3.26 KDCRequests

Use this Knowledge Script to monitor the rate of Kerberos Key Distribution Center (KDC) requests. The Key Distribution Center provides services for authentication and security. This script lets you set thresholds for Authentication Service (AS) requests per second and Ticket Granting Service (TGS) requests per second. In addition, this script raises an event if either threshold is exceeded.

HINT:This scripts monitors the number of authentications per second coming into the KDC. A burst indicates a surge of logon traffic.

This script gathers the following Windows performance counter values for use in data collection and threshold monitoring:

Performance Objects	Counters
NTDS Security System-Wide Statistics	KDC AS Requests KDC TGS Requests

Performance Objects

Counters

NTDS

Security System-Wide Statistics

KDC AS Requests

KDC TGS Requests

3.26.1 Resource Objects

Active Directory domain controller

3.26.2 Default Schedule

The default interval for this script is Every 30 minutes.

3.26.3 Setting Parameter Values

Set the following parameters as needed:

Parameter	How to Set It
General Settings
Raise event if job fails
Event severity when job fails	Set the severity level, from 1 to 40, to indicate the importance of an event in which the KDCRequests job fails. The default is 35.
Monitor KDC request rate
Event Notification
Raise event if KDC request rate exceeds a threshold?	Select Yes to raise an event if the KDC request rate exceeds the threshold you set. The default is Yes.
Threshold -- Maximum Authentication Service request rate	Specify the maximum number of Authentication Service requests allowed per second before an event is raised. The default is 20 requests per second.
Threshold -- Maximum Ticket Granting Service request rate	Specify the maximum number of Ticket Granting Service requests allowed per second before an event is raised. The default is 20 requests per second.
Event severity when either threshold exceeded	Set the severity level, from 1 to 40, to indicate the importance of an event in which a threshold is exceeded. The default is 20.
Data Collection
Collect data for KDC request rates?	Select Yes to collect data for charts and reports. If enabled, data collection returns the rate of Authentication Service and Ticket Granting Service requests (requests/ second) during the monitoring interval. The default is unselected.