How to improve speed on SharePoint 2013

Helo the SharePoint Community,

I think it’s always the same  discussion about why SharePoint is slow, extremely slow. I explained on other  articles how to perform your environment or how to manage your environment.

Recently, I received several calls from  the Helpdesk that the search results ware slow for the first time and that they  had to wait 1 minute before seeing anything on the Search Center. After this I  went to my logs and I received log errors as “The root of the certificate chain is not a trusted  root authority”. So, I had  to look a the Windows built-in tool who in a very good SSL certificate error  log also called CAPI2.

If it’s not enabled, you can enable this under  Application and Services Logs -> Microsoft -> CAPI2 by left clicking  “Operational” and pressing “Enable Log”.


After searching on what this event  was I found on TechNet: “The Automatic Root Certificates Update component is  designed to automatically check the list of trusted authorities on the  Microsoft Windows Update Web site. Specifically, there is a list of trusted  root certification authorities (CAs) stored on the local computer. When an  application is presented with a certificate issued by a CA, it will check the  local copy of the trusted root CA list. If the certificate is not in the list,  the Automatic Root Certificates Update component will contact the Microsoft  Windows Update Web site to see if an update is available. If the CA has been  added to the Microsoft list of trusted CAs, its certificate will automatically  be added to the trusted certificate store on the computer.”


To make sure that the SSL certificates are valid windows checks for CRL. By  default it will try to access this list for 30 seconds. If the list cannot be  accessed the process is continued normally. In SharePoint CRL problems may  occur for example as long loading times (especially if the page is not used  frequently), broken functionalities, etc.

CRL  access errors can be solved by a few quite easy steps that will explained at  the end of this article:
CRL error

For resolving this issue, Let’s open MMC and connect local on this computer. Go  to Certificates and check the 3 certificates about SharePoint. You can easily  read ” the issuer of this certificate could not be found“.

So open SharePoint Management Shell and type the following code to  generate  a certificate.

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export(“Cer”) |    Set-Content C:\root.cer –Encoding Byte

 

Again on MMC under Trusted Root Certification  Authorities, add the certificate that you just generated.

 

Now when you go on SharePoint > Certificates you should see “This  certificate is OK.” Under all SharePoint Certificates.


So what about CLR now?       Why does PowerShell, Search Service or SharePoint  sites taking so much time when there  is  no CPU activity, no network traffic, …

  • Your site is       slow because you make the first request of the day, or the first request       after recycling the application pool because you are developing assemblies       that site in the GAC.
  • While you are       waiting, and tearing your remaining hair out because you know you have to       do this at least 50 times today, there is no CPU activity, swapping or       significant network traffic.

After googling and searching as a geek we  have found this who explains us why It’s so slow: “The problem is that  when loading signed assemblies the .net Framework checks the Internet based Certificate Revocation List. As our  servers have, like most secure environments, no outgoing connections to the  public Internet, the connection to crl.microsoft.com times out after what  appears to be 30 seconds. It probably does this a couple of times in  succession, causing a 2 minute wait when spinning up SharePoint.      

After the timeout the  assembly is still loaded and the software works as expected, though very slow  every time a new signed assembly is loaded for the first time, which happens a  lot. The worst thing is that no entries are written to the event log and no  exceptions are thrown so you are left completely in the dark about why your  application is so bloody slow. “ There are many  workarounds listed, but I want to underline some who I have tested:       Download the CRLs and add them to the server manually:

  1. Download:        http://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl           http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
  2. Add them: certutil -addstore CA CodeSignPCA.crl           certutil -addstore CA CodeSignPCA2.crl

Alternatively you can  manually modify the registry for each account:

[HKEY_USERS\<userid>\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust  Providers\Software Publishing]               "State"=dword:00023e00

 

The following script  applies the registry change to all users on a server. This will solve the  spin-up time for the service accounts, interactive users and new users. You can  execute this on the SQL Server as the SharePoint Server.       Create a new Notepad,  copy the code inside and change the name to script.vbs. Execute the script and  it should be done:

const  HKEY_USERS = &H80000003 strComputer = "." Set  objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _  & strComputer & "\root\default:StdRegProv") strKeyPath =  "" objReg.EnumKey HKEY_USERS, strKeyPath, arrSubKeys strKeyPath =  "\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust  Providers\Software Publishing" For Each subkey In arrSubKeys  objReg.SetDWORDValue HKEY_USERS, subkey & strKeyPath, "State",  146944 Next

 

You have 3 manners to improve your speed for SharePoint,  but I want to list other ways to help you. I personally did not test it, but  after reading the comments on sites I could determine that these workarround  was good as well.       You can edit the machine.config (usually C:\windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config)  instead of editing every the registery, and adding the following code :

<configuration>             <runtime>             <generatePublisherEvidence enabled="false"/>             </runtime>               </configuration>

 

Or editing HOSTS  works for both just add a line as below to HOSTS and go!       127.0.0.1 crl.microsoft.com

Be aware and Happy Configuring,

Source - CLR: http://www.sharepointblues.com/2012/01/09/sharepoint-certificate-er...      

Source  - Search Service is Slow : http://support.microsoft.com/kb/2639348

 

Gokan Ozcifci

 

Views: 1405

Tags: 2013, Gokan, How, IT, IT-Pro, Ozcifci, PRO, SharePoint, improve, on, More…speed, to

Add a Comment

You need to be a member of SharePoint Community to add comments!

Join SharePoint Community

© 2014   Created by Mark Jones.   Powered by

Badges  |  Report an Issue  |  Terms of Service

Live Support