000018968 - The processor usage is noticeable higher on the Domain Controllers after enabling Network Access Protection.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018968
Applies ToRSA ACE/Agent 4.4 for Windows NT (no longer supported as of 3-3-2003)
Microsoft Windows NT 4.0
PDC
BDC
Network Access Protection (NAP)
IssueThe processor usage is noticeable higher on the Domain Controllers after enabling Network Access Protection.
CauseEach and every access attempt to any resource in the NT Domain must pass through the Network Access Protection sub-authentication filter.  This is in order to decide whether or not the user is in a group that should be authenticated. If the user is in a group that should be authenticated the Agent then has to decide whether or not that user already has been authenticated.  This also adds to the workload of the Domain Controllers.
ResolutionThis is normal behavior when Network Access Protection is enabled. The extra workload is decided by factors which include the amount of accesses and the size of the SAM database.
Legacy Article IDa4704

Attachments

    Outcomes