Performance issue in newly installed and configured on-premises SP 2013 farm
Introduction
We have setup an SharePoint 2013 farm having 11 servers and developed intranet application, now we have faced issue in application performance like page load will take > 15 seconds for each page. We have checked the event logs and came to know that the SharePoint servers had frequent 8321 events error related to certificate validation.
This topic describes how to troubleshoot .
Event Viewer Details
| Log Name | Application |
| Source | Microsoft-SharePoint Products-SharePoint Foundation |
| Date | 6/19/2014 7:25:07 PM |
| Event ID | 8321 |
| Task Category | Topology |
| Level | Critical |
| Keywords | |
| User | Domain\username |
| Computer | hostname.domain |
| Description | A certificate validation operation took 14996.1267 milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue. Please see http://go.microsoft.com/fwlink/?LinkId=246987 for more details. |
Diagnostic Steps
This error might be caused by the following conditions:
- Validity of the Security Token service certificates used for signing security tokens
- Network and caching
To determine this issue, our SharePoint administrator has enable CAPI2 event logging and found the below exception
| Event ID | 11 |
| Category | Build chain |
| Event ID | 53 |
| Category | Retrieve Object from Network |
Resolution
http://support.microsoft.com/kb/2625048 is a KB article describing the issue. This is relevant since the servers do not have Internet connectivity on servers.
As per the suggestions in the document, I first tried importing the certificate to the Trusted Root Authorities, which did not fix the error however disabling the automatic certificate update cleared the errors.
I have also enabled the Minimum download strategy feature on the site. This is a new feature introduced in SharePoint 2013 that improves client rendering performance by downloading only the changes when navigating page to page.
Verification
With the above changes I see a good improvement in the overall site performance and pages only take 2-6 sec to load. The search and user login which was terribly slow also works much better now.
More Information
I came to know that SharePoint periodically checks the validity of the Security Token service certificates used for signing security tokens. To check the validity of these certificates the server tries to connect to the Internet and if there is no connectivity from the server to the Internet, it takes 15 sec before the connection attempt times out. This majorly impacts the overall performance of the SharePoint farm.
See Also
Have a look at the following links for further reference