Submit a ticketCall us

WebinarUpcoming Webinar: Should I Move My Database to the Cloud?

So you’ve been running an on-premises SQL Server® for a while now. Maybe you’ve moved it from bare metal to a VM, and have seen some positive benefits. But, do you want to see more? If you said “YES!”, then this session is for you, as James Serra will review the many benefits that can be gained by moving your on-prem SQL Server to an Azure® VM (IaaS). He’ll also talk about the many hybrid approaches, so you can gradually move to the cloud. If you are interested in cost savings, additional features, ease of use, quick scaling, improved reliability, and ending the days of upgrading hardware, this is the session for you.

Register now.

Home > Success Center > Network Performance Monitor (NPM) > SWIS connection timeouts and slowness caused by CRL

SWIS connection timeouts and slowness caused by CRL

Problem:
SWIS connection timeout caused by CRL. This issue applies to the following issues.

  • Error MapService -GetLimitationKey

  • No Maps after migration

  • Unable to access Maps

  • Web Interface issues

Suggested Resolution:

Review your event logs, and if you see the following: "Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes."then Crytpographic Services is the culprit.
image2013-4-16 21-53-8.png

image2013-4-16 21-55-5.png
Try the following:

  1. 1. Allow the affected machine to access the internet. This fixed the slowness immediately.
  2. 2. Turn off CRL check. This took 3-4 hours to take effect.

Other troubleshooting tips

Tip 1

Check domain policies if there is a way to disable it.

Tip 2

It is also possible to turn off the CRL check for system accounts through the registry. If the Web Application is running as the default user, Network Service, you can change the State value under:
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
The default value is 23c00. Changing it to 23e00 will turn off the CRL check. Note that this is a per-user setting, so this will only affect the Network Service account.

Tip 3

Control Panel -> Internet Options -> Advanced -> Under security, uncheck the Check for publisher's certificate revocation option?

Tip 4

 

Disable CRL in machine.config

To disable CRL lookups, you need to edit machine.config files on the computer, as follows:
Open the machine.config files in a text editor. 

The machine.config file is located at %runtime install path%\Config\machine.config, where the "runtime install path" is usually "C:\Windows\Microsoft.NET\Framework\v2.0.50727" and "c:\Windows\Microsoft.NET\Framework\v4.0.30319". We should change both files.

Add the following XML element to the machine.config file: 

xml.png


<runtime/><runtime/><generatepublisherevidence enabled="false"/><generatepublisherevidence/> 
Save machine.config files. Restart web site and Orion services.

Last modified

Tags

Classifications

Public