Certificate Revocation issues

Occasional Visitor

I have configured WAC to communicate to servers using WinRM HTTPS. The certs that each server uses for WinRM are just standard machine certs that they get from ADCS via autoenrollment.

 

The problem with WAC is that it must initially try to connect to the CRL over http, and my CRL is LDAP. So each day when first connecting to a server I get a connection failure with "The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic."

 

Interestingly, if I do an enter-pssession -usessl to any server to be managed from the gateway server running WAC, it fixes the connection error above. So that makes me think that WAC can query a CRL using LDAP, it just doesnt.

 
2 Replies

I've been experiencing the same issue with my new installation of WAC and have been able to resolve it by running enter-pssession as well. However, having to do this every time I restart the WAC server or attempt to connect to a new server effectively makes the WAC web app unusable.

We're also having exactly the same issue and our CRLs are published to a web server, so this is not only related to LDAP.