Microsoft KB Archive/326040

= How to configure an ISA Server computer for a very large number of authentication requests =

Article ID: 326040

Article Last Modified on 7/26/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Internet Security and Acceleration Server 2000 Service Pack 1
 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition

-



This article was previously published under Q326040



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SUMMARY
This step-by-step article describes how to improve authentication throughput on a computer that is running Microsoft Internet Security and Acceleration (ISA) Server.

If the computer uses NTLM or Basic authentication for many Web clients, you may experience poor performance. This problem does not occur when authentication is turned off.

You can improve the authentication throughput by increasing the number of concurrent authentication calls that are in progress at one time between the ISA Server computer and the domain controller.

Add a registry key
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Follow these steps to increase the number of concurrent authentication calls in progress at one time between the ISA Server computer and the domain controller.  Start Registry Editor. To do this, click Start, click Run, type Regedt32.exe, and then click OK. Locate the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

 On the Edit menu, click Add Value, and then add the following registry information (where 10 represents the heaviest loads):

Value Name: MaxConcurrentApi

Data Type: REG_DWORD

Value: between 0 and 10 Restart the NETLOGON service.

Note You should never set the value of the MaxConcurrentApi entry to more than 5. If the value that you assign to MaxConcurrentAPI is too high, the ISA Server computer might put a heavy load on the domain controller.

If you have a computer that is running Microsoft Windows 2000 Advanced Server, you can use the Network Load Balancing component (previously known as WLBS) of Windows 2000 Advanced Server to distribute incoming access requests among multiple IAS servers. This helps the server perform better when network traffic is high.

To load balance the Web requests and authentication and to increase performance, you can also use more ISA Server computers in an array.

