Sunday, May 27, 2007
While putting together my last post I ran across a strange problem where the first page access after an iisreset was taking more than 30 seconds to load. At its best, this always takes about twice as long as you'd like but this was unworkable. Worse still the same delay happened each time I used stsadm.exe or any other application that loads the SharePoint DLL.
After a reasonable amount of time troubleshooting this I was fast running out of ideas, and desperate enough to reach for Ethereal. Thankfully, it was there I found the answer to my problem. Each delay was accompanied by outbound requests to http://crl.microsoft.com or http://crl.verisign.com that from behind our proxy were going nowhere fast and taking a long while to timeout. (In this case, CRL stands for Client Revocation List, and I assume it is been checked to ensure the validity of the digitally signed SharePoint assemblies as they are loaded into the IIS process.)
The solution for my situation then, was as simple as specifying the correct proxy using proxycfg.exe. From a command prompt, you'd do something like this:
Update 27/06/2007: You need to modify this command to exclude local addresses to prevent MOSS crawls failing, as they too respect this setting. You can exclude all local addresses (those that don't contain a dot) as follows:
Alternatively, you can exclude specific URLs:
See the proxycfg.exe documentation for further details.
This workaround is good enough to get me going again. However, I'm no expert on certificate infrastructure so leave me a comment if I've missed something or got something wrong.
Hope this helps.