Microsoft Dynamics CRM 2011 Online with Office 365 – Plug-In Registration and Scribe Adapter – an unsecured or incorrectly secured fault was received – Solved

By - September 26, 2012

Microsoft is now moving the 30 day trial versions of Microsoft Dynamics CRM 2011 Online to its Office 365 platform.  This really means that all new instances of Dynamics CRM 2011 online will be done this way.  It’s actually pretty cool considering many customers are now moving to SharePoint 365 and using the built in integration with Dynamics CRM 2011 (online or on premise).

The main benefits of moving Dynamics CRM 2011 Online to Office 365 are this:

  • You can use the same user ids between Office 365 and Dynamics CRM Online.  The old Dynamics CRM online did not support using the same ids between SharePoint Online and Dynamics CRM Online.  SharePoint online is $4/month/user and blows away google docs.
  • You have a central administration tool for all of your Online administration and business (e.g. licenses, billing, user setups).
  • Users no longer have to go and setup their own live.com accounts.
  • You can use ADFS to provide SSO (single sign on) between your cloud business applications and your internal Active Directory.  This avoids users from having to remember additional passwords and provides IT administrators the capability to centrally administer authentication.  I have some great links for this that are impossible to find, but beyond the scope of this article.  If you are interested, leave a comment or contact us and I’ll shoot you the links that I received directly from Microsoft’s Partner Technical Advisory Services that I took advantage of being a Microsoft Gold Partner for Microsoft Dynamics CRM.  We needed to implement this for a client in Denver that wanted to do this right after this capability was announced jointly by the Dynamics CRM and Online teams.   This is becoming very popular because it really gives you the best of both worlds (AD and cloud technology).

However, the Dynamics CRM authentication for Office 365 is different than the traditional Dynamics CRM online and you need to understand the differences because it will cause you pain the first time your .NET code tries to call the new discovery service, or the first time you use the plug-in registration tool or the first time you try to connect using Scribe in this new environment.

Hopefully, I solve this pain for you below.

I’ve researched problems with connecting to Dynamics CRM Online using Office 365 using all of these methods and never could quite get the correct answers, but ended up figuring it out.  I think the issue with a surprising lack of articles or ones that are not comprehensive is that Dynamics CRM online in Office 365 is relatively new and so the articles are just not out there yet, which is why I had to get this one posted.  I hope to give you all the answers combined into this one post, to help you avoid having to go multiple places for whatever THE answer is for you.  If you have other solutions, please post a comment with your solution, so that we are able to provide an even more comprehensive post.

First, as I reference in the title of this article, here is the specific error:

Unhandled Exception: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.

Server stack trace:

at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)

at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message)

at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)

at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateLiveIdInternal(ClientCredentials clientCredentials, SecurityTokenResponse deviceToken, String keyType)

at Microsoft.Xrm.Sdk.Client.ServiceConfiguration`1.AuthenticateDevice(ClientCredentials clientCredentials)

at PluginRegistrationTool.AutoRefreshSecurityToken`2.AuthenticateDevice() in C:billfilesCRM2011_SDKsdktoolspluginregistrationAutoRefreshSecurityToken.cs:line 88

at PluginRegistrationTool.ManagedTokenDiscoveryServiceProxy.AuthenticateDeviceCore() in C:billfilesCRM2011_SDKsdktoolspluginregistrationToolServiceProxies.cs:line 41

at Microsoft.Xrm.Sdk.Client.ServiceProxy`1.AuthenticateCore()

at PluginRegistrationTool.ManagedTokenDiscoveryServiceProxy.AuthenticateCore() in C:billfilesCRM2011_SDKsdktoolspluginregistrationToolServiceProxies.cs:line 47

at Microsoft.Xrm.Sdk.Client.ServiceProxy`1.ValidateAuthentication()

at PluginRegistrationTool.ManagedTokenDiscoveryServiceProxy.ValidateAuthentication() in C:billfilesCRM2011_SDKsdktoolspluginregistrationToolServiceProxies.cs:line 53

at Microsoft.Xrm.Sdk.Client.ServiceContextInitializer`1.Initialize(ServiceProxy`1 proxy)

at Microsoft.Xrm.Sdk.Client.DiscoveryServiceProxy.Execute(DiscoveryRequest request)

at PluginRegistrationTool.CrmConnection.RetrieveOrganizations() in C:billfilesCRM2011_SDKsdktoolspluginregistrationCrmConnection.cs:line 315

at PluginRegistrationTool.ConnectionsForm.OpenConnection(CrmConnection con) in C:billfilesCRM2011_SDKsdktoolspluginregistrationConnectionsForm.cs:line 940

Inner Exception: System.ServiceModel.FaultException: Authentication Failure

 

In order to solve this problem (no matter what tool you are using), below are potential solutions:

Go to C:Users{windows user id}LiveDeviceID on the machine where you are trying to make the connection and delete or rename the LiveDevice.xml file.  This will probably not solve your problem, but I saw multiple posts on this, so thought I would include it in case it does solve your particular issue, plus there is no harm because the file will get recreated.

Next, make sure you are using the correct discovery URL because it’s different forDynamics CRM 2011 Online in Office 365.  This will solve a lot of problems (besides the specific error this article references) if you’re coding or if you’re already using the latest Scribe adapter and plug in registration tool, more on that to follow.  To (always) make sure you are using the right discovery URL, go to your respective Dynamics CRM online for Office 365 and then, Settings>>Customizations>>Developer Tools>>Make note of your Discovery Service URL.

If you’ve used Dynamics CRM online authentication in the past, you’re probably used to going to https://dev.crm.dynamics.com/xrmservices/2011/discovery.svc  or https://{organizationname}.crm.dynamics.com.

This has all changed with Dynamics CRM online in Office 365.  The basic rule of thumb is to always go to your specific developer resources to find the discovery (and other) web service endpoints.  You’ll now find that the address for Dynamics CRM online using Office 365 is now https://disco.crm.dynamics.com for North American Dynamics CRM online instances.

You can find all regions in the Microsoft Online Discovery URLs, but again, go to your specific developer resources in Settings.

Finally, the way I ultimately solved the error above with all 3 methods for connecting to Dynamics CRM Online for Office 365  (connecting using Scribe, the Plug-In Registration tool and custom code) are:

  1. For Scribe, upgrade to the latest Dynamics CRM Adapter for Scribe (Scribe 7.5.2 and CRM adapter 5.2.1).  For those of you who have forgotten (like I did) how to install/upgrade the adapters in Scribe.  First go to the Scribe Downloads page and upgrade your server to version 7.5.2.  Then, launch the install program again, and upgrade your adapter(s) to the latest version.  The main thing to remember is that the adapter installs/upgrades are an option in the installation wizard, not a separate download/install.  You will need to stop all Scribe Services.   Also, remember to right click on the Scribe Update service in the system tray and click Exit (yet another article you would have to research, which I’m including at no extra charge).  After you’ve done this, you should not run into the dreaded “an secured or incorrectly secured fault….” Message any longer.  Also, make sure you are using a .onmicrosoft.com e-mail address for your logon.  Also, make sure you use the unique organization name (also in the developer resources under settings>>customizations) and not the friendly name (displayed in the top right hand corner of the main crm window).  The friendly name is used for IFD and on premise Dynamics CRM 2011 deployments.  Dynamics CRM 4, used the unique org name.  This is very confusing, but hopefully clarified in one spot in this article.  Also, when you put in the Server URL, do not put in the “/xrmservices/2011/discovery.svc”), this gets appended automatically.  I noticed that the latest Scribe CRM adapter help file (.chm) does not have the new information regarding what URL to use.  Another bonus provided to you (updated Scribe CRM adapter connection information, not yet available from Scribe), just for reading this article.
  2. If you are running into this error using the Plug-In Registration Tool, it’s because you are using an older version of the tool.  Make sure to use the one in the latest version of the CRM 2011 SDK Version 5.0.12.  If you are using an older version, the Dynamics CRM 2011 Online for Office 365 is not supported.
  3. If you are running into this issue with your custom code, you need to make some changes about how you connect to Dynamics CRM online with Office 365.  If you want insight on how to write your c# code to connect to Dynamics CRM online in Office 365, crack open the code for the latest version of the Plug-In Registration and you’ll see how they are now supporting this.  Why you cannot find help on this out there is a complete mystery to me.  This is also outside the scope of this article, but let me know if you want help with this.

Seriously, this article encompasses hours of research, work and several posts you would come across regarding this issue and you still may not have solved your problem.  Hopefully, you came across this post very early in your research.  If you did, please leave a comment and let me know it saved you some time and solved your problem…. or not and I’ll respond with other potential fixes depending on your issue.

By: Bill Caldwell – Colorado Microsoft Dynamics CRM Partner

Follow Bill on Google+

Receive Posts by Email

Subscribe and receive notifications of new posts by email.