Certificate Validation errors in SharePoint 2013
Posted: Monday, 5 November 2012 by Khalid Ameerodien in Labels: General Admin, Sharepoint Central AdminSo everyone by now should have had a taste of 2013 if not what are you doing!!! With every new technology comes new pains as well as some good things one of my pains went something along the lines of:
"A certificate validation operation took 30007.5449 milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue. Please see http://go.microsoft.com/fwlink/?LinkId=246987 for more details."
*Shock horror* my logs were inundated with errors of the like also I was having tons of topology errors and endpoint failures. Now I popped open MMC and added the certificates snap in and selected local computer to check what certificate was causing me this grief.
I navigated to the SharePoint folder and opened one of the certificates and noted the following:
Aha!! Found you. I actually never found it as fast as I made it out to be. Once I narrowed it down I then remembered that I had something similar before and had to generate a cert via powershell. So I done the following in the SharePoint Management Shell:
$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export(“Cer”) | Set-Content C:\root.cer –Encoding Byte
Once done I went back into the certificates snap in and imported the certificate into the trusted root certificate authorities. Once done the bulk of the errors disappeared and my logs looked much better and I had no more topology errors as well. Now for the last few remaining cert errors (1 or 2 per hour) I checked the local computer policy. Pop Open gpedit.msc and navigate to "Computer Configuration > Windows > Security Settings > Public Key Policies > Certificate Path Validation Settings". On the Network Retrieval tab, define the policy and uncheck “Automatically update certificates in the Microsoft Root Certificate Program. After you have defined this run a gpupdate /force and you should no longer have these errors in your event logs
Hi
I still have this error (4 one after another) after doing as you said.
I have a VM with SP2013 and another VM as DC.
In sharepoint folder I have 3 certificates. All of them I've added to Trust root certificates auth.
Any other steps to do ?
On DC something ?
I haven't an internet connection to that VM.
Thanks and please respond to ssandu@msn.com
Sorin Sandu
Roamania