We receive HTTP errors while accessing the CRM FederationMetadata URL

After enabling claims for CRM 2011 through Microsoft Dynamics CRM 2011 Deployment Manager, you get the CRM FederationMetadata URL. But, when you try to browse the URL: https://..com/FederationMetadata/2007-06/FederationMetadata.xml , you receive one of the following errors:

HTTP 503 Service Unavailable error.

OR

HTTP 404 Not Found error

This is because the IIS URL Rewrite module is not rewriting the URL correctly. CRM creates rules within the rewrite module, one of these rules is to load the handlers/FederationMetadata.ashx when FederationMetadata/2007-06/FederationMetadata.xml is requested.

We can address this issue, by doing:

  1. Check if the URL Re-write module is available in IIS on the CRM website and has the rule that rewrites the URL to handlers/FederationMetadata.ashx when FederationMetadata/2007-06/FederationMetadata.xml is requested.

  2. If the re-writing rule is present then URL Re-write is corrupt and we need to re-install it.

    Steps to uninstall/ re-install URL Re-write:

    a. Navigate to Add/Remove programs
    b. Identify Microsoft URL Rewrite Module and uninstall it
    c. To re-install the module locate rewrite_1.1_amd64_rtw file in the CRM 2011 Server installation folder “UrlRewriteModule

    NOTE: You may have to reboot the CRM server; however, not mandatory.

  3. If re-installing URL Re-write does not resolve the issue then this could be due to Reserved URL namespaces. To check if there are any errors run the following command on the CRM server.

a. Using command prompt run the following Command:

NETSH HTTP SHOW URLACL

b. The above should show us all the reserved namespaces.
c. If any return with an error as shown below, then follow to step d:

Reserved URL : https://+:444/adfs/services/
Can't lookup sid, Error: 1332
SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243- 975697593)

d. Run the similar commands to delete reserved namespaces with errors:

netsh http delete urlacl url=https://+:444/adfs/services/

NOTE: The URL’s in step d must be changed according to what we receive in step c.

e. Reset IIS on the CRM server
f. Configure CLAIMS again using Deployment Manager on CRM 2011
g. Now try accessing the FederationMetadata.xml URL: https://..com/FederationMetadata/2007-06/FederationMetadata.xml