none
ADFS 2.0 installed - establishing Federation Trust with Microsoft Federation Gateway fails RRS feed

  • Question

  • ADFS 2.0 is installed on a Windows 2008 R2 server without issue using SQL. Used the fsconfig command to configure.

    While using the Federation Utility for MFG I have been unable to establish a federation trust with MFG. The certificate being used is on the list of approved CAs and meets the certificate requirements per TechNet. The following excerpt is from the FedUtilMFG log file. Any thoughts on why I am unable to establish the trust based on the info in the log file? or there a more detailed resource for troubleshooting this process?

    Response from Live:
    <?xml version="1.0" encoding="utf-8" ?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fm="http://schemas.microsoft.com/Passport/Namespace/FederationManagement" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><s:Header><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="TS"><Created>2010-10-14T20:42:40Z</Created><Expires>2010-10-14T20:47:40Z</Expires></Timestamp><wsa:Action>http://docs.oasis-open.org/wsfed/federation/200706/InitiateFederationResponse</wsa:Action> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value>fm:CannotCreateNamespace</s:Value></s:Subcode></s:Code><s:Reason ><s:Text xml:lang="en">Cannot create a namespace
    </s:Text></s:Reason><s:Detail><psf:error><psf:value>0x80049804</psf:value><psf:internalerror><psf:code>0x8004981d</psf:code><psf:text>Call to Syndication central failed.
     'Reserve Error details=<ErrorCode>1002</ErrorCode><ErrorEnum>InvalidPartnerCert</ErrorEnum><Retryable>False</Retryable><ErrorDescription>Certificate not valid for the specified partner.</ErrorDescription>. Error code = 8004981D' </psf:text></psf:internalerror></psf:error></s:Detail></s:Fault></s:Body></s:Envelope>

     

    Thanks,


    -Scott

    Engage, Incorporated
    Put IT in High Gear – Engage

    An SBA-Certified HUBZone Firm

    Thursday, October 14, 2010 9:26 PM

All replies

  • something is for sure wrong with your cert. Check the data within the cert (subject name and alternate subject name) to see if everything is specified as it should be
     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------------------
    "scott.barr" wrote in message news:1d4f3ab3-bcb7-4fbf-adee-5b8719894039...

    ADFS 2.0 is installed on a Windows 2008 R2 server without issue using SQL. Used the fsconfig command to configure.

    While using the Federation Utility for MFG I have been unable to establish a federation trust with MFG. The certificate being used is on the list of approved CAs and meets the certificate requirements per TechNet. The following excerpt is from the FedUtilMFG log file. Any thoughts on why I am unable to establish the trust based on the info in the log file? or there a more detailed resource for troubleshooting this process?

    Response from Live:
    <?xml version="1.0" encoding="utf-8" ?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fm="http://schemas.microsoft.com/Passport/Namespace/FederationManagement" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><s:Header><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="TS"><Created>2010-10-14T20:42:40Z</Created><Expires>2010-10-14T20:47:40Z</Expires></Timestamp><wsa:Action>http://docs.oasis-open.org/wsfed/federation/200706/InitiateFederationResponse</wsa:Action> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value>fm:CannotCreateNamespace</s:Value></s:Subcode></s:Code><s:Reason ><s:Text xml:lang="en">Cannot create a namespace
    </s:Text></s:Reason><s:Detail><psf:error><psf:value>0x80049804</psf:value><psf:internalerror><psf:code>0x8004981d</psf:code><psf:text>Call to Syndication central failed.
    'Reserve Error details=<ErrorCode>1002</ErrorCode><ErrorEnum>InvalidPartnerCert</ErrorEnum><Retryable>False</Retryable><ErrorDescription>Certificate not valid for the specified partner.</ErrorDescription>. Error code = 8004981D' </psf:text></psf:internalerror></psf:error></s:Detail></s:Fault></s:Body></s:Envelope>

     

    Thanks,


    -Scott

    Engage, Incorporated
    Put IT in High Gear – Engage

    An SBA-Certified HUBZone Firm


    Jorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)
    Monday, November 1, 2010 10:19 AM
    Moderator
  • something is for sure wrong with your cert. Check the data within the cert (subject name and alternate subject name) to see if everything is specified as it should be
     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------------------
    "scott.barr" wrote in message news:1d4f3ab3-bcb7-4fbf-adee-5b8719894039...

    ADFS 2.0 is installed on a Windows 2008 R2 server without issue using SQL. Used the fsconfig command to configure.

    While using the Federation Utility for MFG I have been unable to establish a federation trust with MFG. The certificate being used is on the list of approved CAs and meets the certificate requirements per TechNet. The following excerpt is from the FedUtilMFG log file. Any thoughts on why I am unable to establish the trust based on the info in the log file? or there a more detailed resource for troubleshooting this process?

    Response from Live:
    <?xml version="1.0" encoding="utf-8" ?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fm="http://schemas.microsoft.com/Passport/Namespace/FederationManagement" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><s:Header><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="TS"><Created>2010-10-14T20:42:40Z</Created><Expires>2010-10-14T20:47:40Z</Expires></Timestamp><wsa:Action>http://docs.oasis-open.org/wsfed/federation/200706/InitiateFederationResponse</wsa:Action> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value>fm:CannotCreateNamespace</s:Value></s:Subcode></s:Code><s:Reason ><s:Text xml:lang="en">Cannot create a namespace
    </s:Text></s:Reason><s:Detail><psf:error><psf:value>0x80049804</psf:value><psf:internalerror><psf:code>0x8004981d</psf:code><psf:text>Call to Syndication central failed.
    'Reserve Error details=<ErrorCode>1002</ErrorCode><ErrorEnum>InvalidPartnerCert</ErrorEnum><Retryable>False</Retryable><ErrorDescription>Certificate not valid for the specified partner.</ErrorDescription>. Error code = 8004981D' </psf:text></psf:internalerror></psf:error></s:Detail></s:Fault></s:Body></s:Envelope>

     

    Thanks,


    -Scott

    Engage, Incorporated
    Put IT in High Gear – Engage

    An SBA-Certified HUBZone Firm


    Jorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)
    Monday, November 1, 2010 10:35 AM
    Moderator
  • something is for sure wrong with your cert. Check the data within the cert (subject name and alternate subject name) to see if everything is specified as it should be
     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------------------
    "scott.barr" wrote in message news:1d4f3ab3-bcb7-4fbf-adee-5b8719894039...

    ADFS 2.0 is installed on a Windows 2008 R2 server without issue using SQL. Used the fsconfig command to configure.

    While using the Federation Utility for MFG I have been unable to establish a federation trust with MFG. The certificate being used is on the list of approved CAs and meets the certificate requirements per TechNet. The following excerpt is from the FedUtilMFG log file. Any thoughts on why I am unable to establish the trust based on the info in the log file? or there a more detailed resource for troubleshooting this process?

    Response from Live:
    <?xml version="1.0" encoding="utf-8" ?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fm="http://schemas.microsoft.com/Passport/Namespace/FederationManagement" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><s:Header><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="TS"><Created>2010-10-14T20:42:40Z</Created><Expires>2010-10-14T20:47:40Z</Expires></Timestamp><wsa:Action>http://docs.oasis-open.org/wsfed/federation/200706/InitiateFederationResponse</wsa:Action> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value>fm:CannotCreateNamespace</s:Value></s:Subcode></s:Code><s:Reason ><s:Text xml:lang="en">Cannot create a namespace
    </s:Text></s:Reason><s:Detail><psf:error><psf:value>0x80049804</psf:value><psf:internalerror><psf:code>0x8004981d</psf:code><psf:text>Call to Syndication central failed.
    'Reserve Error details=<ErrorCode>1002</ErrorCode><ErrorEnum>InvalidPartnerCert</ErrorEnum><Retryable>False</Retryable><ErrorDescription>Certificate not valid for the specified partner.</ErrorDescription>. Error code = 8004981D' </psf:text></psf:internalerror></psf:error></s:Detail></s:Fault></s:Body></s:Envelope>

     

    Thanks,


    -Scott

    Engage, Incorporated
    Put IT in High Gear – Engage

    An SBA-Certified HUBZone Firm


    Jorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)
    Monday, November 1, 2010 11:29 AM
    Moderator
  • something is for sure wrong with your cert. Check the data within the cert (subject name and alternate subject name) to see if everything is specified as it should be
     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------------------
    "scott.barr" wrote in message news:1d4f3ab3-bcb7-4fbf-adee-5b8719894039...

    ADFS 2.0 is installed on a Windows 2008 R2 server without issue using SQL. Used the fsconfig command to configure.

    While using the Federation Utility for MFG I have been unable to establish a federation trust with MFG. The certificate being used is on the list of approved CAs and meets the certificate requirements per TechNet. The following excerpt is from the FedUtilMFG log file. Any thoughts on why I am unable to establish the trust based on the info in the log file? or there a more detailed resource for troubleshooting this process?

    Response from Live:
    <?xml version="1.0" encoding="utf-8" ?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fm="http://schemas.microsoft.com/Passport/Namespace/FederationManagement" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><s:Header><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="TS"><Created>2010-10-14T20:42:40Z</Created><Expires>2010-10-14T20:47:40Z</Expires></Timestamp><wsa:Action>http://docs.oasis-open.org/wsfed/federation/200706/InitiateFederationResponse</wsa:Action> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value>fm:CannotCreateNamespace</s:Value></s:Subcode></s:Code><s:Reason ><s:Text xml:lang="en">Cannot create a namespace
    </s:Text></s:Reason><s:Detail><psf:error><psf:value>0x80049804</psf:value><psf:internalerror><psf:code>0x8004981d</psf:code><psf:text>Call to Syndication central failed.
    'Reserve Error details=<ErrorCode>1002</ErrorCode><ErrorEnum>InvalidPartnerCert</ErrorEnum><Retryable>False</Retryable><ErrorDescription>Certificate not valid for the specified partner.</ErrorDescription>. Error code = 8004981D' </psf:text></psf:internalerror></psf:error></s:Detail></s:Fault></s:Body></s:Envelope>

     

    Thanks,


    -Scott

    Engage, Incorporated
    Put IT in High Gear – Engage

    An SBA-Certified HUBZone Firm


    Jorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)
    Monday, November 1, 2010 11:50 AM
    Moderator
  • something is for sure wrong with your cert. Check the data within the cert (subject name and alternate subject name) to see if everything is specified as it should be
     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------------------
    "scott.barr" wrote in message news:1d4f3ab3-bcb7-4fbf-adee-5b8719894039...

    ADFS 2.0 is installed on a Windows 2008 R2 server without issue using SQL. Used the fsconfig command to configure.

    While using the Federation Utility for MFG I have been unable to establish a federation trust with MFG. The certificate being used is on the list of approved CAs and meets the certificate requirements per TechNet. The following excerpt is from the FedUtilMFG log file. Any thoughts on why I am unable to establish the trust based on the info in the log file? or there a more detailed resource for troubleshooting this process?

    Response from Live:
    <?xml version="1.0" encoding="utf-8" ?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fm="http://schemas.microsoft.com/Passport/Namespace/FederationManagement" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><s:Header><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="TS"><Created>2010-10-14T20:42:40Z</Created><Expires>2010-10-14T20:47:40Z</Expires></Timestamp><wsa:Action>http://docs.oasis-open.org/wsfed/federation/200706/InitiateFederationResponse</wsa:Action> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value>fm:CannotCreateNamespace</s:Value></s:Subcode></s:Code><s:Reason ><s:Text xml:lang="en">Cannot create a namespace
    </s:Text></s:Reason><s:Detail><psf:error><psf:value>0x80049804</psf:value><psf:internalerror><psf:code>0x8004981d</psf:code><psf:text>Call to Syndication central failed.
    'Reserve Error details=<ErrorCode>1002</ErrorCode><ErrorEnum>InvalidPartnerCert</ErrorEnum><Retryable>False</Retryable><ErrorDescription>Certificate not valid for the specified partner.</ErrorDescription>. Error code = 8004981D' </psf:text></psf:internalerror></psf:error></s:Detail></s:Fault></s:Body></s:Envelope>

     

    Thanks,


    -Scott

    Engage, Incorporated
    Put IT in High Gear – Engage

    An SBA-Certified HUBZone Firm


    Jorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)
    Monday, November 1, 2010 6:32 PM
    Moderator
  • something is for sure wrong with your cert. Check the data within the cert (subject name and alternate subject name) to see if everything is specified as it should be
     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------------------
    "scott.barr" wrote in message news:1d4f3ab3-bcb7-4fbf-adee-5b8719894039...

    ADFS 2.0 is installed on a Windows 2008 R2 server without issue using SQL. Used the fsconfig command to configure.

    While using the Federation Utility for MFG I have been unable to establish a federation trust with MFG. The certificate being used is on the list of approved CAs and meets the certificate requirements per TechNet. The following excerpt is from the FedUtilMFG log file. Any thoughts on why I am unable to establish the trust based on the info in the log file? or there a more detailed resource for troubleshooting this process?

    Response from Live:
    <?xml version="1.0" encoding="utf-8" ?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fm="http://schemas.microsoft.com/Passport/Namespace/FederationManagement" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><s:Header><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="TS"><Created>2010-10-14T20:42:40Z</Created><Expires>2010-10-14T20:47:40Z</Expires></Timestamp><wsa:Action>http://docs.oasis-open.org/wsfed/federation/200706/InitiateFederationResponse</wsa:Action> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value>fm:CannotCreateNamespace</s:Value></s:Subcode></s:Code><s:Reason ><s:Text xml:lang="en">Cannot create a namespace
    </s:Text></s:Reason><s:Detail><psf:error><psf:value>0x80049804</psf:value><psf:internalerror><psf:code>0x8004981d</psf:code><psf:text>Call to Syndication central failed.
    'Reserve Error details=<ErrorCode>1002</ErrorCode><ErrorEnum>InvalidPartnerCert</ErrorEnum><Retryable>False</Retryable><ErrorDescription>Certificate not valid for the specified partner.</ErrorDescription>. Error code = 8004981D' </psf:text></psf:internalerror></psf:error></s:Detail></s:Fault></s:Body></s:Envelope>

     

    Thanks,


    -Scott

    Engage, Incorporated
    Put IT in High Gear – Engage

    An SBA-Certified HUBZone Firm


    Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)
    Monday, November 1, 2010 6:39 PM
    Moderator
  • something is for sure wrong with your cert. Check the data within the cert (subject name and alternate subject name) to see if everything is specified as it should be
     

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------------------
    "scott.barr" wrote in message news:1d4f3ab3-bcb7-4fbf-adee-5b8719894039...

    ADFS 2.0 is installed on a Windows 2008 R2 server without issue using SQL. Used the fsconfig command to configure.

    While using the Federation Utility for MFG I have been unable to establish a federation trust with MFG. The certificate being used is on the list of approved CAs and meets the certificate requirements per TechNet. The following excerpt is from the FedUtilMFG log file. Any thoughts on why I am unable to establish the trust based on the info in the log file? or there a more detailed resource for troubleshooting this process?

    Response from Live:
    <?xml version="1.0" encoding="utf-8" ?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:fm="http://schemas.microsoft.com/Passport/Namespace/FederationManagement" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><s:Header><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="TS"><Created>2010-10-14T20:42:40Z</Created><Expires>2010-10-14T20:47:40Z</Expires></Timestamp><wsa:Action>http://docs.oasis-open.org/wsfed/federation/200706/InitiateFederationResponse</wsa:Action> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Receiver</s:Value><s:Subcode><s:Value>fm:CannotCreateNamespace</s:Value></s:Subcode></s:Code><s:Reason ><s:Text xml:lang="en">Cannot create a namespace
    </s:Text></s:Reason><s:Detail><psf:error><psf:value>0x80049804</psf:value><psf:internalerror><psf:code>0x8004981d</psf:code><psf:text>Call to Syndication central failed.
    'Reserve Error details=<ErrorCode>1002</ErrorCode><ErrorEnum>InvalidPartnerCert</ErrorEnum><Retryable>False</Retryable><ErrorDescription>Certificate not valid for the specified partner.</ErrorDescription>. Error code = 8004981D' </psf:text></psf:internalerror></psf:error></s:Detail></s:Fault></s:Body></s:Envelope>

     

    Thanks,


    -Scott

    Engage, Incorporated
    Put IT in High Gear – Engage

    An SBA-Certified HUBZone Firm


    Jorge de Almeida Pinto [MVP-DS] (http://blogs.dirteam.com/blogs/jorge/default.aspx)
    Monday, November 1, 2010 6:56 PM
    Moderator
  • Jorge:

    The cert is valid as stated as it is being used for CRM 2011 Beta IFD without issue. If there is something specific required then that is not obvious to me.

    Thanks!

    Monday, November 1, 2010 7:11 PM
  • Hi ,

    I see error 1002 , invalid partner cert which explains that certificate you have installed is not valid for specific partner.

    Tuesday, December 14, 2010 6:00 AM