The purpose of this article is to provide information on the Schannel values used in authentication to handle multiple authentication requests at the same time. If you have a BCAAA deployment, refer to 169381 instead.
By default, the number of concurrent secure channels (equivalent to the MaxConcurrentAPI value) the ProxySG appliance uses are:
The default number can be changed by using the following commands:
#(config windows-domains)edit DomainAlias
#(config windows-domains DomainAlias)max-secure-channel-requests <number>
In order for the maximum number of concurrent connections to take effect, you must enter the same number in the registry for the Domain Controller(s), so that the amount in both the ProxySG and the Domain Controller(s) match. The registry setting on the Domain Controller is MaxConcurrentAPI. If you change the MaxConcurrent API setting, you must restart the NetLogon service on the Domain Controller, or reboot the Domain Controller after changing the MaxConcurrent API setting.
To calculate the number of schannels you require, use this reference page: https://support.microsoft.com/en-us/help/2688798/how-to-do-performance-tuning-for-ntlm-authentication-by-using-the-maxc