User authentication with NTLM protocol took longer than expected (more than 15 seconds).
This indicates a large delay on the network links between this server and its domain controller or between server's domain controller and domain controller for the user authentication domain.
Ensure acceptable delay on the network links between this server and its domain controller and between server's domain controller and domain controller(s) for the user authentication domain(s). The network link delay in seconds should be less than number of NetLogon secure channels (default is 2) divided by expected number of user logons per second (e.g. for a delay of 0.1 seconds, the logon rate cannot exceed 20 per second).%nIf network link delay cannot be decreased, try increasing MaxConcurrentApi setting for NetLogon on this server and/or on its domain controller (search for MaxConcurrentApi on Microsoft Support Web Site for more information about this problem).
| Target | Microsoft.LS.2015.Component.Registrar | ||
| Parent Monitor | System.Health.AvailabilityState | ||
| Category | AvailabilityHealth | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | Error | ||
| Alert Priority | Normal | ||
| Alert Auto Resolve | True | ||
| Monitor Type | Microsoft.LS.2015.MonitorType.TimerResetEvent.Simple | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home
<UnitMonitor ID="Microsoft.LS.2015.Monitoring.UnitMonitor.TimerResetEvent.Registrar.SIP_E_EVENT_AUTH_NTLMTIMEOUT" Accessibility="Public" Enabled="true" Target="Microsoft.LS.2015.Component.Registrar" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Microsoft.LS.2015.MonitorType.TimerResetEvent.Simple" ConfirmDelivery="true">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Alert_User_authentication_with_NTLM_protocol_took_longer_than_expected__more_than_15_seconds_.">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Microsoft.LS.2015.Monitoring.UnitMonitor.TimerResetEvent.Registrar.SIP_E_EVENT_AUTH_NTLMTIMEOUT.Timer" MonitorTypeStateID="TimerEventRaised" HealthState="Success"/>
<OperationalState ID="Microsoft.LS.2015.Monitoring.UnitMonitor.TimerResetEvent.Registrar.SIP_E_EVENT_AUTH_NTLMTIMEOUT.Error" MonitorTypeStateID="ErrorEventRaised" HealthState="Error"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Lync Server</LogName>
<ErrorExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">14613</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">LS Protocol Stack</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</ErrorExpression>
<AutoResolveInterval>1200</AutoResolveInterval>
</Configuration>
</UnitMonitor>