Problem
On SharePoint farm with no access to internet, if you configure IIS sites to use DigiCert SSL certificates, page loading (especially the first) are slow. You’ve disabled CRL checking and configured SharePoint to trust it’s own Root Certificate. Still you see 10-15 sec think times when loading pages.
In Windows Event Log –> Applications and Service Logs –> Microsoft –> Windows –> CAPI2 –> Operational log you see Event ID 53 errors like this:
Solution
This is due to Kerberos Client PCSP Stapling Requests that fail due to now having connection to http:/ocsp.digicert.com and can be disabled
On SharePoint servers, In registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ add RequestOCSP of type DWORD and set it to 0 after which the computer will not request a stapled response. Restart/reboot not required.
No comments:
Post a Comment