Open UmrG opened 4 years ago
brianlala
commented
4 years ago Yeah the CRL check disabling functionality in AutoSPInstaller isn't perfect, in fact I'm not sure it's even that effective. You may need to implement one of the other recommended approaches found on the web (HOSTS file, etc.).
UmrG
commented
4 years ago Wonder if this will do any thing better in addition to what we have already in the script.
Get-ChildItem REGISTRY::HKEYUSERS | foreach-object {set-ItemProperty -ErrorAction silentlycontinue -path ($.Name + "\Software\Microsoft \Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing") -name State -value 146944}
I have not tested that yet, will post here if any benefit of adding this in the script.
UmrG
commented
4 years ago Wonder if this will do any thing better in addition to what we have already in the script.
Get-ChildItem REGISTRY::HKEYUSERS | foreach-object {set-ItemProperty -ErrorAction silentlycontinue -path ($.Name + "\Software\Microsoft \Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing") -name State -value 146944}
I have not tested that yet, will post here if any benefit of adding this in the script.
Update : Command above did not do any thing. I guess the only option for now is old manual way:
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content C:\SharePointRootAuthority.cer -Encoding byte
I build couple SharePoint 2019 environments on windows server 2016 and notice one thing is common in all of them. Each environment is complaining about CRL. Event viewer :
A certificate validation operation took 15003.0019 milliseconds and has exceeded the execution ...........The out put shows it was disabled :
Any one else seeing this same issue ? Thanks.