Exchange 2010 Management Console (EMC) is very slow
Lately while working with my Exchange 2010 customers they complain “ Exchange 2010 Management Console is very slow”, and I have been advising them about a workaround that had worked perfectly for me and them all the time. Now the management console starts very quickly . So here is the solution:
Turn off (Uncheck) “Check for publisher’s certificate revocation” & “Check for server certificate revocation” options on the server/workstations you are starting the EMC (Exchange Management Console) on
· In Windows Internet Explorer –> Tools –> Internet Options –> Advanced tab
· In the Security section, uncheck the below two options “Check for publisher’s certificate revocation” & “Check for server certificate revocation”
How does this relate to the EMC in Exchange 2010 ? well Exchange tries to connect to the certificate revocation list (CRL) Web site. Exchange examines the CRL list to verify the code signing certificate.
I have also noticed that unchecking the two options above speed up the start time of EMS (Exchange Management Shell)
This is a security option and unchecking this represent a risk unless the machine is in a secure environment, please be aware the of consciences of this change.
Comments
Anonymous
February 29, 2012
Nice! It does improve the speed of opening the console. Appreciate the tip! Amazing how so many of their products are tied in through IEAnonymous
May 17, 2012
You really suggest disabling CRL checking for the whole machine to resolve performance problems? You might as well not sign it in the first place.Anonymous
May 31, 2012
I think the point is to turn it off on the machine where you're using the EMC - not on the Exchange server.Anonymous
August 09, 2012
Thanks ALOT!!! really helped me there...Anonymous
April 04, 2013
Thanks, life become easy.Anonymous
April 05, 2013
Outstanding - Has made such a huge difference and such a simple fix. Well done!Anonymous
April 10, 2013
Thank you very much. Works very fast now.Anonymous
May 24, 2013
The comment has been removedAnonymous
June 18, 2013
Sadly, this had no effect on my EMCAnonymous
July 19, 2013
Thanks, this Solution was Perfect...Anonymous
July 31, 2013
This is NOT a secure solution, this is a global chnage for all certificate requests, i would recomend activating the CAPI2 logging then open the console and see whats happening with the certificate request, on our system there is a problem with the CRL from MicrosoftAnonymous
November 03, 2013
WooHoo Fixed for me. YAYAnonymous
December 10, 2013
Great!...Many thanks mate...I've been looking for a fix for hoursAnonymous
April 02, 2014
Thank you, thank you, thank you!!!Anonymous
May 12, 2014
worked for me, thanks so muchAnonymous
June 03, 2014
Did not make any differences! SorryAnonymous
June 04, 2014
THANKS A LOT!! GREAT!Anonymous
June 06, 2014
Did absolutely nothing! Not sure what the commotion is all about. Are you managing couple of hundred MBs? Anyone here with 5000+ MBs?Anonymous
August 11, 2014
Did nothing still slow, placebo effect for those that say it loads faster?Anonymous
May 19, 2015
Went here from , Snap not responding (hangs 15 sec) till direct open. So worked for me !Anonymous
May 19, 2015
Is there a better way to do this without disabling these options? What exactly does it look for in the CRL?Anonymous
August 09, 2015
It checks the CRL to see if the signing certificate has been revoked (e.g. no longer valid from the signing authority).
To those mentioning the security issue -- this absolutely is. However, to those of us who work on closed networks, this is a HUGE performance gain since CRLs (most commonly) aren't available for checking anyway.
...as the author said, a conscious security decision by the user. Btw, this setting is on a PER-USER basis.Anonymous
October 26, 2015
Thanks a lot..it's worked for me.