Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics CRM forum
Suggested answer

Dynamics 365 version 9 on premise session timeout and user prompted to re-authenticate after 30 minutes

Posted on by 40

Firstly, there is NO user interface for configuring Session Timeout at Settings > Administration > System Settings > General Tab.

The problem is that users are prompted to re-authenticate approximately every 30 minutes.  I have detailed the environment below. Any help would be greatly appreciated.

Steps to Reproduce:
Open a browser (chrome or ie11) > navigate to mycrm.yadadada..com/.../main.aspx
Minimize the browser or continue working
Wait ~30 minutes
Maximize the browser
You will be prompted with this dialog: "Your Microsoft Dynamics 365 session is about to expire. To continue working, please sign in again." with a SignIn button and a Cancel button
If user clicks Sign In, browser navigates to mycrm.yadadada.com/.../dlg_reauthenticate_success.aspx
If user clicks Cancel, browser navigates to ourSTSServer.yadadada.com/.../

Environment: New Dynamics 365 version 9 single server environment, then applied service packs to 9.0.8.9. Server is configured for Claims-Based Authentication. The server was mistakenly configured for IFD, which was subsequently removed/disabled.  Our environment uses a Security Token Server.

IIS 10 - default settings configured by CRM installation except for CRMAppPool > Advanced > Process Model > Idle Time-out (minutes) (we changed from 1500 to 0).

The entries below appear in the IIS log at the time the re-authenticate dialog appears:

#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2019-11-20 18:22:06
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2019-11-20 18:22:06 192.168.xxx.xxx GET /BaseOrg/_root/dlg_prompt_reauthenticate.aspx user_lcid=1033&reauth=true+REQID:fa10a728-cfb7-4cb2-8827-d17a4f742fc1 443 MYDOMAIN\MYUSER 111.111.111.111 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/7.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729;+Zoom+3.6.0) - 200 0 0 31
2019-11-20 18:22:06 192.168.xxx.xxx GET / wa=wsignoutcleanup1.0+REQID:c1407585-cb09-4e84-b6b2-fba353693ee0 443 - 10.8.11.56 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/7.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729;+Zoom+3.6.0) mySTSserver.yadadada.com/.../ 200 0 0 15
2019-11-20 18:22:11 192.168.xxx.xxx GET /BaseOrg/_root/dlg_reauthenticate_success.aspx +REQID:6db297f2-eefa-4b74-930f-f8d595afd960 443 - 10.8.11.56 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/7.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729;+Zoom+3.6.0) - 302 0 0 0
2019-11-20 18:22:11 192.168.xxx.xxx POST /default.aspx +REQID:4b5c3b53-3b34-4c4d-993c-aa36296c95c7 443 MYDOMAIN\MYUSER 111.111.111.111 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/7.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729;+Zoom+3.6.0) mySTSserver.yadadada.com/.../wia 302 0 0 15
2019-11-20 18:22:11 192.168.xxx.xxx GET /BaseOrg/_root/dlg_reauthenticate_success.aspx +REQID:0cea9751-a360-4b5a-8fb2-ac9e7a8dcf43 443 MYDOMAIN\MYUSER 111.111.111.111 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/7.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729;+Zoom+3.6.0) mySTSserver.yadadada.com/.../wia 200 0 0 31 2019

These are the relevant settings from MSCRM and BaseOrg databases:

MSCRM_CONFIG.AllowCustomInactivityDuration = 0 and AllowCustomSessionDuration = 0

MSCRM_BaseOrg
SessionTimeoutEnabled = 0,
SessionTimeoutInMins = null,
SessionTimeoutReminderInMins = null,
InactivityTimeoutEnabled=0,
InactivityTimeoutInMins=null,
InactivityTimeoutReminderInMins=null

  • Suggested answer
    CRMDevPL Profile Picture
    CRMDevPL 40 on at
    RE: Dynamics 365 version 9 on premise session timeout and user prompted to re-authenticate after 30 minutes

    This was resolved by having the ADFS team review the 2 parts of the ADFS configuration:

    Global SSOLifetime to 600

    and

    Set-ADFSRelyingPartyTrust -Targetname "relying_party" -TokenLifetime 600

    docs.microsoft.com/.../gg188586(v=crm.6)

Helpful resources

Quick Links

Replay now available! Dynamics 365 Community Call (CRM Edition)

Catch up on the first D365 Community Call held on 7/10

Community Spotlight of the Month

Kudos to Saurav Dhyani!

Congratulations to the June Top 10 community leaders!

These stars go above and beyond . . .

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 287,995 Super User

#2
Martin Dráb Profile Picture

Martin Dráb 225,610 Super User

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans