locked
Stability of Edge Server RRS feed

  • Question

  • I have Edge server part of DMZ. We are facing some stability issues. Sometimes we have to restart services or restart the server itself. The only event I see on Edge server is:

     

    Event Type:                        Warning

    Event Source:                    OCS Certificate Manager

    Event Category:                (1016)

    Event ID:                              31007

    Date:                                     3/12/2008

    Time:                                    2:21:06 AM

    User:                                     N/A

    Computer:                          POCS2

     

    Description:

    The CRL could not be downloaded for certificate:
    Subject: CA, ON, Toronto, pool.mydomain.com, Issuer: hostmaster@mydomain.com, CA, Ontario, Toronto, Limited, My Enterprise CA, Extended Error Code: 0x80092013
    Cause: This could happen if the CA is unreachable or the certificate did not specify the CDP location. It could also happen if the CA was overloaded.
    Resolution:
    You should contact the issuer and download/install the CRL.

     

     

    I am using internal PKI for both internal and external interfaces of my Edge server. This event id happens every day at around 2.20-2.25am.

     

    I don’t know why this event id is complaining about “The CRL could not be downloaded for certificate “pool.mydomain.com”.

    Pool.mydomain.com is the FQDN of my OCS pool.

    Any idea what could be the reason?

     

    Thanks,

     

    Muhammad

     

    Wednesday, March 12, 2008 4:25 PM

All replies

  • The CRL is the Certificate Revocation List that is downloaded from your internal CA.

    You can view the CRL in the Certificate that is installed on the EDGE server

    Most likely that URL is not reacheable by your EDGE server, it might also be DNS resolving issues or port blocked issues

     

    Johan

    Wednesday, March 12, 2008 11:34 PM
  • Yep, exactly. When the Edge server can't tell if the certificate has been revoked or not (because it can't check the CRL), the services stop functioning.
    Friday, March 14, 2008 12:53 AM