Skip to main content

Troubleshoot: I’m experiencing slowness when using SAML Claims with SharePoint 2010

If you’re using SAML Claims and experiencing the slowness, read this complete article. If you monitor that the requests via a tool like Fiddler consume more time on the SharePoint server, most likely it is in the /_trust subdirectory. It means that your farm doesn’t have the internet access. You would likely be able to see this if you turn ON CAP12 logging on the SharePoint servers. Let’s discuss how to do so:
CAP12 is the new cryptography API and it’s available in Vista/2008. CAP12 diagnostics greatly improves on the PKI diagnostics available in 2000/XP/2005. The information of the CAP12 diagnostics information will be logged to the CAP12 Operational log which is located at Applications and Services Logs\Microsoft\Windows\CAPI2\Operational in Event Viewer. Moreover, you can use the CAP12 logging to troubleshoot most PKI operations in Vista/2008. This CAP12 logging won’t be enabled by default. If you wish to enable it, it is required to right click the CAP12 Operational log in Event Viewer and select Enable Logging. You can also enable it using Wevtutil:



wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
To disable it with Wevtutil the syntax is:
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
Once you’ve successfully enabled CAP12, it is required to authenticate to SharePoint again and then look in the Event Viewer. If you can see event codes 11 (BuildChain) and 53 (Retrieve Object from Network), you should look into event 53 closer and see it it’s trying to make a request to
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

If you see this and your farm don’t have the internet access, then you will have to endure all sorts of painful timeouts while it tries to reach it. For now, you can work around this problem in two ways:
1)    It is required to export the “SharePoint Root Authority” certificate from SharePoint and import to the Trusted Root Certification Authorities store.
a)    Go into the Certificates MMC and export the SharePoint Root Authority certificate, then import it into the Trusted Root Authorities.
b)    Now, you can will find both of these in Computer certificate store, and you will find the SharePoint root authority certificate in the SharePoint node in the MMC.
2)    It is required to disable retrieval of third-party root certificates from the network via Group Policy.
a)    You can do this by going into your GPO and drilling down into Computer Configuration, Windows Settings, Security Settings, Public Key Policies.
b)    Then, look for a policy in there called Certificate Path Validation Settings; open it up and click on the Network Retrieval tab.  Check the box that says "Define these policy settings"
c)    Now, it is required to ensure that you’ve unchecked the box that states "Automatically update certificates in the Microsoft Root Certificate Program (recommended)".
If you’ve successfully made all the above changes, you can see login times improve considerably.

B y

Popular posts from this blog

New Micro battery, power packed for high performance

For a size of a few millimetres, the new micro-batteries are powerful enough to jump start a car battery and then quickly charge the cell phone. Researchers from the University of Illinois have developed the micro batteries which can be used to drive compact electronic devices and new applications for radio communications. The micro batteries are so good that they can even out power the super capacitors. The results were published in ‘Nature Communications’ in the April 16 issue. The micro batteries have energy and power and with the researchers tweaking the structure of the micro batteries a little bit, its use can be for wide range applications. The high performance of the micro battery is based on its 3-dimensional micro-structure. Based on the design of fast charging cathode by Professor Paul Braun’s group, researchers developed the matching anode and integrated it with the fast charging cathode at a micro-scale and made a complete battery with high performance. These batteries cou

HTC Touch Diamond SmartPhone!

The phones design is an innovative in which the user has the geometric form language to make sure a clutter-free environment for screening content. The San Francisco based studio One & Co collaborated with HTC Taiwan Design team to create Diamond HTC smartphone. The HTC phone is quite wonderful with design and the rapid development in the smartphone market the HTC has taken innovative steps to capture the SmartPhone market HTC develops these kind of new inventive designs. Inspired

Google Health Login Page is Ready!

Google's Marissa Mayer announced that the Google Health will be launched on 2008. The service of the Google Health Login Page is ready. It's only the first intro page is displayed and I didn't get passed to the next page. In the same page y0u can see the information displaying on the Google Health. If you point your mouse on the below link you can visit the Google Health Page https://www.google.com/accounts/ServiceLogin?service=health With Google Health, you can: * Build online health profiles that belong to you * Download medical records from doctors and pharmacies * Get personalized health guidance and relevant news * Find qualified doctors and connect to time-saving services * Share selected information with family or caregivers This will be a nice development about caring health and this will helps in having some cautious about health. Inspired