I had this problem before with forefront (http://blogs.flaphead.dns2go.com/archive/2007/08/17/forefront-for-exchange.aspx) and I thought it was me.
Looks like it wasn’t! .. http://support.microsoft.com/kb/944752/
…
This problem occurs because the affected computer cannot reach the following Microsoft Web site:
http://crl.microsoft.com/pki/crl/products/CSPCA.crl
This problem occurs because of the following behavior:
- When the Microsoft .NET Framework 2.0 loads a managed assembly, the managed assembly calls the CryptoAPI function to verify the Authenticode signature on the assembly files to generate publisher evidence for the managed assembly.
- The CryptoAPI function checks a Certificate Revocation List (CRL) that is available at http://crl.microsoft.com. This action requires an Internet connection.
- If the Internet connection is blocked, the outgoing HTTP requests may be dropped. Therefore, an error message is not returned. This problem may also occur if the computer cannot resolve http://crl.microsoft.com. This long delay causes the CRL check to time out.
- The Service Control Manager (SCM) determines that the service is taking too long to start and that the service has exceeded the maximum service start time. Therefore, the SCM reports the error message, and the Exchange managed code services are not started.
flaphead.com 