I created a SharePoint Server installation to look after project documentation. All was well and I uploaded all of the specifications, design documents, project plans etc. The following day, when I wanted to show the site to someone important, it did not work! I refreshed the browser several times thinking (correctly) that the application pool would have recycled overnight and there would be a delay as it re-built and re-loaded but this took forever. Several minutes later it did spring in to life but by that time, the business-minded (non-technical) client had already lost interest and walked away.
I was furious – SharePoint had made me look bad and I don’t like looking bad!
Perhaps I should have checked this just before the meeting but to be honest the meeting was not planned at that time. I had been put on the spot and was looking for something to impress. What annoyed me more is that by recycling the application pool myself, I as able to repeat the error many times over. This must be a bug I thought so I went to ask Uncle Google.
Why so slow?
The answer, and how David Klein found it, is contained in the following blog post link but I shall quickly explain the bit that matters.
Basically its due to a bit of “guilty til proven innocent” attitude from Microsoft.
Microsoft check for revoked certificates every time the application pool is recycled and to do this the site references a couple of URL’s at crl.microsoft.com
In my case, a network block was preventing this so the check takes a very long time before it times out, following which, the application loads.
David’s wonderful blog post pointed out the issue and suggested that if I add the crl.microsoft.com address to the hosts file and point it locally (127.0.0.1) then this will result in an immediate revoked certificate lookup failure and massively reduce startup time.
This type of lookup redirection hack is often used to install illegal software by preventing it from registering etc. (a lot of software calls home during the install). In this case Microsoft decided to check much more often.
There may be implications to applying this workaround in some cases, such as notification of updates etc. but if it fixes the startup time then it might be worth it.
I think it’s a brilliant workaround but on account of other features that might exist now or in the future at crl.microsoft.com it may be better to schedule the recycle for out of hours time and force an immediate refresh when nobody is looking (to reload the pool)
What happened to innocent until proven guilty?
It would appear that software companies these days reverse this and everyone pays the price.
So did it have the desired effect? You bet!
Before : 2 minutes
After : 20 seconds
Now that was a good tip. Thanks David.