The process of installing a rollup for Exchange 2010 can take a lot of time when you have a bad/no internet connection. One of the causes for this is the validation process of the digital signature of the .NET Framework components. When having a bad/no internet connection this can slow down the process, this because of the default time-out of 15000 miliseconds for a single CRL check up to 20000 miliseconds for checking all CRL’s.
A while ago the Microsoft Exchange team posted a blog what you can do to increase this time. This can be done by making changes in the registry which will, for example, increase the default time-out.
Starting from Exchange 2010 SP1 rollup 2 a new feature is introduced. The setup will check if CRL checking is enabled and if so it will prompt you with a warning:
To solve this issue you might decide to turn off CRL checking temporarily, this can be done by performing the following steps:
- start Internet Explorer
- go to Tools
- select Internet Options
- select the tab_ Advanced_
- search for the Security item
- disable the following option: Check for publisher’s certificate revocation
Restart the setup and you won’t get the warning again. Disabling this option is not a best practice of course because the digital signature isn’t checked. So disable this option only if you have no or a very bad internet connection.
Don’t forget to enable the option once finished installing the rollup.
Comments
