Help and Support

Article ID: 246118 - Last Review: February 10, 2009 - Revision: 5.0

How to configure your IAS server for a very large number of authentication requests

View products that this article applies to.
This article was previously published under Q246118
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986  (http://support.microsoft.com/kb/256986/ ) Description of the Microsoft Windows registry

On This Page

Expand all | Collapse all

SUMMARY

This step-by-step article describes how to improve authentication throughput on your Internet Authentication Server (IAS) computer.

If the IAS server receives a very large number of authentication requests per second, you can improve throughput by increasing the number of concurrent authentication calls that are in progress at one time between the IAS server and the domain controller.
Back to the top

Add a registry key

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Follow these steps to increase the number of concurrent authentication calls in progress at one time between the IAS server and the domain controller:
  1. Start Registry Editor. To do this, click Start, click Run, type Regedt32.exe, and then click OK.
  2. Locate the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  3. On the Edit menu, click Add Value, and then add the following registry information (where 10 represents the heaviest loads):

    Value Name: MaxConcurrentApi
    Data Type: REG_DWORD
    Value: between 0 and 10
  4. Restart the NETLOGON service.
Note When you increase the value of the MaxConcurrentApi entry beyond 5, make sure that you monitor the number of requests that are sent to the Domain Controller. To do this, install on the servers the update that is described in the following Knowledge Base article, which enables you to track the use of the Netlogon calls:
928576  (http://support.microsoft.com/kb/928576/ ) New performance counters for Windows Server 2003 let you monitor the performance of Netlogon authentication
If you have a computer that is running Microsoft Windows 2000 Advanced Server, you can use the Network Load Balancing component (previously known as WLBS) of Windows 2000 Advanced Server to distribute incoming access requests among multiple IAS servers. This helps your server perform better when network traffic is high.
Back to the top

REFERENCES

For more information about Microsoft Internet Security and Acceleration (ISA) Server, click the following article numbers to view the articles in the Microsoft Knowledge Base:
326040  (http://support.microsoft.com/kb/326040/ ) How to configure your ISA Server for a very large number of authentication requests
Back to the top
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
Back to the top
Keywords: 
kbenv kbhowtomaster kbnetwork KB246118
Back to the top

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers