ISA Server 2006 Service Pack 1 introduces a new alert that is named "Client Authentication Time Exceeded"


Microsoft Internet Security and Acceleration (ISA) Server 2006 Service Pack 1 (SP1) introduces a new alert that is named "Client Authentication Time Exceeded." When this alert is triggered, you receive the following message:
Client authentication time exceeded 5 seconds. This occurred 20 times during the past 5 minutes. To configure this setting, see the Microsoft Knowledge Base article 952082.

More Information

The "Client Authentication Time Exceeded" alert can be triggered by slow authentication requests. ISA Server 2006 triggers the alert only if there were more than 20 slow authentication requests in the last 5 minutes.

  • A slow authentication request is an authentication request that takes more than 5 seconds from ISA Server 2006 to an authentication server. The authentication server can be a domain controller, a Remote Authentication Dial-In User Service (RADIUS) server, or a Lightweight Directory Access Protocol (LDAP) server.
  • If the client uses NTLM authentication, ISA Server makes two separate authentication requests to the authentication server. For this alert, each authentication request is measured separately. The client response time between the two requests is not measured.
The "Client Authentication Time Exceeded" alert has the following three parameters:
  • FireSlowAuthenticationEventAuthenticationDurationThresholdSeconds
    This parameter represents the threshold in seconds greater than which the authentication request is considered slow. By default, the value of this parameter is 5 seconds.
  • FireSlowAuthenticationEventIntervalDurationMinutes
    This parameter represents the interval in minutes during which many slow authentication requests may trigger the alert. By default, the value of this parameter is 5 minutes.
  • FireSlowAuthenticationEventAfterNumTimesInInterval
    This parameter represents the number of slow authentication requests that can be received during the interval before the alert is triggered. By default, the value of this parameter is 20 requests.
To configure these parameters, follow these steps:
  1. Copy and then paste the following script into an instance of Notepad, and then save it as Configure_slow_authentication_alert.vbs.

    Note You can change the values of the parameters in the beginning of the script.
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
    Const SE_VPS_NAME1 = "FireSlowAuthenticationEventAuthenticationDurationThresholdSeconds"
    Const SE_VPS_VALUE1 = 6
    Const SE_VPS_NAME2 = "FireSlowAuthenticationEventIntervalDurationMinutes"
    Const SE_VPS_VALUE2 = 5
    Const SE_VPS_NAME3 = "FireSlowAuthenticationEventAfterNumTimesInInterval"
    Const SE_VPS_VALUE3 = 20

    Sub SetValue()

    ' Create the root obect.
    Dim root ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")

    'Declare the other objects needed.
    Dim array ' An FPCArray object
    Dim VendorSets ' An FPCVendorParametersSets collection
    Dim VendorSet ' An FPCVendorParametersSet object

    ' Get references to the array object
    ' and the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets

    On Error Resume Next
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )

    If Err.Number <> 0 Then

    ' Add the item
    Set VendorSet = VendorSets.Add( SE_VPS_GUID )
    WScript.Echo "New VendorSet added... " & VendorSet.Name

    WScript.Echo "Existing VendorSet found... current values: " & vbCrLf & _
    SE_VPS_NAME1 & " = " & VendorSet.Value(SE_VPS_NAME1) & vbCrLf & _
    SE_VPS_NAME2 & " = " & VendorSet.Value(SE_VPS_NAME2) & vbCrLf & _
    SE_VPS_NAME3 & " = " & VendorSet.Value(SE_VPS_NAME3)
    End If

    VendorSet.Value(SE_VPS_NAME1) = SE_VPS_VALUE1
    If Err.Number <> 0 Then CheckError
    VendorSet.Value(SE_VPS_NAME2) = SE_VPS_VALUE2
    If Err.Number <> 0 Then CheckError
    VendorSet.Value(SE_VPS_NAME3) = SE_VPS_VALUE3
    If Err.Number <> 0 Then CheckError

    VendorSets.Save false, true

    If Err.Number = 0 Then
    WScript.Echo "Done, saved!"
    End If

    End Sub

    Sub CheckError()

    If Err.Number <> 0 Then
    WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
    End If

    End Sub

  2. Click Start, click Run, type cmd in the Open box, and then click OK.
  3. At the command prompt, run the following command:
    cscript path\configure_slow_authentication_alert.vbs
    Note Use the actual path of the Configure_slow_authentication_alert.vbs file to replace the path entry.

Article ID: 952082 - Last Review: Mar 25, 2009 - Revision: 1