PowerObjects Blog 

for Microsoft Business Applications


Error with CRM 2011 ADFS and Email Router

Post Author: Joe D365 |

We recently started seeing the following error in the server's application event log after we configured ADFS, IFD and update the email router to point to the IFD url.

#26234 - The E-mail Router service could not process a provider work item using assembly: Microsoft.Crm.Tools.EmailProviders.dll and class: Microsoft.Crm.Tools.Email.Providers.SmtpPollingSendEmailProvider. System.NotSupportedException: The authentication endpoint Username was not found on the configured Secure Token Service! at Microsoft.Crm.ServiceProxyCache`1.BuildServiceProxy(Uri serviceUrl, Credential credentials, Uri homeRealmUrl, String passportEnvironment, IServiceConfiguration`1 serviceConfiguration) at Microsoft.Crm.ServiceProxyCache`1.GetNewServiceProxy(Uri serviceUrl, Credential credentials, Uri homeRealmUrl, String passportEnvironment) at Microsoft.Crm.Tools.Email.Providers.Utility.GetOrganizationUrl(Uri discoveryServiceUrl, Credential credentials, String organizationName) at Microsoft.Crm.Tools.Email.Providers.Utility.GetCrmService(Uri discoveryUri, String authMode, String userName, String password) at Microsoft.Crm.Tools.Email.Providers.CrmPollingSendEmailProvider.Run() at Microsoft.Crm.Tools.Email.Agent.ServiceCore.ExecuteProviderWork(Object providerQueueRequestObject)

To resolve the issue we enabled the following endpoint in ADFS 2.0:

Hope this helps someone out there – if you need more assistance please reach out to the MSCRM Experts at PowerObjects

Happy CRM'ing

By Joe D365
Joe D365 is a Microsoft Dynamics 365 superhero who runs on pure Dynamics adrenaline. As the face of PowerObjects, Joe D365’s mission is to reveal innovative ways to use Dynamics 365 and bring the application to more businesses and organizations around the world.

11 comments on “Error with CRM 2011 ADFS and Email Router”

  1. Just what I needed! Thanks you PowerObjects. This seems to be a post-rollup 2 issue (I never had rollup 1 installed, so I guess it was either Rollup 1 or 2 that did this to us).

  2. Good one, saved us today when it began. Very weiry, just started today out of the blue, no new patches. CRM server was hanging on the shutdown due to the huge number of errors being logs and no users could access CRM via Outlook.

    We are on Rollup 2 but have been there for quite a while.

    Thank you for the post!

  3. Well, actually....when I did that it caused problems for all remote Outlook clients, who could no longer connect remotely, even though the web client still worked remotely. Had to turn it back off again, as I found the CRM support said his machine did bnot have that enabled....After several days of messing with this,
    *** FYI: I have concluded that this should NOT be enabled.

    1. I also observed this:

      ** Email-Router stopped working with error messages described above ("The authentication endpoint Username was not found on the configured Secure Token Service! at ...")
      ** I enabled the AD FS 2 Endpoint Username
      ** Email-Router worked again after restarting the email router service
      ** Outlook Integration did not work any more, neither did the Visual Studio CRM Integration.
      ** So I disabled the Endpoint Username again.
      ** Outlook Integration works again, but Email-Router is broken again.

      So is there a known solution which fixes both the Email Router and Outlook integration?


  4. The solution is:

    The email router service must be started AFTER the AD FS 2.0 service.
    So simply stopping and restarting the email router service helped.
    AD FS 2.0 endpoint Username must not be enabeled.


  5. Thanks Nang, we noticed this error too but have not had anywhere to really go with this. As we have both ADFS and Email Router on the same node, it would make sense. We periodically see the email router go bezerk, most of the time after a server restart.

    As ADFS is set for delayed start, the email router is obviously not dependent on ADFS and starts beforehand.

    We will monitor our progress on this and let you know how we go...

  6. Hi - we are now recomending NOT doing this. With the latest update rollup we seem to NOT need the username enabled and it CAN interfere with adfs authentication in the outlook crm client.

  7. Hello. I'm seeing an erro message stating "The Authentication Endpoint Assymetric token was not found on secure token service" error message. This service was working fine a couple weeks ago and then the email router just stop configuring thus allowing a backup of emails in the queue. Any suggestions?

    1. Hi - check that the adfs server properties has the correct url and it starts with https and not http. If this was incorrect, then after fxing, you may need to re-run the crm claims wizard and the crm adfs wizard in deployment manager.

PowerObjects Recommends