At a customer we recently had the situation, that we have deployed two separate Dynamics CRM 2011 Deployments called A and B. Both of them are configured as Internet Facing Deployments (IFD).
For authentication we have installed a single ADFS server in the customer environment. This server is used by both deployments.
If we access CRM A and authenticate at ADFS everything is fine. The user is redirected to CRM A afterwards and is able to work. If CRM B is accessed afterwards an error is displayed:
An error occured:
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization’s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.
You know, the standard error bla bla…
The trace contains following error:
Exception type: CryptographicException
Exception message: Key not valid for use in specified state.
In order to access CRM B, the user has to logoff and logon again at CRM B.
What we have tried to solve this issue
- Configuring cookie encryption on all three machines -> didn’t help
- We found following thread: http://social.microsoft.com/Forums/en-IN/crmdeployment/thread/a55f8e9b-eb56-402d-a77b-a6725b530b50 and tried to use the NLB approach, as the thread states this changes the cookie encryption -> didn’t help
Finally we opened a support case with the CRM support. After the ticket was escalated we got the information that this scenario is not possible at the moment. The reason is a design limitation of Dynamics CRM. At the moment it looks like this would result in a change in the next major version of Dynamics CRM.
You have two workarounds for this issue:
- Logging off from one system before accessing the other
- Use an InPrivate session for accessing the second system