Share via

Configure the TLS Handle Expiry Time on NPS Servers

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Use this procedure to change the amount of time that NPS servers cache the Transport Layer Security (TLS) handle of client computers. After successfully authenticating an access client, NPS servers cache TLS connection properties of the client computer as a TLS handle. The TLS handle has a default duration of 10 hours (36,000,000 milliseconds). You can increase or decrease the TLS handle expiry time by using the following procedure.


This procedure must be performed on an NPS server, not on a client computer.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group.

To configure the TLS handle expiry time on NPS servers using the Windows interface

  1. On an NPS server, open Registry Editor.

  2. Browse to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

  3. On the Edit menu, click New, and then click Key.

  4. Type ServerCacheTime, and then press ENTER.

  5. Right-click ServerCacheTime, click New, and then click DWORD (32-bit) Value.

  6. Type the amount of time, in milliseconds, that you want NPS servers to cache the TLS handle of a client computer after the first successful authentication attempt by the client.