Microsoft Dynamics CRM on-premises may prompt users for credentials

While using Microsoft Dynamics CRM on-premises users may be prompted for authentication credentials once every 24 hours. This can happen for both users of the web client along with users of the Microsoft Dynamics CRM Outlook client.

This will only happen for deployments that have claims authentication enabled.

One possible cause for this issue is that the claims setting SessionSecurityTokenLifetimeInHours is set to a value of 24 hours. This is the default value.

The claims setting SessionSecurityTokenLifetimeInHours will need to be updated to something other than 24. In this particular instance, it was set to one week.

1. On the Dynamics server with the CRM discovery role installed, open a PowerShell command window.
2. Run the following commands from the window.

$Settings = Get-CrmSetting -SettingType ClaimsSettings -DwsServerUrl https://CrmDiscoverServer.domain.com -Credential $creds
$Setting.SessionSecurityTokenLifetimeInHours = '168'
Set-CrmSetting -DwsServerUrl https://CrmDiscoverServer.domain.com -Credential $creds $setting

3. Once done, verify that the lifetime value is now 168 by running the below command.

Get-CrmSetting -SettingType ClaimsSettings -DwsServerUrl https://CrmDiscoverServer.domain.com -Credential $creds

4. Next, restart IIS on the frontend servers.
5. Finally, restart Outlook for any users experiencing the issue defined in the symptom section

NOTE:

In the above example, the URL https://CrmDiscoverServer.domain.com will need to be updated with the URL of the server with the discovery server role in Microsoft Dynamics CRM deployment.

Users will still experience the authentication prompt for credentials but by performing these instructions, this prompt will now occur every 7 days unless Outlook and/or your browser is restarted. Restarting Outlook/browser will automatically renew their security token and will allow the users to not see the authentication prompt.