locked
Changing the timeout setting in Microsoft CRM 2011 On Premise RRS feed

  • Question

  • Hi.  How do you change the timeout setting so that users are not automatically logged off due to inactivity of CRM 2011 On Premise using the internet browser client so quickly?

     

    Is the default 20 setting minutes? 

     

    Whatever it is I would like to make it twice as long.

     

    Thanks.

     

     

    Rick Bellefond

    RB Data Services

    www.rbdata.com


    Rick Bellefond RB Data Services www.rbdata.com
    Wednesday, October 19, 2011 12:00 PM

Answers

  • Hi Rick,

    The lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. By default, Microsoft Dynamics CRM Server 2011 is configured to display the Authentication is Required dialog box 20 minutes before the token expires.

     

    In the Authentication is Required dialog box, if you click Cancel, the token expires as indicated. When the security token expires, you will need to start a new browser session to Microsoft Dynamics CRM to access your data. Any unsaved changes will be lost.

    In the Authentication is Required dialog box, if you click Sign In, the Sign-Out page appears. When you close the Sign-Out page, one of the following occurs:

    ·         If you have not deployed an Internet-facing deployment (IFD), you will automatically re-authenticate with domain credentials and a new security token will be issued.

    ·         If you have an IFD deployment, you will be required to re-authenticate by entering your credentials on the login page.

    By using Windows PowerShell, you can change the TokenLifetime property for the relying party objects that you created from 60 minutes to a longer period, such as 480 minutes (8 hours):

    1.     Open a Windows PowerShell prompt.

    2.     Add the Microsoft Dynamics CRM Windows PowerShell snap-in:

    PS > Add-PSSnapin Microsoft.Adfs.PowerShell

    3.     Configure the relying party token lifetime:

    PS > Get-ADFSRelyingPartyTrust -Name:"relying_party"
    PS >  Set-ADFSRelyingPartyTrust -TokenLifetime 1500


    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    • Marked as answer by Rick Bellefond Wednesday, November 2, 2011 7:31 PM
    Wednesday, October 19, 2011 1:45 PM

All replies

  • Hi Rick,

    The lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. By default, Microsoft Dynamics CRM Server 2011 is configured to display the Authentication is Required dialog box 20 minutes before the token expires.

     

    In the Authentication is Required dialog box, if you click Cancel, the token expires as indicated. When the security token expires, you will need to start a new browser session to Microsoft Dynamics CRM to access your data. Any unsaved changes will be lost.

    In the Authentication is Required dialog box, if you click Sign In, the Sign-Out page appears. When you close the Sign-Out page, one of the following occurs:

    ·         If you have not deployed an Internet-facing deployment (IFD), you will automatically re-authenticate with domain credentials and a new security token will be issued.

    ·         If you have an IFD deployment, you will be required to re-authenticate by entering your credentials on the login page.

    By using Windows PowerShell, you can change the TokenLifetime property for the relying party objects that you created from 60 minutes to a longer period, such as 480 minutes (8 hours):

    1.     Open a Windows PowerShell prompt.

    2.     Add the Microsoft Dynamics CRM Windows PowerShell snap-in:

    PS > Add-PSSnapin Microsoft.Adfs.PowerShell

    3.     Configure the relying party token lifetime:

    PS > Get-ADFSRelyingPartyTrust -Name:"relying_party"
    PS >  Set-ADFSRelyingPartyTrust -TokenLifetime 1500


    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    • Marked as answer by Rick Bellefond Wednesday, November 2, 2011 7:31 PM
    Wednesday, October 19, 2011 1:45 PM
  • Hi Rick,

    Mark as Answer if it is helpful and got resolved your issue.

     

    Regards,


    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    Wednesday, November 2, 2011 9:51 AM
  • Hi Khaja,

    Wow that is quick a bit more involved than I thought.

    I thought it was just a setting somewhere that said "crm timeout = 20 minutes" and you would just change the 20 to say 100.

    Thanks.


    Rick Bellefond
    www.rbdata.com


    Rick Bellefond RB Data Services www.rbdata.com
    Wednesday, November 2, 2011 7:33 PM
  • Hi Khaja,

    What is the max for TokenLifetime?   I a see in the sample that you have it set to 1500.   I thought the max was 8hrs.   I have tried the find the max value for this, but cannot seem to find it.

    Tuesday, February 21, 2012 4:28 PM
  • Hi,

    Actually i tried to find the max TokenLifeTime but i didnt find answer for this.

    Regards,


    Khaja Mohiddin http://www.dynamicsexchange.com/ http://about.me/KhajaMohiddin

    Wednesday, February 22, 2012 7:30 AM