cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Certificate Revocation issues

Neihana
Copper Contributor

‎Apr 07 2021 09:56 PM - edited ‎Apr 07 2021 09:58 PM

‎Apr 07 2021 09:56 PM - edited ‎Apr 07 2021 09:58 PM

Certificate Revocation issues

I have configured WAC to communicate to servers using WinRM HTTPS. The certs that each server uses for WinRM are just standard machine certs that they get from ADCS via autoenrollment.

 

The problem with WAC is that it must initially try to connect to the CRL over http, and my CRL is LDAP. So each day when first connecting to a server I get a connection failure with "The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic."

 

Interestingly, if I do an enter-pssession -usessl to any server to be managed from the gateway server running WAC, it fixes the connection error above. So that makes me think that WAC can query a CRL using LDAP, it just doesnt.

 
5,165 Views
2 Likes
8 Replies
Reply
8 Replies
HPruyn

‎Apr 29 2021 07:04 AM

‎Apr 29 2021 07:04 AM

Re: Certificate Revocation issues

I've been experiencing the same issue with my new installation of WAC and have been able to resolve it by running enter-pssession as well. However, having to do this every time I restart the WAC server or attempt to connect to a new server effectively makes the WAC web app unusable.

2 Likes
Reply
Diego Vasquez

‎Jul 20 2022 05:48 AM

‎Jul 20 2022 05:48 AM

Re: Certificate Revocation issues

We're also having exactly the same issue and our CRLs are published to a web server, so this is not only related to LDAP.
1 Like
Reply
Vlad-Drac

‎Nov 03 2022 08:28 AM

‎Nov 03 2022 08:28 AM

Re: Certificate Revocation issues

@Diego Vasquez 

 

did you manage to solve this issue ?

0 Likes
Reply
Rebecca_Wambua

‎Aug 14 2023 05:29 AM

‎Aug 14 2023 05:29 AM

Re: Certificate Revocation issues

Hi @Diego Vasquez, @Vlad-Drac, @HPruyn and @Neihana, thanks for bringing it up. I'm Rebecca from the product side. We have tried to reproduce this without success, I would like to request if we can hop on call so that we may troubleshoot and also understand the problem better? Please message me if this would work with you! Thank you.
0 Likes
Reply
Neihana

‎Aug 15 2023 02:51 PM

‎Aug 15 2023 02:51 PM

Re: Certificate Revocation issues

@Rebecca_Wambua Sorry I don't have access to that environment anymore, but still interested in any positive outcomes regarding this.

0 Likes
Reply
Rebecca_Wambua

‎Jan 30 2024 04:09 AM

‎Jan 30 2024 04:09 AM

Re: Certificate Revocation issues

Thanks! Seems like we cannot reproduce this at all. But in case someone else experiences it please reply to me!
0 Likes
Reply
Rick_Crowe

‎Mar 19 2024 01:41 PM

‎Mar 19 2024 01:41 PM

Re: Certificate Revocation issues

I have same issue as Neihana. Going to be a pain if I have to execute a pre-script every time I want to use WAC.
0 Likes
Reply
Rebecca_Wambua

‎Mar 25 2024 12:01 AM

‎Mar 25 2024 12:01 AM

Re: Certificate Revocation issues

@Rick_Crowe Hi, thank you for confirming that you are still experiencing this issue. I will notify the team. Would you be willing to have a couple of calls with an engineers to assist in investigation? If so pls send me an email titled "Certificate Revocation issues" that contains your timezone and preferred times to my email (rwambua@microsoft.com). Bug number: 41817157. Thank you!

0 Likes
Reply