure the federationmetadata xml and certificate were correct, then re-enabling
- many more things im sure
All these give us similar results - some successful connections followed by some unsuccessful connections.
Does anyone have any ideas?