No connection to server or long time waiting when logging on from Workstation using HTTPS

Issue

When trying to log on to an ES or AS using HTTPS, you get "No connection to server" or it takes a long time. Using HTTP it works fine.

Version 1.6.0 and below you get "No connection to server"

Version 1.6.1 and above you get in but it takes an extra 25 seconds compared to normal

Product Line

SmartStruxure Solution

Environment

Enterprise Server

Automation Server

Workstation

Cause

 

The most common reason for this, is that the port used for HTTPS is changed in the Software Administrator, and not added in Workstation when logging on. For a solution to that, please check Lessons Learned article #8003

A more rare reason for this, has been identified on sites with strict network policies or no connection to the internet. The reason this is happening, is because an application using SSL or TLS (e.g. OpenSSL) is regularly checking for certificate revocation. That can normally only be done if the PC has internet connection. If the PC can't connect to Microsoft's server to get the newest list of revoked certificates, the application will appear to hang or fail to use SSL. For a deep explanation of certificate revocation check and the base of this article, read this article.

The issue can be confirmed using Fiddler. Here is an example on how to identify the issue.

Another way to check it, is to enter the URL used to retrieve the list on the PC having the issue: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?baa88d4bbbfc38e4 When trying to access that URL from a PC having this issue, you should get "HTTP Error 502 Bad gateway".

Resolution

 

1. Download the newest CRL updates from a PC with internet connection

2. Copy the two files to the PC having the issue

3. Open a command prompt and navigate to the folder where the files are located

4. Install the CRL files using the following commands

  • CertUtil -AddStore CA CodeSignPCA.crl
  • CertUtil -AddStore CA CodeSignPCA2.crl