Share via

SharePoint 2013: How to improve speed on first page load

  • Article

I think it’s always the same discussion about why SharePoint is slow, extremely slow. I explained on other articles how to perform your environment or how to manage your environment.

Recently, I received several calls from the Helpdesk that the search results ware slow for the first time and that they had to wait 1 minute before seeing anything on the Search Center. After this I went to my logs and I received log errors as “The root of the certificate chain is not a trusted root authority”. So, I had to look a the Windows built-in tool who in a very good SSL certificate error log also called CAPI2.

If it’s not enabled, you can enable this under Application and Services Logs -> Microsoft -> CAPI2 by left clicking “Operational” and pressing “Enable Log”.

After searching on what this event was, I found it on TechNet: “The Automatic Root Certificates Update component is designed to automatically check the list of trusted authorities on the Microsoft Windows Update Web site. Specifically, there is a list of trusted root certification authorities (CAs) stored on the local computer. When an application is presented with a certificate issued by a CA, it will check the local copy of the trusted root CA list. If the certificate is not in the list, the Automatic Root Certificates Update component will contact the Microsoft Windows Update Web site to see if an update is available. If the CA has been added to the Microsoft list of trusted CAs, its certificate will automatically be added to the trusted certificate store on the computer.”

To make sure that the SSL certificates are valid windows checks for CRL. By default it will try to access this list for 30 seconds. If the list cannot be accessed the process is continued normally. In SharePoint CRL problems may occur, for example as long loading times (especially if the page is not used frequently), broken functionalities, etc.

CRL access errors can be solved by a few quite easy steps that will explained at the end of this article:

For resolving this issue, Let’s open MMC and connect local on this computer. Go to Certificates and check the 3 certificates about SharePoint. You can easily read ” the issuer of this certificate could not be found“.

So open SharePoint Management Shell and type the following code to generate a certificate.

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export(“Cer”) | Set-Content C:\root.cer –Encoding Byte

 

Again on MMC under Trusted Root Certification Authorities, add the certificate that you just generated.

Now when you go on SharePoint > Certificates you should see “This certificate is OK.” Under all SharePoint Certificates.

So what about CLR now?
Why does PowerShell, Search Service or SharePoint sites taking so much time when there is no CPU activity, no network traffic, …

  • Your site is slow because you make the first request of the day, or the first request after recycling the application pool because you are developing assemblies that site in the GAC.
  • While you are waiting, and tearing your remaining hair out because you know you have to do this at least 50 times today, there is no CPU activity, swapping or significant network traffic.

After googling and searching as a geek we have found this who explains us why It’s so slow:
“The problem is that when loading signed assemblies the .net Framework checks the Internet based Certificate Revocation List. As our servers have, like most secure environments, no outgoing connections to the public Internet, the connection to crl.microsoft.com times out after what appears to be 30 seconds. It probably does this a couple of times in succession, causing a 2 minute wait when spinning up SharePoint.
After the timeout the assembly is still loaded and the software works as expected, though very slow every time a new signed assembly is loaded for the first time, which happens a lot. The worst thing is that no entries are written to the event log and no exceptions are thrown so you are left completely in the dark about why your application is so bloody slow. “
There are many workarounds listed, but I want to underline some who I have tested:
Download the CRLs and add them to the server manually:

  1. Download: http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl
    http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
  2. Add them:
    certutil -addstore CA CodeSignPCA.crl
    certutil -addstore CA CodeSignPCA2.crl

Alternatively you can manually modify the registry for each account:

[HKEY_USERS\<userid>\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing]
"State"=dword:00023e00

The following script applies the registry change to all users on a server. This will solve the spin-up time for the service accounts, interactive users and new users. You can execute this on the SQL Server as the SharePoint Server.
Create a new Notepad, copy the code inside and change the name to script.vbs. Execute the script and it should be done:

const HKEY_USERS = &H80000003 strComputer = "." Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\default:StdRegProv") strKeyPath = "" objReg.EnumKey HKEY_USERS, strKeyPath, arrSubKeys strKeyPath = "\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" For Each subkey In arrSubKeys objReg.SetDWORDValue HKEY_USERS, subkey & strKeyPath, "State", 146944 Next

You have 3 manners to improve your speed for SharePoint, but I want to list other ways to help you. I personally did not test it, but after reading the comments on sites I could determine that these workaround was good as well.
You can edit the machine.config (usually C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config) instead of editing every the registery, and adding the following code :

<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>

 

Or editing HOSTS works for both just add a line as below to HOSTS and go!
127.0.0.1 crl.microsoft.com