Apr 07 2021 09:56 PM - edited Apr 07 2021 09:58 PM
I have configured WAC to communicate to servers using WinRM HTTPS. The certs that each server uses for WinRM are just standard machine certs that they get from ADCS via autoenrollment.
The problem with WAC is that it must initially try to connect to the CRL over http, and my CRL is LDAP. So each day when first connecting to a server I get a connection failure with "The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic."
Interestingly, if I do an enter-pssession -usessl to any server to be managed from the gateway server running WAC, it fixes the connection error above. So that makes me think that WAC can query a CRL using LDAP, it just doesnt.
Apr 29 2021 07:04 AM
I've been experiencing the same issue with my new installation of WAC and have been able to resolve it by running enter-pssession as well. However, having to do this every time I restart the WAC server or attempt to connect to a new server effectively makes the WAC web app unusable.
Jul 20 2022 05:48 AM
Nov 03 2022 08:28 AM
Aug 14 2023 05:29 AM
Aug 15 2023 02:51 PM
@Rebecca_Wambua Sorry I don't have access to that environment anymore, but still interested in any positive outcomes regarding this.
Jan 30 2024 04:09 AM
Mar 19 2024 01:41 PM
Mar 25 2024 12:01 AM
@Rick_Crowe Hi, thank you for confirming that you are still experiencing this issue. I will notify the team. Would you be willing to have a couple of calls with an engineers to assist in investigation? If so pls send me an email titled "Certificate Revocation issues" that contains your timezone and preferred times to my email (rwambua@microsoft.com). Bug number: 41817157. Thank you!