none
nps maxconcurrentapi value

    Pregunta

  • Hi there

    according to ms article https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-concurrent-auth it is recommended to increase concurrent authentication if nps is not installed in a DC. However it doesn"t provide more info. My NPS is on another forest,it's not a DC and it is authenticating users from my forest, as well as other trusted crossed forest. Users are currently a few hundreds but soon the number will become a few thousands when it goes to production. What I would like to know is if there is some recommendations on what the maxconcurrentapi value should be, instead of a generic interval 2-5.

    Thanks and Regards

    viernes, 22 de junio de 2018 19:46

Respuestas

  • Hi,

    Thanks for your question.

    According to your description, you want to increase the maxconcurrentapi value of NPS to optimize NPS performance or other methods.

    As far as I know, there are several tips to improve NPS performance:

    1) install NPS role on DC

    2) disable NAS notification forwarding

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772258%28v%3dws.10%29

    3) If the NPS server is on a computer other than a domain controller, and it is receiving a large number of authentication requests per second, you can improve performance by increasing the number of concurrent authentications between the NPS server and the domain controller. To do this, edit the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\ Parameters.

    Add a new value (REG_DWORD value type) named MaxConcurrentApi, and although the range can be between 0 and 10, it is recommended to assign it a setting from 2 through 5. This value specifies the maximum number of simultaneous logon calls that can be transmitted to the domain controller over the secure channel at any given time, and the default is 2 for a member server computer. Increasing the setting will allow additional logon calls to be processed simultaneously to improve performance on the NPS server. Avoid setting the MaxConcurrentApi value to a setting higher than 5 because the additional load might cause depletion of resources on the domain controller.

    For more information, please refer to the following article and roll down to the chapter High Scalability for RADIUS Authentication.

    https://www.polyteknisk.dk/related_materials/9780735624221_SampleChapters.pdf

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Reference link about Best Practices for NPS:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771746(v=ws.10)

    Hope above information can help you.  

    Highly appreciate your effort and time. If you have any question and concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marcado como respuesta Selva_MSN jueves, 28 de junio de 2018 17:59
    lunes, 25 de junio de 2018 4:28

Todas las respuestas

  • Hi,

    Thanks for your question.

    According to your description, you want to increase the maxconcurrentapi value of NPS to optimize NPS performance or other methods.

    As far as I know, there are several tips to improve NPS performance:

    1) install NPS role on DC

    2) disable NAS notification forwarding

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc772258%28v%3dws.10%29

    3) If the NPS server is on a computer other than a domain controller, and it is receiving a large number of authentication requests per second, you can improve performance by increasing the number of concurrent authentications between the NPS server and the domain controller. To do this, edit the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\ Parameters.

    Add a new value (REG_DWORD value type) named MaxConcurrentApi, and although the range can be between 0 and 10, it is recommended to assign it a setting from 2 through 5. This value specifies the maximum number of simultaneous logon calls that can be transmitted to the domain controller over the secure channel at any given time, and the default is 2 for a member server computer. Increasing the setting will allow additional logon calls to be processed simultaneously to improve performance on the NPS server. Avoid setting the MaxConcurrentApi value to a setting higher than 5 because the additional load might cause depletion of resources on the domain controller.

    For more information, please refer to the following article and roll down to the chapter High Scalability for RADIUS Authentication.

    https://www.polyteknisk.dk/related_materials/9780735624221_SampleChapters.pdf

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Reference link about Best Practices for NPS:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771746(v=ws.10)

    Hope above information can help you.  

    Highly appreciate your effort and time. If you have any question and concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marcado como respuesta Selva_MSN jueves, 28 de junio de 2018 17:59
    lunes, 25 de junio de 2018 4:28
  • Hi,

    Just checking in to see if the information provide was helpful. Please let us know if you would like further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    jueves, 28 de junio de 2018 15:04
  • Yes, it was. Thank you a lot

    jueves, 28 de junio de 2018 17:59
  • You're welcome. Thanks for your sharing and support.

    Nice weekends!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    viernes, 29 de junio de 2018 1:30