When trying to log on to an ES or AS using HTTPS, you get "No connection to server" or it takes a long time. Using HTTP it works fine.
Version 1.6.0 and below you get "No connection to server"
Version 1.6.1 and above you get in but it takes an extra 25 seconds compared to normal
EcoStruxure Building Operation
- Enterprise Server
- Automation Server
The most common reason for this is that the port used for HTTPS is changed in the Software Administrator, and not added in Workstation when logging on. For a solution to that, please check Workstation Log on failure due to unidentified port.
A more rare reason for this has been identified on sites with strict network policies or no connection to the internet. The reason this is happening is because an application using SSL or TLS (e.g. OpenSSL) is regularly checking for certificate revocation. That can normally only be done if the PC has internet connection. If the PC can't connect to Microsoft's server to get the newest list of revoked certificates, the application will appear to hang or fail to use SSL. For a deep explanation of certificate revocation check and the base of this article, read Citrix' article: Slow Web Interface\MMC console? CRL explained.
The issue can be confirmed using Fiddler. Here is an example on how to identify the issue.:
Another way to check it, is to enter the URL used to retrieve the list on the PC having the issue: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?baa88d4bbbfc3... When trying to access that URL from a PC having this issue, you should get "HTTP Error 502 Bad gateway".
- Download the newest CRL updates from a PC with internet connection
- Copy the two files to the PC having the issue
- Open a command prompt and navigate to the folder where the files are located
- Install the CRL files using the following commands
- CertUtil -AddStore CA CodeSignPCA.crl
- CertUtil -AddStore CA CodeSignPCA2.crl