A new PKI-related hotfix has been released recently, that mitigates a problem which results in poor performance of Windows 2008R2 domain controllers and services that depend upon them (practically anything from slow user logons to Outlook timeouts).
Although there are several non-PKI parameters that might create such a problem, one more has been recently identified and a hotfix has been issued fir it – and that is slow CRL fetching. This is more likely to happen in environments were hundreds or thousands of domain controllers operate and/or CRLs have become excessively large (the article states refers to CRLs larger than than 20MB). You can find the related hotfix here.