Configure the TLS Handle Expiry Time on Client Computers
Updated: February 29, 2012
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Use this procedure to change the amount of time that client computers cache the Transport Layer Security (TLS) handle of an NPS server. After successfully authenticating an NPS server, client computers cache TLS connection properties of the NPS server as a TLS handle. The TLS handle has a default duration of 10 hours (36,000,000 milliseconds). You can increase or decrease the TLS handle expiry time by using the following procedure.
This procedure must be performed on an NPS server, not on a client computer.
To complete this procedure, you must be a member of the Administrators group.
To configure the TLS handle expiry time on client computers
On an NPS server, open Registry Editor.
Browse to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
On the Edit menu, click New, and then click Key.
Type ClientCacheTime, and then press ENTER.
Right-click ClientCacheTime, click New, and then click DWORD (32-bit) Value.
Type the amount of time, in milliseconds, that you want client computers to cache the TLS handle of an NPS server after the first successful authentication attempt by the NPS server.