Scomis Hosted Application Connector – Slow Connector Logon
Problem – Slow Connector Logon
You may find the initial logon to the service through the Hosted Application Connector is slow, on some systems it can take upwards of 60 seconds. After the user has logged in once for the day subsequent logins are faster until the local system has been rebooted.
Cause
Access to our service is secured through TLS over SSL for RDP security using the wildcard certificate *.rdp.scomis.org. Windows attempts to make sure this certificate is still valid by downloading the CRL (Certificate Revocation List) once each session. The CRL file is downloaded from http://crl.quovadisglobal.com/qvsslg2.crl and unless the workstation has direct access to do this (not through any proxy set for the user) there will be a delay until the process times-out.
Resolution
There are two options for resolution…
Either allow your workstations direct outbound access to the CRL Distribution point. So you need a firewall rule to allow your machines access to crl.quovadisglobal.com (crl.quovadisglobal.com / 199.68.194.230) on TCP port 80.
Another workaround is to add the following two registry keys to the machine be executing these commands from an elevated command prompt.
- reg add “HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Credssp” /v “UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors” /d 1 /t REG_DWORD
- reg add “HKLM\Software\Microsoft\Terminal Server Client” /v “CertChainRevocationCheck” /d 0 /t REG_DWORD
Alternatively you could deliver these registry keys to all machines in your domain using a group policy preference.
kb11672 11672