Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Microsoft Dynamics CRM on-premises may prompt users for credentials


View products that this article applies to.

Symptom

While using Microsoft Dynamics CRM on-premises users may be prompted for authentication credentials once every 24 hours. This can happen for both users of the web client along with users of the Microsoft Dynamics CRM Outlook client.

This will only happen for deployments that have claims authentication enabled.

↑ Back to the top


Cause

One possible cause for this issue is that the claims setting SessionSecurityTokenLifetimeInHours is set to a value of 24 hours. This is the default value.

↑ Back to the top


Resolution

The claims setting SessionSecurityTokenLifetimeInHours will need to be updated to something other than 24. In this particular instance, it was set to one week.

1. On the Dynamics server with the CRM discovery role installed, open a PowerShell command window.
2. Run the following commands from the window.

$Settings = Get-CrmSetting -SettingType ClaimsSettings -DwsServerUrl https://CrmDiscoverServer.domain.com -Credential $creds
$Setting.SessionSecurityTokenLifetimeInHours = '168'
Set-CrmSetting -DwsServerUrl https://CrmDiscoverServer.domain.com -Credential $creds $setting

3. Once done, verify that the lifetime value is now 168 by running the below command.

Get-CrmSetting -SettingType ClaimsSettings -DwsServerUrl https://CrmDiscoverServer.domain.com -Credential $creds

4. Next, restart IIS on the frontend servers.
5. Finally, restart Outlook for any users experiencing the issue defined in the symptom section

NOTE:

In the above example, the URL https://CrmDiscoverServer.domain.com will need to be updated with the URL of the server with the discovery server role in Microsoft Dynamics CRM deployment.

Users will still experience the authentication prompt for credentials but by performing these instructions, this prompt will now occur every 7 days unless Outlook and/or your browser is restarted. Restarting Outlook/browser will automatically renew their security token and will allow the users to not see the authentication prompt.

↑ Back to the top


Keywords: ADFS, CRM, Dynamics CRM, Claims Authentication, Credential Prompt, SessionSecurityTokenLifetimeInHours, ClaimsSettings, RecentlyViewedWebService.asmx, LookupMruWebService.asmx, MessageBar.asmx, 401

↑ Back to the top

Article Info
Article ID : 4057010
Revision : 6
Created on : 12/6/2017
Published on : 12/6/2017
Exists online : False
Views : 343