Negative DC Discovery CacheID: oval:org.secpod.oval:def:18802 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Negative DC Discovery Cache Setting machine setting should be configured correctly.
Specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC. The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Net Logon\Negative DC Discovery Cache Setting
(2) KEY: HKLM\Software\Policies\Microsoft\Netlogon\Parameters\NegativeCachePeriod
Platform: |
Microsoft Windows Server 2008 R2 |