When
you are using Active Directory groups and add those groups into SharePoint
groups, you will run into issues while modifying the members of the Active
Directory group. It takes 24 hours (by default) to reflect this change to
SharePoint.This behavior is controlled by a property called Token-timeout.By
default, this value is set to 1440
minutes (24 hours) .
SharePoint fetches user token information from the
SharePoint database. If the user has never visited the site or if the user’s
token was generated more than 24 hours previously, SharePoint generates a new
user token by trying to refresh the list of groups that the user belongs to.(MSDN
Reference)
To check which values you currently have, try running the below:
stsadm –o getproperty –propertyname token-timeout
If
you want to minimize this token time out value (time it takes to refresh the
token), follow the below instructions.
To
set a valid time to 2000 minutes, use the following syntax:
stsadm -o setproperty -pn token-timeout -pv 2000
Note: You can substitute -pn for -propertyname and -pv for
-propertyvalue.
Name
|
Value
|
propertyname
|
Gets or sets the name
of the property.
|
propertyvalue
|
A valid time interval,
in minutes. The default setting is 1440 minutes.
|
The syntax for the setproperty operation is:
stsadm -o setproperty -propertyname token-timeout –propertyvalue <A valid time interval, in minutes>
Note:
- This
property applies to the entire farm.
- The
use of stsadm will only affect the ContentService
Web service property and not the AdministrationService
Web service property.
Warning: If you set Token-timeout to zero (0) it can bring the farm down and you get this error message
"The context has expired and can no longer be used. Exception from HRESULT: 0x80090317"
Warning: If you set Token-timeout to zero (0) it can bring the farm down and you get this error message
"The context has expired and can no longer be used. Exception from HRESULT: 0x80090317"
Posts
No comments:
Post a Comment