Article ID: 954873 - View products that this article applies to.
When you use a computer that runs Internet Information Services (IIS) 7.0, you may experience slow Web application performance. This problem occurs if the following conditions are true:
This problem occurs because IIS 7.0 requires the client to be reauthenticated for each HTTP request when you use the Kerberos authentication protocol. This behavior causes network traffic to increase.
This behavior differs from the behavior in IIS 5.0. In IIS 5.0, a client that is authenticated by the Kerberos protocol after an initial HTTP request stays authenticated during the HTTP keep-alive session.
To resolve this problem, set the value of the authPersistNonNTLM property to True at the server level in IIS 7.0. To do this, follow these steps:
After you set the authPersistNonNTLM property to True, you do not require a reauthentication for every request that is made over the same keep-alive connection. You may have to reauthenticate only if you use a different client TCP port to make another HTTP request. This scenario occurs when a new HTTP keep-alive session must be established.
For more information about HTTP keep-alive sessions, visit the following Internet Engineering Task Force (IETF) Web site:
http://www.ietf.org/rfc/rfc2616.txtThe authPersistNonNTLM configuration property in IIS 7.0 replaces the EnableKerbAuthPersist registry key that is used in IIS 6.0.
917557Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
(https://support.microsoft.com/kb/917557/ )FIX: You may experience slow performance when you use Integrated Windows authentication together with the Kerberos authentication protocol in IIS 6.0
Article ID: 954873 - Last Review: June 27, 2008 - Revision: 1.0