You can get around the CRM 2016 SP1 On-Premise integration to SharePoint 2013 On-Premise by following the instructions below:

    1. On the CRM Server with the CRM Deployment Manager – Open up the CRM Deployment Manager
      1. Deactivate Claims Authentication
      2. Go to Dynamic CRM Properties > Web Address > Change https to http
    2. On the CRM App Server Go into IIS
      • Remove the https binding from the CRM website
      • Perform an IISReset
    3. Verify CRM is still accessible via http instead of https internally.
    4. Log into the SharePoint server and re-try running the following commands making sure you’re replacing the highlighted text with your specific environments information.

$c = Get-SPSecurityTokenServiceConfig
$c.AllowMetadataOverHttp = $true
$c.AllowOAuthOverHttp= $true
$i = New-SPTrustedSecurityTokenIssuer –Name “crm” –IsTrustBroker:$false –MetadataEndpoint “http:your.crm.com/XRMServices/2015/MetadataEndpoint.svc/json/?orgName=YourCrmOrg
$CrmRealmId = “YourCRMRealmID
$Identifier  = “00000007-0000-0000-c000-000000000000@” + $CrmRealmId
$site = Get-SPSite “https://your.sharepoint.site/sites/crmsp
Register-SPAppPrincipal -site $site.RootWeb -NameIdentifier $Identifier -DisplayName “crm”


$app = Get-SPAppPrincipal -NameIdentifier $Identifier -Site $site.Rootweb
Set-SPAppPrincipalPermission -AppPrincipal $app -Site $site.Rootweb -Scope “sitecollection” -Right “FullControl” -EnableAppOnlyPolicy
#”Set up claims-based authentication mapping”
New-SPClaimTypeMapping -IncomingClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress” -IncomingClaimTypeDisplayName “EmailAddress” -SameAsIncoming

  1. Once all the commands have run successfully you can restore the https binding on the CRM site, the http to https web address property and re-enable claims and IFD.
  2. You can now log into your IFD/Claims CRM organization and enable your SharePoint 2013 integration.

Original Post Below

If you find yourself wanting to integrate your Microsoft Dynamics CRM 2016 with SP1 on premise deployment to SharePoint 2013 on premise you will most likely encounter a problem.

Problem Integrating Microsoft Dynamics CRM 2016 On-Premise with SharePoint 2013 On-Premise

First – here’s the bad news.  You have to uninstall Microsoft Dynamics CRM. Uninstalling Service Pack 1 apparently leaves your deployment very unstable.  Once you re-install Microsoft Dynamics CRM 2016 you can integrate with SharePoint 2013.  This is not a viable solution for production, please only do this in dev!

However the following were some issues we ran into:

We found an error trying to access the MetadataEndpoint (on port 80) which is required  to setup the SPTrustedSecurityTokenIssuer.  In the SharePoint 2013 Management Shell running the following command:

$i = New-SPTrustedSecurityTokenIssuer -Name “crmdev” -IsTrustBroker:$false =MetadataEndpoint “http://xxx/XRMServices/2015/MetadataEndpoint.svc/json/?orgName=xxx

The command displays the following error:

PS C:\Users\spinstall> $i = New-SPTrustedSecurityTokenIssuer -Name “crmdev” -IsTrustBroker:$false -MetadataEndpoint “http:///XRMServices/2015/MetadataEndpoint.svc/json/?orgName=<http://%3cORGURL%3e/XRMServices/2015/MetadataEndpoint.svc/json/?orgName=%3cORGNAME%3e>”

Are you sure you want to perform this action?
Performing the operation “New-SPTrustedSecurityTokenIssuer” on target
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help(default is “Y”):y
New-SPTrustedSecurityTokenIssuer : The remote server returned an error: (404) Not Found.
At line:1 char:6
+ $i = New-SPTrustedSecurityTokenIssuer -Name “crmdev” -IsTrustBroker:$false
-Meta …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidData: (Microsoft.Share…rityTokenIssuer:
SPCmdletNewTrustedSecurityTokenIssuer) [New-SPTrustedSecurityTokenIssuer],   WebException    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewTrustedSecurityTokenIssuer

You can get around this by installing Fiddler, going into ‘Tools’ > ‘Telerik Fiddler Options’ > HTTPS tab > checking ‘Decrypt HTTPS traffic’ and then checking ‘Ignore server certificate errors (unsafe) option.

Solution to Integration Error with Microsoft Dynamics CRM 2016 on-premise and SharePoint 2013 On-Premise

You can then run the command below successfully (Make sure your CRM website in IIS has the port 80 binding, if not, re-add it!):
$i = New-SPTrustedSecurityTokenIssuer -Name “crmdev” -IsTrustBroker:$false =MetadataEndpoint “http://xxx/XRMServices/2015/MetadataEndpoint.svc/json/?orgName=xxx

Once this command completed successfully we were able to breeze through the rest of the setup following instructions from TechNet.

Until coming to the point of Enabling server-based SharePoint Integration Wizard inside of CRM.

After running the wizard entering in our SharePoint site (SAML was successful) entering the SharePoint RealmID and hitting Validate kept giving me the following error:

<exception>The remote server returned an error: (401) Unauthorized.</exception>

Digging through the logs and Googlesphere we came to the following blog: CRM 2016 On Premise claim based enabled & SharePoint 2013 On Premise with server-based authentication integration – 401 error which referenced our error but for a different issue.

The blog mentions a hidden field on the CRM User form (SharePointEmailAddress).

We went ahead and added this field to the CRM User form – populated this field with my users email address(which is the same email address for the SharePoint user doing the setup).  Retried the validation and……….


Voilà! CRM 2016 on premise to Sharepoint 2013 on premise works.  We now are able to create SharePoint files/folders with in CRM.

We were also able to re-install SP1.

Will it patch?

Is it likely that Microsoft will have a patch for this issue in the next few weeks? Probably. Until then feel free to use our fix for the issue or contact us for help!