Dynamics CRM CrmWRPCTokenKey Errors

  • Article

Error

Current key (KeyType : CrmWRPCTokenKey) is expired. This can indicate that a key is not being regenerated correctly

Cause

This issue happens when there is an issue with async maintenance job service  causing key renewal to fail and to temporarily fix it async restart would work. As this cleanup had not happened in the past to remove incorrect records, it never got fixed permanently.

More details about this key

CRM ticket keys are automatically generated and renewed and then distributed, or deployed, to all computers running Microsoft Dynamics CRM or running a specific Microsoft Dynamics CRM Server role. These keys are regenerated periodically and, in turn, replace the previous keys. By default, key regeneration occurs every 24 hours.

Web remote procedure call (WRPC) token key: This key is used to generate a security token, which helps make sure that the request originated from the user who made the request. This security token decreases the likelihood of certain attacks, such as a cross-site request forgery (one-click) attack.

https://technet.microsoft.com/en-us/library/hh699824(v=crm.6).aspx

Resolution

Quick fix to this issue would be to add the IgnoreTokenCheck registry key so that this check do not happen. On the front end servers under HKLM\Software\Microsoft\MSCRM you can add a 32 bit DWORD “IgnoreTokenCheck”  and set it to 1.

clip_image002

To get to the root cause run the below script and see how many CrmWRPCTokenKey keys are listed.

use MSCRM_CONFIG

select * from CrmKey where keytype ='CrmWRPCTokenKey' order by CreatedOn

You might find expired keys which we can delete by running the below script.

Disclaimer: Take a backup of your CRM databases before making any changes.

--Script to clean up all CrmWRPCTokenKey entries that are no longer required

declare @MostRecentKeyId uniqueidentifier

declare @CurrentActiveKeyId uniqueidentifier

--Get most recent CrmWRPCTokenKey

set @MostRecentKeyId =

(select top 1 id from CrmKey

where KeyType = 'CrmWRPCTokenKey'

order by CreatedOn desc)

--Get the current ActiveKeyId

set @CurrentActiveKeyId =

(select ActiveKeyId from CrmKeySetting

where

ActiveKeyId <> '00000000-0000-0000-0000-000000000000'

and KeyType = 'CrmWRPCTokenKey'

and IsConfigurationRow = 0)

--Make sure the most recent CrmWRPCTokenKey = current ActiveKeyId

if @CurrentActiveKeyId <> @MostRecentKeyId

begin

update CrmKeySetting

set ActiveKeyId = @MostRecentKeyId

where KeyType = 'CrmWRPCTokenKey' and IsConfigurationRow = 0

end

--Delete CrmWRPCTokenKey entries that are no longer required

delete from CrmKeyProperties

where id in

(

select distinct ckp.id

from CrmKey ck

inner join CrmKeyProperties ckp

on ckp.Id = ck.id

and ck.KeyType = 'CrmWRPCTokenKey'

and ckp.id <> @MostRecentKeyId

)

delete from CrmKey

where KeyType = 'CrmWRPCTokenKey'

and id <> @MostRecentKeyId

Once you perform the cleanup on crmkey table, you can remove the IgnoreTokenCheck registry entries from CRM application servers and test it.

Hope this helps