Slow Website Performance when using Smart Cards and Windows Integrated Authentication


Date: April 30, 2014
Revision: 1.0


When you use a Server that runs Internet Information Services (IIS) 7.0 or later, you may experience slow Web Application performance. This problem occurs if the both following are true:

  • You use Integrated Windows authentication with IIS 7.0 or later.
  • You use the Kerberos authentication protocol to authenticate the user on the Web site.


This problem occurs because IIS 7.0 requires the client to be re-authenticated for each HTTP(S) request when you use the Kerberos authentication protocol. This behavior causes network traffic to increase.


To resolve this problem, set the value of the authPersistNonNTLM property to True at the server level in IIS 7.0. To do this, follow these steps:

From an administrative command prompt, type the following commands, and then press ENTER:

  1. cd %SystemRoot%\System32\inetsrv
  2. appcmd set config /section:windowsAuthentication /authPersistNonNTLM:true

Note: The authPersistNonNTLM property controls the re-authentication requirement of Kerberos authentication. By default, this property is set to False.

Additional Information:

After you set the authPersistNonNTLM property to True, you do not require a re-authentication for every request that is made over the same keep-alive connection. You may have to re-authenticate only if you use a different client TCP port to make another HTTP request. This scenario occurs when a new HTTP keep-alive session must be established.

Please also refer to Microsoft documentation on this matter: You may experience slow performance when you use Integrated Windows authentication together with the Kerberos authentication protocol in IIS 7.0.

Applies To:

  • Enterprise Random Password Manager (ERPM)
  • Random Password Manager (RPM)
Was this article helpful?
0 out of 0 found this helpful


Powered by Zendesk