Security Token Errors in WCF Services

Have you received error messages from the WCF services that you are trying to integrate to and from, similar to the following, "An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail"?  if so, these steps can possibly help you to avoid having these records go into the retry queue.  It should be noted that normally these errors are corrected on the first retry but the following steps can help you to reduce the number of retries in the system.  You will want to take these steps on each IIS server hosting WCF services (Microsoft Dynamics CRM or Microsoft Dynamics AX services) in your deployment that Connector for Microsoft Dynamcis is interacting with.

These steps are taken from: support.microsoft.com/kb/2003564

MaxUserPort and TcpTimedWaitDelay Steps:

To create this entry, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click the following registry subkey:  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

3. Right click Parameters, point to New, click DWORD Value,  and then type MaxUserPort.

4. Right click MaxUserPort, click Modify, and then type 65534  for Value data, and set the radio button next to Decimal.

Note: This value controls the number of dynamic ports that are  available. The valid range for this value is 5,000-65,534. Specifically, this  parameter controls the maximum port number that is used when a program  requests any available user port from the system.

5. Locate the following registry subkey:  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

6. Right click Parameters, point to New, click DWORD Value,  and then type TCPTimedWaitDelay.

7. Right click TCPTimedWaitDelay, click Modify, type 30  for the Value data, and set the radio button next to Decimal.

Note: This parameter determines the length of time that a  connection stays in the TIME_WAIT state when it is closed. When a connection  is in the TIME_WAIT state, the socket pair cannot be re-used. This is also  known as the "2MSL" state. Typically, this value is two times the  maximum segment life time on the network.

8. Exit Registry Editor.

9. Restart the IIS Service (IISRESET).

*Note: These are also found in the CRM Perf White Paper

Comments

  • Anonymous
    January 09, 2013
    The comment has been removed
  • Anonymous
    January 09, 2013
    @Jason - Do these exception get fixed on their retries?