ISA Server 2006 Service Pack 1 introduces a new alert that is named "Client Authentication Time Exceeded"

Article translations Article translations
Article ID: 952082 - View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

Microsoft Internet Security and Acceleration (ISA) Server 2006 Service Pack 1 (SP1) introduces a new alert that is named "Client Authentication Time Exceeded." When this alert is triggered, you receive the following message:
Client authentication time exceeded 5 seconds. This occurred 20 times during the past 5 minutes. To configure this setting, see the Microsoft Knowledge Base article 952082.

MORE INFORMATION

The "Client Authentication Time Exceeded" alert can be triggered by slow authentication requests. ISA Server 2006 triggers the alert only if there were more than 20 slow authentication requests in the last 5 minutes.

Notes
  • A slow authentication request is an authentication request that takes more than 5 seconds from ISA Server 2006 to an authentication server. The authentication server can be a domain controller, a Remote Authentication Dial-In User Service (RADIUS) server, or a Lightweight Directory Access Protocol (LDAP) server.
  • If the client uses NTLM authentication, ISA Server makes two separate authentication requests to the authentication server. For this alert, each authentication request is measured separately. The client response time between the two requests is not measured.
The "Client Authentication Time Exceeded" alert has the following three parameters:
  • FireSlowAuthenticationEventAuthenticationDurationThresholdSeconds
    This parameter represents the threshold in seconds greater than which the authentication request is considered slow. By default, the value of this parameter is 5 seconds.
  • FireSlowAuthenticationEventIntervalDurationMinutes
    This parameter represents the interval in minutes during which many slow authentication requests may trigger the alert. By default, the value of this parameter is 5 minutes.
  • FireSlowAuthenticationEventAfterNumTimesInInterval
    This parameter represents the number of slow authentication requests that can be received during the interval before the alert is triggered. By default, the value of this parameter is 20 requests.
To configure these parameters, follow these steps:
  1. Copy and then paste the following script into an instance of Notepad, and then save it as Configure_slow_authentication_alert.vbs.

    Note You can change the values of the parameters in the beginning of the script.
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
    Const SE_VPS_NAME1 = "FireSlowAuthenticationEventAuthenticationDurationThresholdSeconds"
    Const SE_VPS_VALUE1 = 6
    Const SE_VPS_NAME2 = "FireSlowAuthenticationEventIntervalDurationMinutes"
    Const SE_VPS_VALUE2 = 5
    Const SE_VPS_NAME3 = "FireSlowAuthenticationEventAfterNumTimesInInterval"
    Const SE_VPS_VALUE3 = 20
    
    Sub SetValue()
    
    ' Create the root obect.
    Dim root ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")
    
    'Declare the other objects needed.
    Dim array ' An FPCArray object
    Dim VendorSets ' An FPCVendorParametersSets collection
    Dim VendorSet ' An FPCVendorParametersSet object
    
    ' Get references to the array object
    ' and the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets
    
    On Error Resume Next
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )
    
    If Err.Number <> 0 Then
    Err.Clear
    
    ' Add the item
    Set VendorSet = VendorSets.Add( SE_VPS_GUID )
    CheckError
    WScript.Echo "New VendorSet added... " & VendorSet.Name
    
    Else
    WScript.Echo "Existing VendorSet found... current values: " & vbCrLf & _
    SE_VPS_NAME1 & " = " & VendorSet.Value(SE_VPS_NAME1) & vbCrLf & _
    SE_VPS_NAME2 & " = " & VendorSet.Value(SE_VPS_NAME2) & vbCrLf & _
    SE_VPS_NAME3 & " = " & VendorSet.Value(SE_VPS_NAME3)
    End If
    
    VendorSet.Value(SE_VPS_NAME1) = SE_VPS_VALUE1
    If Err.Number <> 0 Then CheckError
    VendorSet.Value(SE_VPS_NAME2) = SE_VPS_VALUE2
    If Err.Number <> 0 Then CheckError
    VendorSet.Value(SE_VPS_NAME3) = SE_VPS_VALUE3
    If Err.Number <> 0 Then CheckError
    
    VendorSets.Save false, true
    CheckError
    
    If Err.Number = 0 Then
    WScript.Echo "Done, saved!"
    End If
    
    End Sub
    
    Sub CheckError()
    
    If Err.Number <> 0 Then
    WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
    Err.Clear
    End If
    
    End Sub
    
    SetValue
    
  2. Click Start, click Run, type cmd in the Open box, and then click OK.
  3. At the command prompt, run the following command:
    cscript path\configure_slow_authentication_alert.vbs
    Note Use the actual path of the Configure_slow_authentication_alert.vbs file to replace the path entry.

Properties

Article ID: 952082 - Last Review: June 17, 2008 - Revision: 1.2
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
Keywords: 
kbexpertiseinter kbhowto kbinfo KB952082

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com