Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > SWIS connection timeouts and slowness caused by CRL

SWIS connection timeouts and slowness caused by CRL

Problem:
SWIS connection timeout caused by CRL. This issue applies to the following issues.

  • Error MapService -GetLimitationKey

  • No Maps after migration

  • Unable to access Maps

  • Web Interface issues

Suggested Resolution:

Review your event logs, and if you see the following: "Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes."then Crytpographic Services is the culprit.
image2013-4-16 21-53-8.png

image2013-4-16 21-55-5.png
Try the following:

  1. 1. Allow the affected machine to access the internet. This fixed the slowness immediately.
  2. 2. Turn off CRL check. This took 3-4 hours to take effect.

Other troubleshooting tips

Tip 1

Check domain policies if there is a way to disable it.

Tip 2

It is also possible to turn off the CRL check for system accounts through the registry. If the Web Application is running as the default user, Network Service, you can change the State value under:
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
The default value is 23c00. Changing it to 23e00 will turn off the CRL check. Note that this is a per-user setting, so this will only affect the Network Service account.

Tip 3

Control Panel -> Internet Options -> Advanced -> Under security, uncheck the Check for publisher's certificate revocation option?

Tip 4

 

Disable CRL in machine.config

To disable CRL lookups, you need to edit machine.config files on the computer, as follows:
Open the machine.config files in a text editor. 

The machine.config file is located at %runtime install path%\Config\machine.config, where the "runtime install path" is usually "C:\Windows\Microsoft.NET\Framework\v2.0.50727" and "c:\Windows\Microsoft.NET\Framework\v4.0.30319". We should change both files.

Add the following XML element to the machine.config file: 

xml.png


<runtime/><runtime/><generatepublisherevidence enabled="false"/><generatepublisherevidence/> 
Save machine.config files. Restart web site and Orion services.

Last modified

Tags

Classifications

Public