Lately while working with my Exchange 2010 customers they complain “ Exchange 2010 Management Console is very slow”, and I have been advising them about a workaround that had worked perfectly for me and them all the time. Now the management console starts very quickly . So here is the solution:
Turn off (Uncheck) “Check for publisher’s certificate revocation” & “Check for server certificate revocation” options on the server/workstations you are starting the EMC (Exchange Management Console) on
· In Windows Internet Explorer –> Tools –> Internet Options –> Advanced tab
· In the Security section, uncheck the below two options “Check for publisher’s certificate revocation” & “Check for server certificate revocation”
How does this relate to the EMC in Exchange 2010 ? well Exchange tries to connect to the certificate revocation list (CRL) Web site. Exchange examines the CRL list to verify the code signing certificate.
I have also noticed that unchecking the two options above speed up the start time of EMS (Exchange Management Shell)
This is a security option and unchecking this represent a risk unless the machine is in a secure environment, please be aware the of consciences of this change.
Nice! It does improve the speed of opening the console. Appreciate the tip!
Amazing how so many of their products are tied in through IE
You really suggest disabling CRL checking for the whole machine to resolve performance problems? You might as well not sign it in the first place.
I think the point is to turn it off on the machine where you're using the EMC – not on the Exchange server.
Thanks ALOT!!! really helped me there…
Thanks, life become easy.
Outstanding – Has made such a huge difference and such a simple fix. Well done!
Thank you very much. Works very fast now.
Jeez ! This speeds it up a treat! This is crazy, thanks for the info!
Sadly, this had no effect on my EMC
Thanks, this Solution was Perfect…
This is NOT a secure solution, this is a global chnage for all certificate requests, i would recomend activating the CAPI2 logging then open the console and see whats happening with the certificate request, on our system there is a problem with the CRL from Microsoft
WooHoo Fixed for me. YAY
Great!…Many thanks mate…I've been looking for a fix for hours
Thank you, thank you, thank you!!!
worked for me, thanks so much
Did not make any differences! Sorry
THANKS A LOT!! GREAT!
Did absolutely nothing! Not sure what the commotion is all about. Are you managing couple of hundred MBs? Anyone here with 5000+ MBs?
Did nothing still slow, placebo effect for those that say it loads faster?
Went here from , Snap not responding (hangs 15 sec) till direct open. So worked for me !
Is there a better way to do this without disabling these options? What exactly does it look for in the CRL?
It checks the CRL to see if the signing certificate has been revoked (e.g. no longer valid from the signing authority).
To those mentioning the security issue — this absolutely is. However, to those of us who work on closed networks, this is a HUGE performance gain since CRLs (most commonly) aren’t available for checking anyway.
…as the author said, a conscious security decision by the user. Btw, this setting is on a PER-USER basis.
Thanks a lot..it’s worked for me.