Background: The CCS service may accepted 200 (default) connections from the JCS service, but when opening LDAPS connection to an ADS Domain Server, only one LDAPS connection is observed.
The MS service that provides the LDAPS (TCP 636) service is MS lsass.exe.
The default MS domain LDAP Policy, allows four (4) connections per CPU.
The number of CPU may be increased for the ADS Domain Controller for the ADS server, but this has limited impact on performance, as the lsass.exe service does not get "exercised" by the CCS service.
Request that the CCS service code be reviewed to allow a parameter to expand the default connections from the CCS service to the MS ADS LDAPS service to allow right-sizing for scalability and performance.
Use MS Sysinternal tools, process explorer, to monitor the lsass.exe and the im_ccs.exe services for connectivity during testing.
Use MS Sysinternal tools, process monitor, to monitor the open/close of TCP connections (to maintain historical / trend) during testing.
May use Wireshark to assist (if the cipher suite for ADS domain is downgraded to RSA ciphers).
May update MS event logging to observe both LDAP and Powershell events (Powershell when MS Exchange is a part of the ADS domain).
- Note: If MS Exchange is a part of the ADS domain, ensure that the default PS quota of 18 connections is increased to 100 for the service ID used to manage the ADS endpoint (via the IMPS endpoint ADS credentials).