Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. ISA Server 2006 Service Pack 1 introduces a new alert that is named "Client Authentication Time Exceeded"

ISA Server 2006 Service Pack 1 introduces a new alert that is named "Client Authentication Time Exceeded"

View products that this article applies to.

Introduction

Microsoft Internet Security and Acceleration (ISA) Server 2006 Service Pack 1 (SP1) introduces a new alert that is named "Client Authentication Time Exceeded." When this alert is triggered, you receive the following message:
Client authentication time exceeded 5 seconds. This occurred 20 times during the past 5 minutes. To configure this setting, see the Microsoft Knowledge Base article 952082.

↑ Back to the top

More information

The "Client Authentication Time Exceeded" alert can be triggered by slow authentication requests. ISA Server 2006 triggers the alert only if there were more than 20 slow authentication requests in the last 5 minutes.

Notes
  • A slow authentication request is an authentication request that takes more than 5 seconds from ISA Server 2006 to an authentication server. The authentication server can be a domain controller, a Remote Authentication Dial-In User Service (RADIUS) server, or a Lightweight Directory Access Protocol (LDAP) server.
  • If the client uses NTLM authentication, ISA Server makes two separate authentication requests to the authentication server. For this alert, each authentication request is measured separately. The client response time between the two requests is not measured.
The "Client Authentication Time Exceeded" alert has the following three parameters:
  • FireSlowAuthenticationEventAuthenticationDurationThresholdSeconds
    This parameter represents the threshold in seconds greater than which the authentication request is considered slow. By default, the value of this parameter is 5 seconds.
  • FireSlowAuthenticationEventIntervalDurationMinutes
    This parameter represents the interval in minutes during which many slow authentication requests may trigger the alert. By default, the value of this parameter is 5 minutes.
  • FireSlowAuthenticationEventAfterNumTimesInInterval
    This parameter represents the number of slow authentication requests that can be received during the interval before the alert is triggered. By default, the value of this parameter is 20 requests.
To configure these parameters, follow these steps:
  1. Copy and then paste the following script into an instance of Notepad, and then save it as Configure_slow_authentication_alert.vbs.

    Note You can change the values of the parameters in the beginning of the script. 
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME1 = "FireSlowAuthenticationEventAuthenticationDurationThresholdSeconds"
Const SE_VPS_VALUE1 = 6
Const SE_VPS_NAME2 = "FireSlowAuthenticationEventIntervalDurationMinutes"
Const SE_VPS_VALUE2 = 5
Const SE_VPS_NAME3 = "FireSlowAuthenticationEventAfterNumTimesInInterval"
Const SE_VPS_VALUE3 = 20

Sub SetValue()

' Create the root obect.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")

'Declare the other objects needed.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object

' Get references to the array object
' and the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets

On Error Resume Next
Set VendorSet = VendorSets.Item( SE_VPS_GUID )

If Err.Number <> 0 Then
Err.Clear

' Add the item
Set VendorSet = VendorSets.Add( SE_VPS_GUID )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name

Else
WScript.Echo "Existing VendorSet found... current values: " & vbCrLf & _
SE_VPS_NAME1 & " = " & VendorSet.Value(SE_VPS_NAME1) & vbCrLf & _
SE_VPS_NAME2 & " = " & VendorSet.Value(SE_VPS_NAME2) & vbCrLf & _
SE_VPS_NAME3 & " = " & VendorSet.Value(SE_VPS_NAME3)
End If

VendorSet.Value(SE_VPS_NAME1) = SE_VPS_VALUE1
If Err.Number <> 0 Then CheckError
VendorSet.Value(SE_VPS_NAME2) = SE_VPS_VALUE2
If Err.Number <> 0 Then CheckError
VendorSet.Value(SE_VPS_NAME3) = SE_VPS_VALUE3
If Err.Number <> 0 Then CheckError

VendorSets.Save false, true
CheckError

If Err.Number = 0 Then
WScript.Echo "Done, saved!"
End If

End Sub

Sub CheckError()

If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If

End Sub

SetValue
  2. Click Start, click Run, type cmd in the Open box, and then click OK.
  3. At the command prompt, run the following command:
    cscript path\configure_slow_authentication_alert.vbs
    Note Use the actual path of the Configure_slow_authentication_alert.vbs file to replace the path entry.

↑ Back to the top

Keywords: KB952082, kbinfo, kbhowto, kbexpertiseinter

↑ Back to the top

Article Info
Article ID : 952082
Revision : 3
Created on : 6/17/2008
Published on : 6/17/2008
Exists online : False
Views : 468