Might work. Thanks. Still annoying that I figured it out once and now am stumped so far.
-----Original Message----- From: Benjamin Zachary [mailto:[email protected]] Sent: Monday, October 31, 2011 8:42 PM To: NT System Admin Issues Subject: RE: PC going to Verisign This may sound like a silly workaround but what about getting the dns name and resolving it to 127.0.0.1 in DNS or a hosts file? This way it just errors out the lookup quickly and continues. -----Original Message----- From: Ken Schaefer [mailto:[email protected]] Sent: Monday, October 31, 2011 11:09 PM To: NT System Admin Issues Subject: RE: PC going to Verisign >From where I sit, the most obvious thing is that there is a Verisign certificate in use by the app (is TLS/SSL used? Or maybe code signing?) The PC is attempting to connect to Verisign's CRL, to see whether the cert has been revoked or not. When that eventually times out, the application loads. Cheers Ken -----Original Message----- From: Ray [mailto:[email protected]] Sent: Tuesday, 1 November 2011 2:02 AM To: NT System Admin Issues Subject: PC going to Verisign We are an Epicor shop. I have a number of people residing on a VLAN that has no internet connectivity. They also logon locally (no domain account). On a PC with no internet, from clicking on the icon to getting the Epicor login screen would take 90+ seconds. On a PC with an internet, this takes maybe 10 seconds. I loaded a program called "ShowTraffic" to see what kind of traffic was happening on the PC. I noticed there were attempts to go to Verisign. This would happen several times before the logon screen would finally come up. I managed to figure out that if I unchecked the Check for Publishers Certificate Revocation under IE Advanced Settings, Epicor would load just as fast as a workstation with internet connectivity. I came up with a reghack and made sure these PC's were now unchecked. I'm guessing most of you cringed above when I said that people were logging on locally. The security is of course unacceptable, and I'm finally able to do something about it. A child domain has been created which will give these people domain accounts, and as such allow me to lock down and monitor their PC's. Unfortunately, even with the above box unchecked, I'm back to 90+ seconds and "ShowTraffic" shows these PC's going back out to Verisign. Any idea how I can figure out why these pc's are behaving differently on this child domain? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
