UAG is running slow? Release the CRL brake!

Are you running UAG in an isolated environment or is UAG blocked from accessing the internet? If so, you may experience delayed response times when logging on to UAG or when accessing the UAG portal.

A possible root cause of the problem might be failed signature certificate verifications because of a missing certificate revocation list (CRL). Several assemblies on your UAG computer are signed and Windows will verify the signature before executing the files. The certificate verification process performs a certificate chain building with CRL checking. If the CRL is missing, a timeout of 15 seconds (default) occurs until the system is responding back. For more information see the TechNet whitepaper Troubleshooting Certificate Status and Revocation.

To work around the problem, just download the following two CRLs regularly from a computer connected to the internet:

On the UAG computer, open the MMC and add the certificates snap-in for the local computer account. Select the intermediate certification authorities and import the two CRL files that you downloaded before.

As a verification step, you should enable CAPI2 logging in the event log and see if there are more certificate verification errors.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s