Just wanted to throw this out to the educause community to see if others are seeing this. Although this is not ultimately a problem with Higher Ed, the large scale RADIUS deployments in higher ed resulting in more impact
Several weeks ago we had a higher ed customer who's Radius environment started periodically melting down. The customer was running Cisco Infrastructure and ACS 5.x on the back end. In terms of changes, there were no recent changes to either the wireless network, or RADIUS environment. The only recent change was patches applied to the Windows environment. Ultimately, the cause was found to be the AD environment was taking an excessive time responding to NTLM authentications. There was no ultimate fix found, but troubleshooting led us to the changing the MaxConcurrentAPI on the windows servers. which ultimately helped enough to eliminate the problem from a daily occurrence. About a week later, this same customer reported to me that visiting another university campus that their RADIUS environment was also experiencing these issues. Fast forward a couple weeks, I had a public utility customer seeing this same issue. Suddenly flags went off that this is wider spread that just a couple Higher Ed customers. Now i'm sitting at #ATM16 and talking with other Higher Ed engineer and a large retail customer, it MAY be impacting non-cisco infrastructure as well. My assumption is anything performing Below are some of the links that talk about this change to the MaxConcurentAPI. I believe these two customers made changes anywhere from 2 to 20. I know some of these customers are on this educause I'm not advocating a specific value, i assume that different environments will need different values. https://support.microsoft.com/en-us/kb/109626 https://blogs.technet.microsoft.com/ad/2008/09/23/updated-ntlm-and-maxconcurrentapi-concerns/ Hopefully this helps anyone who has started to see these issues in the last few weeks. Also, if you're having this, please reply and let the community know infrastructure, radius and possibly AD environment versions. Also, for the Cisco folks, here's a great doc that you should read. http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118703-technote-wlc-00.html ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
