Multiple CRM servers, ADFS and the pesky "An error occured"
If you have multiple Dynamics CRM 2011 machines configured to use the same ADFS server, then you will probably run into this error message:
An error occured:
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization’s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.
In the URL you can find more details about the error message, which will lead you to this error message:
A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false.
This has to do with the fact that your first CRM server is providing a cookie to the user which is being reused to authenticate against the second CRM server. This doesn't match, resulting in the error above.
The same scenario exists for a load balancer where you have multiple CRM servers which access the same CRM database. This led me to the blog of Dan Brunn, which describes how to get past this for an NLB environment:
- Open the CRM Deployment Manager - Microsoft Dynamics CRM Properties - Web Address tab - Advanced
- Check the ‘The deployment uses an NLB’
- Run IISRESET
- Re-test
After testing this approach, we found that this also works for the scenario where you have multiple CRM servers behind the same ADFS server.
Forum posts have indicated that not everybody is having the same amount of luck with this approach. I would recommend to follow the ADFS best practises from Chris Cognetta to double check the ADFS settings.