Microsoft Network Policy Server RADIUS Proxy

Microsoft Network Policy Server RADIUS Proxy

This template assesses the status and overall performance of a Microsoft Network Policy Server (NPS) configured as RADIUS proxy.

Note: Apply this template if you have NPS installed as a RADIUS proxy.

Prerequisites: WMI access to the target server.

Credentials: Windows Administrator on the target server.

Monitored Components

Note: You need to set thresholds for counters according to your environment. It is recommended to monitor counters for some period of time to understand potential value ranges and then set the thresholds accordingly. For more information, seehttp://knowledgebase.solarwinds.com/kb/questions/2415.

Accounting: Accounting-Requests/sec

This monitor returns the average number of RADIUS Accounting-Request packets sent per second to the accounting port.

Accounting: Accounting-Responses/sec

This monitor returns the average number of RADIUS Accounting-Response packets received per second on the accounting port.

Authentication: Access-Accepts/sec

This monitor returns the average number of RADIUS Access-Accept packets received per second from this server.

Authentication: Access-Challenges/sec

This monitor returns the average number of RADIUS Access-Challenge packets received per second from this server.

Authentication: Access-Rejects/sec

This monitor returns the average number of RADIUS Access-Reject packets received per second from this server.

Authentication: Access-Requests/sec

This monitor returns the average number of RADIUS Access-Request packets sent per second to this server.

Authentication: Bad Authenticators/sec

This monitor returns the average number of RADIUS packets that contain an invalid Message Authenticator attribute per second.

Authentication: Dropped Packets/sec

This monitor returns the average number of incoming packets per second that are silently discarded for a reason other than "malformed," "invalid Message Authenticator," or "unknown type."

Authentication: FullAccess-Decisions/sec

This monitor returns the average number of Full-Access decisions received per second from this server.

Authentication: Malformed Packets/sec

This monitor returns the average number of packets containing malformed data received per second.

Authentication: Probation-Decisions/sec

This monitor returns the average number of probation decisions received per second from this server.

Authentication: Quarantine-Decisions/sec

This monitor returns the average number of quarantine decisions received per second from this server.

Authentication: Unknown Type/sec

This monitor returns the average number of unknown type (non-RADIUS) packets received per second.

Authentication: Invalid Addresses/sec

This monitor returns the average number of packets received per second from unknown addresses.

Authentication: Pending Requests

This monitor returns the number of requests destined for this server that have not yet timed out or received a response.

Authentication: Request Timeouts/sec

This monitor returns the average number of request timeouts per second to this server.

Authentication: Retransmissions/sec

This monitor returns the average number of requests retransmitted per second to this server.

Policy Engine: Last Round-Trip Time

This monitor returns the interval (in hundredths of a second) between the most recent request to the policy engine and its response.

Policy Engine: Matched Remote Access Policies/sec

This monitor returns the average number of remote access policies that have been matched per second.

Policy Engine: Pending Requests

This monitor returns the number of requests that have entered the policy engine but have not yet completed the process.

Service: Network Policy Server

This monitor returns the CPU and memory usage of the Network Policy Server service. This service manages authentication, authorization, auditing and accounting for a virtual private network (VPN), dial-up, 802.1x wireless or Ethernet switch connection attempts sent by access servers that are compatible with the IETF RADIUS protocol. If this service is stopped, users might be unable to obtain a VPN, dial-up, wireless, or Ethernet connection to the network. If this service is disabled, any services that explicitly depend on it will fail to start.

Portions of this document were originally created by and are excerpted from the following sources:

Kiong Software and Microsoft Corporation, “Performance Counters for Microsoft Products,”

Copyright Copyright 2008 Microsoft Corporation.  All rights reserved. Available at http://www.docstoc.com/docs/69756322/Performance-Counters-for-Microsoft-Products