Slow RADIUS Service Response Times with MCIS 2.0 Membership Authentication DLL (295583)


The information in this article applies to:

  • Microsoft Commercial Internet System 2.0, when used with:
    • Microsoft Internet Authentication Service
    • Microsoft Site Server 3.0
This article was previously published under Q295583

SYMPTOMS

When the Internet Authentication Service Remote Authentication Dial-In User Service (RADIUS) server is set up to use the MCIS 2.0 Authentication dynamic-link library (DLL), response times may slow considerably when under load. This problem is more likely to occur if the Membership Directory is partitioned into several Microsoft SQL Server databases.

CAUSE

The Microsoft Commercial Internet System (MCIS) 2.0 Membership Authentication DLL uses one global Lightweight Directory Access Protocol (LDAP) session to query the Membership Directory. If the RADIUS server worker threads perform several LDAP queries simultaneously, all these queries are queued and serialized in the same LDAP session. The LDAP server processes the first incoming request before it processes the other requests.

When the LDAP service processes the LDAP search request with a partioned Membership Directory, the LDAP service cannot query the SQL databases concurrently but serializes the SQL queries. Thus, under load, the response time slows for two reasons:
  • The LDAP queries are serialized.
  • For one LDAP search query, the SQL queries over the Membership Directory are also serialized.

RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next MCIS service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:
   Date      Time    Version      Size    File name     Platform
   -------------------------------------------------------------
   4/14/2000 1:33AM  1317.2       45,600  Actlapi2.dll  x86

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

With this fix, each RADIUS worker thread has a dedicated LDAP session. This allows the LDAP server to process the incoming RADIUS queries simultaneously and to issue concurrent SQL queries.

Before you apply this fix, ensure that the LDAP server settings allow each RADIUS thread to create the LDAP session. Also, make sure that the LDAP server settings allow the LDAP server to have concurrent queries over the SQL databases.
Modification Type:MinorLast Reviewed:10/6/2005
Keywords:kbHotfixServer kbQFE kbprb kbQFE KB295583
©2004 Microsoft Corporation. All rights reserved.