Forefront for Exchange

Hey might have found out my problem with the Exchange Transport service. Many thanks to Paul @ Microsoft and his Escalation Engineer who saw some secure ldap traffic in my netmon.

It looks like it could be caused by something trying to access crl.microsoft.com

Why, I dunno, but if I put an entry for it in my hosts file (127.0.0.0 crl.microsoft.com) or follow the steps below it seems to go away and the services starts. How weird is that, especially as the servers will not have access to the internet :-|

Right click Internet Explorer, then Advanced tab and uncheck “Check for publishers certificate revocation” in Security settings.

It would seem that if an application has a high percentage of managed code, all of this code is signed when shipped. At start up (if this setting is checked) the .Net Runtime tries to contact crl.microsoft.com to ensure that the cert is valid. If there is no internet connection or there is a problem contacting the certificate revocation list server then this will delay startup, and by the looks of things the delay prevents the MsExchange Transport Service starting.

What I can’t work out is the service is randomly affected?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: