Issue:- You can have ADFS sites or Kerberos or basic configuration sites using hardware appliances for NLB e.g. F5 or Big IP or you can also be using SiteMinder. You may experience slowness while loading the site.


Troubleshooting:-

If you collect Fiddler trace you will see CRL checking to Microsoft site.

 

 

Resolution:-

1. Disabled Certification Revocation checking.


OR

 

1. netsh http show sslcert (* check if 'Verify Client Certificate Revocation : Enabled' *)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443 -> DefaultSslCertCheckMode = 1

2. reboot server

3. netsh http show sslcert (* check if 'Verify Client Certificate Revocation : Disabled' *)