Summary #
Microsoft Windows Server by default only handles one NTLM authentication request at a time. Typically, this is not an issue on smaller networks. However, on larger networks that also have other devices that use the NTLM authentication infrastructure (like SecureSchool), the domain controllers can get backed up and cause slow browsing, or behavior where the SecureSchool authentication engine is restarting a lot and users will sporadically get authentication pop-ups.
More Information #
To fix this issue, you need to configure Microsoft Windows Server to handle more than one NTLM authentication request at a time. We recommend setting it to 5. You need to make the change on all of your domain controllers. Full details of what to change and where are provided by Microsoft, in Microsoft KB326040 .
- Start Registry Editor. To do this, click Start, click Run, type Regedt32.exe, and then click OK.
- Locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters - On the Edit menu, click Add Value, and then add the following registry information (where 10 represents the heaviest loads):
- Value Name: MaxConcurrentApi
- Data Type: REG_DWORD
- Value: 5
- Restart the NETLOGON service.
