Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Network Performance Monitor (NPM) > SWIS connection timeouts and slowness caused by CRL

SWIS connection timeouts and slowness caused by CRL

Problem:
SWIS connection timeout caused by CRL. This issue applies to the following issues.

  • Error MapService -GetLimitationKey

  • No Maps after migration

  • Unable to access Maps

  • Web Interface issues

Suggested Resolution:

Review your event logs, and if you see the following: "Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes."then Crytpographic Services is the culprit.
image2013-4-16 21-53-8.png

image2013-4-16 21-55-5.png
Try the following:

  1. 1. Allow the affected machine to access the internet. This fixed the slowness immediately.
  2. 2. Turn off CRL check. This took 3-4 hours to take effect.

Other troubleshooting tips

Tip 1

Check domain policies if there is a way to disable it.

Tip 2

It is also possible to turn off the CRL check for system accounts through the registry. If the Web Application is running as the default user, Network Service, you can change the State value under:
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
The default value is 23c00. Changing it to 23e00 will turn off the CRL check. Note that this is a per-user setting, so this will only affect the Network Service account.

Tip 3

Control Panel -> Internet Options -> Advanced -> Under security, uncheck the Check for publisher's certificate revocation option?

Tip 4

 

Disable CRL in machine.config

To disable CRL lookups, you need to edit machine.config files on the computer, as follows:
Open the machine.config files in a text editor. 

The machine.config file is located at %runtime install path%\Config\machine.config, where the "runtime install path" is usually "C:\Windows\Microsoft.NET\Framework\v2.0.50727" and "c:\Windows\Microsoft.NET\Framework\v4.0.30319". We should change both files.

Add the following XML element to the machine.config file: 

xml.png


<runtime/><runtime/><generatepublisherevidence enabled="false"/><generatepublisherevidence/> 
Save machine.config files. Restart web site and Orion services.

Last modified
13:58, 13 Nov 2015

Tags

Classifications

Public