Hi List, I have nailed a few niggles relating to extremely high CPU usage for my authenticators, and I can now clearly look at the requests coming in on the access.log. I use a combination of Kerb & NTLM helpers for my 700 users - majority Kerberos.(70/30). I started tailing the log yesterday and noticed some clients repeatedly attempting to authenticate but failing due to no cred; Mac/Pc system or local and not domain accounts The frequency of the requests is very high and therefore hogging some helpers. I can increased the helper amounts but there is a ratio (CPU/auth) that I need to bear in mind. The clients are mainly trying to get out onto the internet to update various software packages but don't have any credentials to do this, hence the repeated, frequent 407s. Short of visiting these clients to see what's going on (a possibility) is there a way to monitor for these 407 auth requests and flag high-request users that are constantly failing? Some clients occur VERY often and must be hogging helpers maybe even multiple ones.. Appreciate this is probably more of a *nix question but any help or pointers would be great. Nick The information contained in this e-mail is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise, is not intended to waive privilege or confidentiality. Internet communications are not secure and therefore Conde Nast does not accept legal responsibility for the contents of this message. Any views or opinions expressed are those of the author. The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square, London W1S 1JU