Increasing ADFS Token Timeout Time for Microsoft Dynamics CRM 2011

Increasing ADFS Token Timeout Time for Microsoft Dynamics CRM 2011

CRM 2011 On-Prem Timing out?

If you use Microsoft Dynamics CRM 2011 On-Prem you might be familiar with the time out errors.

Since the time out settings are set at the Token level, AD FS is responsible for assigning this time (60 Minutes by default) which makes CRM 2011 generate the pop up seen above 20 minutes before that time expires.

In the box above, if you click the "Sign In" button, the Sign-Out page appears. When you close that page, you will be required to re-authenticate by entering your credentials on the login page. If you click "Cancel", the time will expire as expected. Once this happens, you will need to start a new browser session to Microsoft Dynamics CRM 2011 to access your data.
Any unsaved changes will be lost.

If you were filling out a long form and step out for a few minutes there is a chance that your changes will be lost when you get back to your desk. In order to minimize these types of situations, follow these steps to increase the Token Lifetime:

  1. On your ADFS 2.0 Server, Navigate to Start -> All Programs -> Administrative Tools -> AD FS 2.0 Management
  2. Expand "Trust Relationships", Expand "Relying Party Trusts" and Make note of the Display Name of the Relying Party pointing to your Microsoft CRM 2011 Server
  3. On your ADFS 2.0 Server, Navigate to and Right Click on Start -> All Programs -> Administrative Tools -> Windows PowerShell Modules. Click on "Run as administrator"
  4. Once the Shell Loads Type: Set-ADFSRelyingPartyTrust –TargetName "CRM" –TokenLifetime 360

    NOTE: In this case, "CRM" is the name of our Relying Party so make sure you call the name of the Relying Party you noted on Step 2. Also, '360' is a number chosen for this exercise which represents the number of minutes chosen for the Token Timeout Value. If you need a longer timeout, please increase this number as needed.

  5. (Optional) If you want to make sure that your Token Timeout has been set correctly, you can check the new value by executing this command on the PowerShell: Get-ADFSRelyingPartyTrust –Name:"CRM"

    NOTE: In this case, "CRM" is the name of our Relying Party so make sure you call the name of the Relying Party you noted on Step 2. 

Ready to upgrade to a newer version of CRM or make the move to Dynamics 365? Let our experts know, and move on from these pesky error messages.


Microsoft Dynamics CRM Blog