The last few days I was facing a very strange thing. A Customer environment was extremely slow and we are not sure about the reason. First we found several faulty Firewall rules, after that some other things within OS-Config, but nothing was the source of braking down the performance of any Powershell-cmdlet and also stsadm.
The Reason: SharePointfarm was installed within a DMZ behind a firewall. SharePoint had no access to internet, also no connection to http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl SharePoint 2010 needs access to at least this file to make sure, all CertificateRevocationLists are up to date. In case, no access to the internet could be granted, there are some possible ways. I have done only step 1 until now (with success :-] ), so no warranty to the other one (not checked yet):
Disable the CRL check by modifying the registry for all user accounts that use STSADM and all service accounts used by SharePoint. Find yourself a group policy wizard to help you out or manually modify the registry:
[HKEY_USERS\<userid>\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing]
To get the userid you can use any kind of LDAP-Browser or ADSI-Editor
Works perfect for me, but is also a possible point of failure, if a certificate is not more valid.
Allow your servers to directly connect to crl.microsoft.com. If your environment dictates the use of a proxy server, configure it using proxycfg. We all know, that this is the most recommended way!
Add crl.microsoft.com to your hosts file and point it to your local machine. Some people have reported success with this, but it didn’t tested it yet.
Download the CRLs and add them to the server manually (I haven’t tested this, but it may work):
certutil -addstore CA CodeSignPCA.crl
certutil -addstore CA CodeSignPCA2.crl
Check out this in your environment, if you are facing some similar problems.