Environment
Advanced Authentication
Advanced Auth 6.2
Situation
Slow performance with Advanced Authentication
Authentication is slower with Advanced Authentication
Resolution
Slow performance in Advanced Authentication is most commonly caused by one or more of the following:
For bandwidth or network connectivity problems try one or more of the following:
Low bandwidth or network connectivity problemsREPO performance issuesAAF server performance issuesThird party problems
- Enable HTTP compression from the Admin page, under Policies, HTTPS options- Enforce Cached Login add the following to config.properties on the workstations:forceCachedLogon: trueThe full path is \ProgramData\NEtIQ\Windows Client\config.properties. Create the file if it is not present. Requires restarting Windows.
For Repo performance issues try one or more of the following:
- Enable Paged Search -- From the Admin page, select the repository, Edit, Advanced Settings. By default this is on. Try toggling this on and off and see which works best.- Enable Nested Groups support -- From the Admin page, select the repository, Edit, Advanced Settings. By default this is on. Try turning it off. Try toggling this on and off and see which works best.- Enable Cached logon -- From the Admin page, Edit the LDAP Password method. Make sure "Enable Cached logon" is set to ON. If off, AAF always contacts the LDAP server to verify the LDAP password. If on, AAF uses the cached LDAP password.- LDAP Caching --> From the Admin page, policies, Login options. Off by default, try changing to ON. When on, Advanced Authenticaiton stores LDAP information on the AA server (e.g. password expiry, disabled account, etc.
To see if the problem is with the Advanced Authentication server, check the following:
- Check AAF server web portals, are they responsive?- Check hardware activitySort the output by CPU:ps aux --sort pcpuExamine RAM and swap usage:free
For third party issues consider the technical workflow of the authentication requests. Does the auth request go to a load balancer or network filter? What chains are used? Are other chains faster?
Additional Information
It is also important to understanding the environment, e.g. is Advanced Authentication in a cluster or not, what is the repo type, what versions of AAF Server/Client are running, and how much memory is allocated for AAF Server?
Log files from server and workstation may be helpful.