In order to bypass the CRL Check for SPAdminV4 service start-up, the following steps need to be completed on each SharePoint server.
- Add a new computer policy which alters the options for retrieving certificate validation on a network
- Add host file entries into the local computer host file
To do this:
- ALTER THE COMPUTER POLICY
Click on Start-Run
Type in "gpedit.msc" and click "OK"
Expand Computer Configuration --> Windows Settings --> Security Settings --> Public Key Policies
In the Public Key Policy window displayed on the right pane, double-click "Certificate Path Validation Settings"
Click on the "Network Retrieval" tab
Check the box "Define these policy settings"
Uncheck "Automatically update certificates in the Microsoft Root Certificate Program (recommended)" and "Allow issuer certificate (AIA) retrieval during path validation (recommended"
Click on "OK"
Close out of gpedit.msc console.
- ADD HOST FILE ENTRIES
Click on Start --> Run
Type in "C:\Windows\System32\Drivers\Etc" and click "OK"
Double-click the file "Hosts"
Select "Notepad" as the program to open the file
Insert the following lines into the hosts file
0.0.0.0 crl.microsoft.com
0.0.0.0 crl.verisign.com
0.0.0.0 ocsp.verisign.com
0.0.0.0 SVRSecure-G2-crl.verisign.com
0.0.0.0 SVRSecure-G3-crl.verisign.com
0.0.0.0 www.download.windowsupdate.com
0.0.0.0 SVRSecure-G2-aia.verisign.com
