Easy CRL troubleshooting is just one click away in Windows Vista! Read on to learn how to enable crypto API2 (CAPI2) logging. For Windows XP and Windows Server 2003 you still have to use CAPIMON to find out what's going wrong with CRL checking.
With CAPI2 logging turned on, all chain validation operations are logged in the event log: Application logs - Microsoft - Windows - CAPI2.
To find out what goes wrong with chain validation do the following:
Additional information about PKI troubleshooting on Vista is available on Technet. Refer to Troubleshooting PKI Problems on Windows Vista or download the documentation from the Microsoft Download Center.