Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2461
Views
8
Helpful
1
Replies

Increased Authentication Latency

Jumpermb76
Level 1
Level 1

‎07-20-2017 03:04 PM

Running ISE 2.2 patch 1 on a VM, 2 nodes (1 primary monitor and PSN and 1 secondary) and a few weeks back the dashboard showing authentication latency started to rise from an average of around 30-50 milliseconds to around 200-300. No network changes have been performed.

Does this dashboard, since it's showing an average, also take into account the timeouts for failed authentications and those higher timeout values are increasing the average?

When I perform an auth test it shows the AD response time in the single digits in milliseconds but shows the "Group Fetching" time in the hundreds, could this be a factor?

While this is not currently affecting users I'm worried that once the client load increases that it might start causing auth failures.

1 person had this problem
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎07-20-2017 09:21 PM

You are correct that the latency is average over all requests.

In general, try tuning the authorization policy rules in such a way to avoid un-necessary queries to external ID stores. Additional info, see the session reference slide 88 from  BRKSEC-3699 - Designing ISE for Scale & High Availability (2017 Las Vegas)

You might also want to check the general health of the AD infrastructure.

Customers Also Viewed These Support Documents