Huge CRLs causing poor performance on domain controllers

A new PKI-related hotfix has been released recently, that mitigates a problem which results in poor performance of Windows 2008R2 domain controllers and services that depend upon them (practically anything from slow user logons to Outlook timeouts).
Although there are several non-PKI parameters that might create such a problem, one more has been recently identified and a hotfix has been issued fir it – and that is slow CRL fetching. This is more likely to happen in environments were hundreds or thousands of domain controllers operate and/or CRLs have become excessively large (the article states refers to CRLs larger than than 20MB). You can find the related hotfix here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s