Certificate Validation errors in SharePoint 2013

Posted: Monday 5 November 2012 by Khalid Ameerodien in Labels: ,
8

So everyone by now should have had a taste of 2013 if not what are you doing!!! With every new technology comes new pains as well as some good things one of my pains went something along the lines of:
"A certificate validation operation took 30007.5449 milliseconds and has exceeded the execution time threshold.  If this continues to occur, it may represent a configuration issue.  Please see http://go.microsoft.com/fwlink/?LinkId=246987 for more details."

*Shock horror* my logs were inundated with errors of the like also I was having tons of topology errors and endpoint failures. Now I popped open MMC and added the certificates snap in and selected local computer to check what certificate was causing me this grief.

I navigated to the SharePoint folder and opened one of the certificates and noted the following:


Aha!! Found you. I actually never found it as fast as I made it out to be. Once I narrowed it down I then remembered that I had something similar before and had to generate a cert via powershell. So I done the following in the SharePoint Management Shell:

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export(“Cer”) | Set-Content C:\root.cer –Encoding Byte

Once done I went back into the certificates snap in and imported the certificate into the trusted root certificate authorities. Once done the bulk of the errors disappeared and my logs looked much better and I had no more topology errors as well. Now for the last few remaining cert errors (1 or 2 per hour) I checked the local computer policy. Pop Open gpedit.msc and navigate to "Computer Configuration > Windows > Security Settings > Public Key Policies > Certificate Path Validation Settings". On the Network Retrieval tab, define the policy and uncheck “Automatically update certificates in the Microsoft Root Certificate Program. After you have defined this run a gpupdate /force and you should no longer have these errors in your event logs

8 comments:

  1. Hi
    I still have this error (4 one after another) after doing as you said.
    I have a VM with SP2013 and another VM as DC.
    In sharepoint folder I have 3 certificates. All of them I've added to Trust root certificates auth.
    Any other steps to do ?
    On DC something ?
    I haven't an internet connection to that VM.
    Thanks and please respond to ssandu@msn.com

    Sorin Sandu
    Roamania

  1. Have you edited the certificate validation settings?

  1. This comment has been removed by the author.
  1. Anonymous says:

    Thank you for your contribution. It was very helpful for my isolated environment. By the way I had found nice MS KB wich are relevant for this theme: http://support.microsoft.com/kb/2625048 and http://support.microsoft.com/kb/2677070

  1. Andrew says:

    thanks, fixed my problem. How come this has to be done... I had a brand new install of sp2013.... very frustrating but thanks to people such as you we can eventually work through all these issues.

  1. I actually don't really know why it is doing this in the latest and greatest however I will do some digging and post my findings shortly