Platform Deployment Guide › iConsole Deployment › Post-deployment Tasks › Set Up iConsole Connectivity › Enable Pre-authentication

Enable Pre-authentication

This task is optional. Authentication between the front‑end Web server and application server must be correctly configured for best performance, for example, when displaying individual events or paging between screens. If you experience poor performance and you suspect that this is due to slow authentication, you can modify the registry on the iConsole front-end Web server to use pre‑authentication.

Note: This improvement does not apply to search performance, which is dependent on how the CMS database is configured.

After making this registry change, you will also need to implement a Microsoft workaround to accommodate security fixes introduced for Windows XP SP2 and Windows Server 2003 SP1.

1. First, configure the front-end Web server to use pre‑authentication. This ensures that the logon credentials are always passed to the application server, rather than using 'anonymous access'.
   1. Locate the Web registry key on the front-end Web server.
   2. Within this registry key, set the following value to True:

      PreAuthenticate
      

2. Changing this registry value can lead to instability (for example, HTTP 401.1 errors). To prevent this instability, you must now implement a Microsoft workaround. The required workaround is described in MS Knowledge Base article Q896861. This article describes two alternative workarounds: disabling the loopback check; and specifying host names. We recommend that you implement the first method and disable the loopback check:
   1. As described in article Q896861, locate the following registry key:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
      

   2. In this registry key, create the following registry value and set it to a DWORD value of 1

      DisableLoopbackCheck
      

3. Restart the machine hosting the front-end Web server.

More information:

Set Up iConsole Timeouts