Over the last couple of months I’ve implemented a couple of Operations Manager solutions at customers where they all use the Windows Server Management Pack version 6.0.7026.0
This management pack includes a new monitor where it monitors how many secure channels are created to a domain controller when authenticating users using NTLM pass-through.
In Windows 2008 and R2 the monitor can however create false positives, which can make this monitor quite noisy. This is a confirmed bug in this version of the management pack which can be seen here at Kevin Holmans Technet blog here.
First off, you need to ascertain whether this is an actual issue on the server in question or if it’s a false positive. To do this you need to monitor the performance counters for NETLOGON.
The default values to expect are as follows:
- Windows Server, pre-Windows 2012: 2 concurrent threads
- Windows Server 2012: 10
- Windows client: 1
- Domain controllers, pre-Windows-2012: 1
- Domain controllers, Windows-2012: 10
If you do not bump against these values, then you are most likely struck by above mentioned bug and could turn off the monitor if you don’t want it to be noisy. If you decide to do this, then remember to check whether this problem is resolved in an upcoming update and delete the overrides.
If you however bump against these values, then you can increase it by editing this registry value:
The maximum value is however 150, which Windows Server 2012 and beyond already has set at the default value. In that case you would consider scaling out unless you are willing to accept the user experience degradation of slower validation and possibly additional validation prompts.