There are reasons to do the unspeakable, ignore all recommendations and install all components of on-premises CRM deployment on a single machine. Running CRM on my laptop, for example, as I don’t have room for 3 server deployment.

tl;dr

If CRM and AD FS are on the same server, change port used by AD FS.

Boring technical details

Browser works fine but attempt to access organization in code generates “The authentication endpoint Username was not found on the configured Secure Token Service” error.

Our fellow MVP 罗勇 to the rescue:

When installing Microsoft Dynamics CRM on the same server as Windows Server 2012 R2 AD FS (not a recommended scenario), you may need to change the port used by AD FS to a port other than TCP 808. Sandbox Processing Service listens on Port 808, Microsoft Dynamics CRM Asynchronous Service and Web Application Server services communicates with the Sandbox Processing Service on Port 808. A port conflict could also cause issues for Microsoft Dynamics CRM Email Router, Microsoft Dynamics CRM for Outlook, and the Plug-in Registration Tool.

Check your AD FS event log for EventID 102 and the following in Exception details: “System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808.” If this exists, you need to change your AD FS port.

To change the port used by AD FS to another port such as 809, use the following PowerShell command:

Set-ADFSProperties -nettcpport 809 

Restart AD FS Windows service.