Disabling Certificate Revocation List is not working.

[UmrG]

I build couple SharePoint 2019 environments on windows server 2016 and notice one thing is common in all of them. Each environment is complaining about CRL.
Event viewer : A certificate validation operation took 15003.0019 milliseconds and has exceeded the execution ...........

The out put shows it was disabled :

 - Disabling Certificate Revocation List (CRL) check...
  - Registry...
  - Machine.config files...
   - v2.0.50727...
OK.
   - v4.0.30319...
OK.
 - Done.

Any one else seeing this same issue ?
Thanks.

[brianlala]

Yeah the CRL check disabling functionality in AutoSPInstaller isn't perfect, in fact I'm not sure it's even that effective. You may need to implement one of the other recommended approaches found on the web (HOSTS file, etc.).

[UmrG]

Wonder if this will do any thing better in addition to what we have already in the script.

Get-ChildItem REGISTRY::HKEY_USERS | foreach-object {set-ItemProperty -ErrorAction
silentlycontinue -path ($_.Name + "\Software\Microsoft
\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing")
-name State -value 146944}

I have not tested that yet, will post here if any benefit of adding this in the script.

[UmrG]

Wonder if this will do any thing better in addition to what we have already in the script.

Get-ChildItem REGISTRY::HKEY_USERS | foreach-object {set-ItemProperty -ErrorAction
silentlycontinue -path ($_.Name + "\Software\Microsoft
\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing")
-name State -value 146944}

I have not tested that yet, will post here if any benefit of adding this in the script.

Update : Command above did not do any thing. I guess the only option for now is old manual way:
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content C:\SharePointRootAuthority.cer -Encoding byte