locked
NPS reauthentication RRS feed

  • Question

  • We recently upgraded all of our Domain Controllers to Server 2008 R2 (fresh installs). We use PEAP authentication. Initially, a computer coming online is assigned a domain computer role at the (Enterasys) switch (assuming it's a domain computer and not a visitor), allowing it to get updates through WSUS when no-one is logged on. When a user logs on, the switch attempts to re-authenticate the user (RADIUS). Successful authentication as a domain user changes the switch port role to allow appropriate access (e.g., student, staff, administrator).

    Since the upgrade to 2008 R2, many (staff, faculty, admin) users have been seeing constant "now connected to <DOMAIN>" balloons at the system tray, often at the rate of about 1 a minute. One of our admins found in excess of 6000 authentication entries per minute on one DC (we have probably fewer than 1000 active users online today).

    Other than the DC upgrade, the only change has been the addition of some Enterasys G3 switches, but the majority of the authentication requests are coming through older switches that have been online and functioning properly for years with the (former) 2003 DCs.

    How do we stop the re-authentication flood and the balloons that are irritating users?

    Thursday, July 1, 2010 6:00 PM

Answers

  • Hi,

    Thanks for the post.

    In this case, we need to take the time to collect the relevant information to check what causes 6000 authentication entries per minute.

    Would you please diagram the network topology of your current domain envrionment in detail?

    *************************

    Please collect the MPSReport on the problematic DC.

    1. Download proper MPS Report tool from the website below.

    Microsoft Product Support Reports
    http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

    2. Double-click to run it, if requirement is not met, please follow the wizard to download and install them. After that, click Next, when the "Select the diagnostics you want to run" page appears, select "General", “Internet and Networking”, “Business Networks”, “Server Components”, click Next.

    3. After collecting all log files, choose "Save the results", choose a folder to save <Computername>MPSReports.cab file.

    For your convenience, I have created a workspace for you.  You can upload the information files to the following link.  (Please choose "Send Files to Microsoft")
     
    Workspace URL: (https://sftasia.one.microsoft.com/choosetransfer.aspx?key=e6bd220e-baad-4851-b610-47822c6e54fc)
    Password: {vn^i6ZW1x1a6W
     
    Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken.  Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser.

    **********************************

    Meanwhile, please capture a screenshot when the "now connected to <DOMAIN>" balloon shows up.

    How to capture a Screenshot:
    =======================
    1. Please press the Print Screen key (Putsch) on your keyboard.
    2. Click Start, click Run, type MSPAINT, and click OK.
    3. In Paint, click Paste under the Edit Menu, click Save under the File menu, type a file name for the screenshot, choose JPEG as "Save as type", click "Desktop" on the left pane, and click Save.
    4. Please upload the picture file to the Workspace.

    Thanks,

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Miles Zhang Thursday, July 8, 2010 6:03 AM
    Friday, July 2, 2010 8:12 AM

All replies

  • Hi,

    Thanks for the post.

    In this case, we need to take the time to collect the relevant information to check what causes 6000 authentication entries per minute.

    Would you please diagram the network topology of your current domain envrionment in detail?

    *************************

    Please collect the MPSReport on the problematic DC.

    1. Download proper MPS Report tool from the website below.

    Microsoft Product Support Reports
    http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

    2. Double-click to run it, if requirement is not met, please follow the wizard to download and install them. After that, click Next, when the "Select the diagnostics you want to run" page appears, select "General", “Internet and Networking”, “Business Networks”, “Server Components”, click Next.

    3. After collecting all log files, choose "Save the results", choose a folder to save <Computername>MPSReports.cab file.

    For your convenience, I have created a workspace for you.  You can upload the information files to the following link.  (Please choose "Send Files to Microsoft")
     
    Workspace URL: (https://sftasia.one.microsoft.com/choosetransfer.aspx?key=e6bd220e-baad-4851-b610-47822c6e54fc)
    Password: {vn^i6ZW1x1a6W
     
    Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken.  Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser.

    **********************************

    Meanwhile, please capture a screenshot when the "now connected to <DOMAIN>" balloon shows up.

    How to capture a Screenshot:
    =======================
    1. Please press the Print Screen key (Putsch) on your keyboard.
    2. Click Start, click Run, type MSPAINT, and click OK.
    3. In Paint, click Paste under the Edit Menu, click Save under the File menu, type a file name for the screenshot, choose JPEG as "Save as type", click "Desktop" on the left pane, and click Save.
    4. Please upload the picture file to the Workspace.

    Thanks,

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Miles Zhang Thursday, July 8, 2010 6:03 AM
    Friday, July 2, 2010 8:12 AM
  • Hi,

     

    If there is any update on this issue, please feel free to let me know.

     

    We are looking forward to your reply.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, July 5, 2010 8:51 AM