After installing a new or renewed Token-Signing SSL Certificate on a AD FS 2.0 server users are unable to connect to CRM.
In addition see the following error:
Log Name: Application
Source: ASP.NET 4.0.30319.0
Date: 5/17/2012 3:13:42 PM
Event ID: 1309
Task Category: Web Event
Level: Warning
Keywords: Classic
User: N/A
Computer: yourcrmserver.yourdomain.com
And under the Exception information:
Exception information:
Exception type: SecurityTokenException
Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
FIX:
1) In the CRM Deployment Manager disable the front end server and disable the Claims Based Authentication.
2)Do an IISReset on CRM Web Server
3) In Deployment Manger re-configure Claims- Based Authentication
4) In Deployment Manger re-configure IFD
5) Do an IISRESET again on CRM Web Server
6) Enable the Front End server in Deployment Manager
7) In ADFS management console in ADFS server , update the corresponding Federation Metadata URLs