OCSP Requests

Loading the AD module takes longer than average

Troubleshooting

Use the Processs Monitor for troubleshooting

  • system DLLs are loaded when the AD module is started in the SRXPSHost.exe process
  • search the timeline for SRXPSHost.exe process where the time loss occurs
  • view the detailed activities in the relevant time period, what is loaded, what is called via the network
    → OCSP requests are on the certificate revocation list (expired certificates)
  • (Optional) Call URL in browser and check what comes back

Solution

  • Allow OCSP requests / https request on certificate revocation list. 

Alternative solution

  • Use internal OCSP resolver. Infrastructure must be designed for this.
  • Bypass proxies between ScriptRunner server and the Internet for system requests or impersonated processes. When using proxies, the OS of the ScriptRunner Server must enter the system-level proxies and impersonations via GPO or manually.