Submit a ticketCall us

WebinarDatabase Roundtable – Expert Database Professionals Feel Your Pain

In this video broadcast, Head Geek™ Tom LaRock is joined by Karen Lopez, Tim Chapman, and David Klee. They’ve known each other for many years, so this discussion was like four friends getting together to talk data and databases. They discussed diagnostic data collection, common performance root causes, reactive tuning versus proactive, and more. Join us for an engaging discussion on these topics! Plus, Tom LaRock will be available to answer your questions live.

Register now.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > SWIS connection timeouts and slowness caused by CRL

SWIS connection timeouts and slowness caused by CRL

Problem:
SWIS connection timeout caused by CRL. This issue applies to the following issues.

  • Error MapService -GetLimitationKey

  • No Maps after migration

  • Unable to access Maps

  • Web Interface issues

Suggested Resolution:

Review your event logs, and if you see the following: "Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes."then Crytpographic Services is the culprit.
image2013-4-16 21-53-8.png

image2013-4-16 21-55-5.png
Try the following:

  1. 1. Allow the affected machine to access the internet. This fixed the slowness immediately.
  2. 2. Turn off CRL check. This took 3-4 hours to take effect.

Other troubleshooting tips

Tip 1

Check domain policies if there is a way to disable it.

Tip 2

It is also possible to turn off the CRL check for system accounts through the registry. If the Web Application is running as the default user, Network Service, you can change the State value under:
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
The default value is 23c00. Changing it to 23e00 will turn off the CRL check. Note that this is a per-user setting, so this will only affect the Network Service account.

Tip 3

Control Panel -> Internet Options -> Advanced -> Under security, uncheck the Check for publisher's certificate revocation option?

Tip 4

 

Disable CRL in machine.config

To disable CRL lookups, you need to edit machine.config files on the computer, as follows:
Open the machine.config files in a text editor. 

The machine.config file is located at %runtime install path%\Config\machine.config, where the "runtime install path" is usually "C:\Windows\Microsoft.NET\Framework\v2.0.50727" and "c:\Windows\Microsoft.NET\Framework\v4.0.30319". We should change both files.

Add the following XML element to the machine.config file: 

xml.png


<runtime/><runtime/><generatepublisherevidence enabled="false"/><generatepublisherevidence/> 
Save machine.config files. Restart web site and Orion services.

Last modified

Tags

Classifications

Public