Wow, that was a mouthful!!!
For my latest project, I decided to try to put together a list of various tweaks that I recommend for Enterprise environments that run Microsoft Exchange Server 2007 x64 or higher. Please remember that these are RECOMMENDATIONS, not hard and fast guidelines! YMMV, please test these yourself, etc. The main goal here was to consolidate these recommendations into one place, rather than having to visit various blogs and TechNet articles to piece them all together.
Many of the settings described herein are the defaults that were in place for 32 bit (x32) systems (i.e., Windows 2000/2003).They were never increased in the x64 versions of the product. Proactively increasing these values can help insure that x64 servers are more fully utilized.
MaxFieldLength and MaxRequestBytes– these settings control the maximum header length and maximum number of bytes that are allowed in http headers. Users with large tokens can experience logon failures if the defaults are left in place. This article also discusses those concerns: http://support.microsoft.com/kb/2020943
MaxTokenSize– this setting can affect users with large tokens (also known as "token bloat") . The default value is low, imo, and the issue can be very frustrating to troubleshoot. The following article recommends setting the default to 48,000: http://support.microsoft.com/kb/938118, http://blogs.technet.com/b/surama/archive/2009/04/06/kerberos-authentication-problem-with-active-directory.aspx
Queue Length for IIS application pools - I recommend changing the queue length value to at least 5000 for all Exchange related application pools (Found in Advanced Settings on the properties of the Application Pools themselves). For example, if your application has its own App pool (such as OWAAppPool), the Advanced Settings of that App pool are where you would make this change.
The following article describes the effects on Lync of leaving the default value of 1000 in place - http://technet.microsoft.com/en-us/library/dd441171(v=office.13).aspx
MaxConCurrentAPI (On DC’s) – this setting affects certain types of authentication traffic and is described here: http://support.microsoft.com/kb/975363
The maximum value on either 2003 OR 2008 DC’s of any version (without the hotfix mentioned in the article) is 10, and I see no reason at all not to set ALL DC’s to this value, rather than leaving them at the default of 1.
ASP.NET request queue limit - Changing this value to 50K is currently known to resolve an issue that exhibits itself only on Exchange 2010 Sp3 and above.
The following is courtesy of Greg Askew:
If integrated authentication is used extensively (ntlm or Kerberos) and there are lots of connections, IIS can be configured to authenticate ONLY the first request by using the following command:
appcmd set config /section:windowsAuthentication /authPersistNonNTLM:true
You may experience slow performance when you use Integrated Windows authentication together with the Kerberos authentication protocol in IIS 7.0 - http://support.microsoft.com/kb/954873
Kerberos authPersistNonNTLM authentication, request based vs. session based authentication - https://blogs.msdn.com/b/benjaminperkins/archive/2011/10/31/kerberos-authpersistnonntlm-authentication-request-based-vs-session-based-authentication.aspx
Many thanks to Steve Wesa, Chris Korff, Konstantin Papadakis and Greg Askew for contributing to these recommendations.