Summary: This article contains step-by-step instructions on how to configure Active Directory domain controllers to increase the number of parallel sessions, and then configure Cayosoft Administrator to utilize all sessions for web action execution.
Applies to: Cayosoft Administrator 7.0.0 or later
ID: KB20200221-2
Overview
Cayosoft Administrator talks to Active Directory services on the target Domain Controller (DC) through the Active Directory Web Services (ADWS), running on that same DC. By default, ADWS service permits five LDAP connections to be used in parallel for a single set of client credentials. This leads to the default creation of five PowerShell Host sessions in the Cayosoft Administration Service. Administration Service reserves two PowerShell sessions for interactive operations in Admin Console and Web Portal. That limits the number of sessions available for web action rule execution to three. In other words, only three rules can be processed in parallel, including web actions, dynamic groups, automation, and reporting rules. If all three sessions are busy, web actions submitted by end-users for execution are added to the execution queue and wait there for the first free session.
ADWS service allows extending the limit if you need more than five concurrent client requests by one user to a single directory service instance. Cayosoft Administrator Service also has a number of configuration settings that define the maximum number of sessions to run simultaneously. These settings depend on the number of open sessions supported by ADWS.
Follow the instructions below if you need to extend the number of Active Directory web actions processed in parallel.
Configuration instructions
Extend ADWS session limit on each Domain Controller configured in Cayosoft Administrator
If you want to increase the number of parallel sessions from 5 to 10, then set these values:
- On each Domain Controller, that is selected as target DC in Cayosoft Administrator Console > Active Directory configuration, navigate to %windir%\ADWS directory
- Create a backup copy of the Microsoft.ActiveDirectory.WebServices.exe.config file
- Open the Microsoft.ActiveDirectory.WebServices.exe.config file for editing
- Update the values for these settings:
- <add key="MaxPoolConnections" value="20" />
- <add key="MaxPercentageReservedConnections" value="80" />
- <add key="MaxConnectionsPerUser" value="10" />
- <add key="MaxEnumCtxsPerSession" value="20" />
- Save changes
- Restart ADWS service on each Domain Controller where you updated the settings.
Modify Session Management settings in Cayosoft Administrator Console
- In Administrator Console navigate to Home > Configuration > Support > Session Management
- In Maximum number of limited session hosts set 7. Set this setting to (MaxConnectionsPerUser - 3).
- In Maximum number of rules to run in parallel set 9. Set this setting to (MaxConnectionsPerUser - 1).
- Click Save changes
- Restart Cayosoft Administrator Service and reopen Administrator Console.
As a result, the Cayosoft Administrator can execute up to 7 web actions in parallel if these web actions do not operate with any systems other than Active Directory or Azure AD. If a web action operates with Exchange Online, Exchange On-premise, SharePoint Online, Skype Server, or Skype Online, then only two such web actions can be executed in parallel, due to hardcoded limitations by Microsoft services.
- Always set the value of the Maximum number of rules to run in parallel lower than MaxConnectionsPerUser in Microsoft.ActiveDirectory.WebServices.exe.config file. Otherwise, there navigating Web Portal and running rule preview in Administrator Console would be restricted.
- Each additional connection will start a separate process in the Cayosoft Administrator Service and will consume a certain amount of RAM. Typically such a process consumes 250MB or higher, depending on the number of enabled extensions and size of the environment.
Related articles
Why Cayosoft Administrator has multiple processes running – Cayosoft Help Center
Comments
0 comments
Please sign in to leave a comment.