Investigating high Max. Response Time, with BCAAA Authentication
Having investigated the uploaded logs, we see tons of authentication failures. Please see the attached .csv file, for reference. Investigating further, we see very high Max. Resp. time, for the "auth.qa" authentication realm/server. This response time relates to the authentication traffic between the Proxy and the BCAAA server(s). Please see the snippet below, for reference.
For more on the authentication statistics, please refer to the snippets below.
The possible reasons for the high response time, with BCAAA are:
Recommendations for managing/resolving the high response time:
Too many authentication attempt: To further check to see if something like that is happening or not you may check the eventlog on the proxy using the url: https://x.x.x.x:8082/eventlog/fetch=0xffffffff
Under eventlog there will be many lines within a short time frame (i.e multiple times per second) may show up like below
Authentication failed from x.x.x.x: user 'abcd' (realm IWA)". We see these in the eventlogs already. This further checks would only further validate what's already known.
For the too many authentication attempts , chances are we are overloading the BCAAA and / or DC unnecessarily. The best remedy for this is to apply authentication best practices. Please see the attached.
Authentication best practices CPL policy is built with known source NTLM user agents which fails to perform proxy authentication and creates a loop of failed authentication attempts. Note that these authentication failure messages are very common for any deployment which has IWA authentication in place. We want to limit their number with the help authentication best practices CPL. Also, a number of finetuning can be done on top of existing best practices CPL.
For any BCAAA-specific failures, the BCAAA application log, from the Windows server will be helpful. Therein, the event IDs returned, for the failures, should be checked and matched with the descriptions provided in the Tech. Article with the URL below.