Initial DC Discovery Retry Setting for Background CallersID: oval:org.secpod.oval:def:18865 | Date: (C)2014-05-29 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Initial DC Discovery Retry Setting for Background Callers machine setting should be configured correctly.
When applications performing periodic searches for domain controllers (DC) are unable to find a DC, the value set in this setting determines the amount of time (in seconds) before the first retry. The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag. If the value of this setting is less than the value specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\System\Net Logon\Initial DC Discovery Retry Setting for Background Callers
(2) KEY: HKLM\Software\Policies\Microsoft\Netlogon\Parameters\BackgroundRetryInitialPeriod
Platform: |
Microsoft Windows Server 2008 R2 |