web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Windows authentication...
Microsoft Dynamics CRM (Archived)

Windows authentication prompts when after sing-in CRM 2016 ADFS Idle timeā€¦

(0) ShareShare
ReportReport
Posted on by Community Member

Hi,

I sing-in the extranal IFD access by ADFS3.0.

In idle time..3 hours for wait..

Windows authentication prompts(pop-up) will appear.

Try type user and userpassword into Windows authentication prompts..but can not re-sing-in it.

I think that should sing-in ADFS web authentication page,not Windows authentication prompts(pop-up)..

I try it..

IIS>AppPool>CRMAppPool>Advanced Settings>LoadUserProfile=True.

Or focus on the permissions on the temp folder

Refer the link below,

blogs.msdn.microsoft.com/.../windows-authentication-prompts-when-accessing-dynamics-crm-2011-ifd-external-url

but it did not change.

so,I checked the DNS records for orgname.crm.com and dev.crm.com are accessible externally.

I checked global DNS records

124.219.xxx.xxxā‡’GIP is OK.

Mapping to(CNAME)

mycrm.co.jp ā‡’124.219.xxx.xxx

auth.mycrm.co.jp ā‡’mycrm.co.jp(CNAME)
orgname.mycrm.co.jp ā‡’mycrm.co.jp(CNAME)
dev.mycrm.co.jp ā‡’mycrm.co.jp(CNAME)
sts.mycrm.co.jp ā‡’mycrm.co.jp(CNAME)

4 A-Recodes for same GIP.

And,I checked internal access DNS for my AD DNS.

Mapping to 3(CNAME) and 1(A-Recode)

auth.mycrm.co.jp ā‡’CRM FrontEnd(CNAME)
orgname.mycrm.co.jp ā‡’CRM FrontEnd(CNAME)
dev.mycrm.co.jp ā‡’CRM FrontEnd(CNAME)
sts.mycrm.co.jp ā‡’ADFS LB(VIP)(A-Recode)

I have WEB Proxy(Remote Access feature) Web Application Proxy.

Added 3 sites in my WAP.

https://auth.mycrm.co.jp
https://orgname.mycrm.co.jp
https://dev.mycrm.co.jp

[Ref]

https://blogs.technet.microsoft.com/dynamicspts/2014/10/01/using-web-application-proxy-to-publish-dynamics-crm-2013-to-the-internet/

The Global-IP is mapping to my router. The router(WAN) is mapping to WAP(Lan IP)..

I try change OS ver for ADFS ver..But I sitll have this issue..help me..very thanks!

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Alagunellaikumar Profile Picture
    Alagunellaikumar 6,212 on at

    Hi

    Did you enable Form authentication in ADFS

  • Community Member Profile Picture
    Community Member on at

    yes,i enabled Form authentication in ADFS

  • Suggested answer
    Alagunellaikumar Profile Picture
    Alagunellaikumar 6,212 on at

    HI

    So your problem is even though you configured ADFS login page is not displayed. Am I correct?

  • Community Member Profile Picture
    Community Member on at

    hi,

    I can login adfs web page.and can use crm.

    but, in idle time,after 3houers, Authentication period expires, then re-login in it.

    re-singin screen is not adfs web page.it is Windows authentication prompts from crmfrontend.

    i can try close ie. retry input the external crmurl,the singin screen is adfs web page.

    wait n hours for idle,not operate it,get crmfe Windows authentication prompt to re-login.

  • Suggested answer
    Alagunellaikumar Profile Picture
    Alagunellaikumar 6,212 on at

    When login expires, Does it automatically goes to sign out page?

    Is CRM url https  or http?

  • Community Member Profile Picture
    Community Member on at

    I set the sso lifetime to 480 default.

    but no operate wait 3hours only,Access token authentication period expires.

    ifd adfs is https.using ssl.

  • Suggested answer
    Alagunellaikumar Profile Picture
    Alagunellaikumar 6,212 on at

    Hi

    Could you please delete the relaying party trust for IFD and try to re-configure it?

  • Community Member Profile Picture
    Community Member on at

    I tried it already, but the result has not changed. And I tried rebuilding ADFS, but that did not change the result.

  • Suggested answer
    Alagunellaikumar Profile Picture
    Alagunellaikumar 6,212 on at

    Hi

    Login CRM and manually sign out and check your URL contains  like below

    adfs/ls/?wa=wsignout

    If not then your ADFS is not properly configured

  • Community Member Profile Picture
    Community Member on at

    hi,

    I sing-in crm.

    then, in IE address bar,input

    [https://sts.mycrm.co.jp/adfs/ls/?wa=wsignout]

    So,i get this error in my adfs server event logs.

    Microsoft.IdentityServer.RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request.

    at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, weā€™re introducing a Responsible AI Useā€¦

Neeraj Kumar ā€“ Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree forā€¦

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > šŸ”’äø€ Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans