authenticat.exe fills up workstation's event log with errors


This article applies to:

  • R3000/WFR/WF
  • Windows 8e6 Authenticator

Symptoms:

  • authenticat.exe fills up workstation's event log with errors.  When looking at the details of those errors, they show a connection failure between a local IP and the filter's virtual IP.

Causes:

  • When authenticat.exe runs, it will attempt to authenticate every IP address that the workstation has.  This may include IPs that have no connectivity to the virtual IP, such as secondary NICs, virtual NICs, and other such devices.  When these fail to connect to the virtual IP (which will happen every 30 seconds by default), an event log error will be made.

Resolution:

There are two main methods of dealing with this issue.  The first is to try adding the parameter "NP[1]" to whatever other authenticat.exe parameters are in use.  This will cause authenticat.exe to only try to authenticat whichever IP is deemed the primary IP by Windows - in general, this should usually be the workstation's main network connection.

The second method is to add (or modify) the RR[x] parameter.  This parameter sets the delay between attempts to re-connect to the virtual IP after a connection attempt fails.  This parameter is measured in milliseconds.  The default value is 30000, which equates to 30 seconds.  The parameter can accept a value up to 4 billion, which should easily prevent authenticat.exe from making more than one error per login session from the NICs which cannot reach the virtual IP.

 


Last Modified 4/25/2012.
https://support.trustwave.com/kb/KnowledgebaseArticle13001.aspx