Disable Certificate Revocation Check

Posted by in Exchange 2007, Setup, Troubleshooting

If your Exchange 2007 servers are not connected to internet (which for most cases should be true), installation of Rollup Update can hang and/or Exchange 2007 managed code services do not start. This happens due to Certificate Revocation check for certificate used to sign the code. It is documented here and here.

For Rollup Installation, You can address this one of two ways:

Turn off certificate revocation check in Internet Explorer

In Internet Explorer –> Tools –> Internet Options –> Advanced tab
In the Security section, uncheck or clear the box for two options mentioned below:

Check for publisher’s certificate revocation
Check for server certificate revocation

Turn off certificate revocation check in registry

In registry editor browse to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

Change Value “State”  to 146944 Decimal or 0x00023e00 Hexadecimal

Either way, you should not leave these settings intact after installation of Rollup update. Do not forget to revert the changes. I don’t think you will ask me for steps to revert it if you used IE method. If you changed registry, I have listed details below.

Turn on certificate revocation check in registry

In registry editor browse to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

Change Value “State”  to 146432 Decimal or 0x00023c00 Hexadecimal

 

If you are facing second issue which is Exchange 2007 managed code services do not start after installation of Rollup Update is installed, you will want to create or change the configuration files as discussed in articles mentioned above. If you are not running .Net Framework 2.0 SP1 or above, you need to apply software updates mentioned in KB944752.

The process of creating or changing configuration files may seem daunting task. Especially if you need to do it on many servers. Guillaume Bordier has created PowerShell script to automate this task. You can read more about it here.