Forefront for Exchange

Hey might have found out my problem with the Exchange Transport service. Many thanks to Paul @ Microsoft and his Escalation Engineer who saw some secure ldap traffic in my netmon.

It looks like it could be caused by something trying to access crl.microsoft.com

Why, I dunno, but if I put an entry for it in my hosts file (127.0.0.0 crl.microsoft.com) or follow the steps below it seems to go away and the services starts. How weird is that, especially as the servers will not have access to the internet :-|

Right click Internet Explorer, then Advanced tab and uncheck “Check for publishers certificate revocation” in Security settings.

It would seem that if an application has a high percentage of managed code, all of this code is signed when shipped. At start up (if this setting is checked) the .Net Runtime tries to contact crl.microsoft.com to ensure that the cert is valid. If there is no internet connection or there is a problem contacting the certificate revocation list server then this will delay startup, and by the looks of things the delay prevents the MsExchange Transport Service starting.

What I can’t work out is the service is randomly affected?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: