The purpose of this article is to provide information on the Schannel values used in authentication to handle multiple authentication requests at the same time. If you have a BCAAA deployment, refer to 169381 instead.

By default, the number of concurrent secure channels (equivalent to the MaxConcurrentAPI value) used by Edge SWG (ProxySG) is 2. These are the default MaxConcurrentAPI value used in Windows Servers. 

• Windows 2003: 2
• Windows 2008: 2
• Windows 2012: 10

The default number on Edge SWG can be changed by using the following commands:

>enable
#conf t
#(config)security windows-domains
#(config windows-domains)edit DomainAlias
#(config windows-domains DomainAlias)max-secure-channel-requests <number>

In order for the maximum number of concurrent connections to take effect, you must enter the same number in the registry for the Domain Controller(s), so that the amount in both the ProxySG and the Domain Controller(s) match. The registry setting on the Domain Controller is MaxConcurrentAPI. If you change the MaxConcurrent API setting, you must restart the NetLogon service on the Domain Controller, or reboot the Domain Controller after changing the MaxConcurrent API setting.

To calculate the number of Schannels you require, use this reference page: Performance Tuning for NTLM Auth