Article ID: 2672574 - View products that this article applies to.
Business Data Connectivity (BDC) list has intermittent performance issues i.e. User1 browses to the External List and it gets loaded in 5 seconds however if User2 browses to the same External List, it would take about 25 seconds to load. This behavior is observed intermittently.
This issue is known to occur for any services which rely on the Secure Store Service. Due to the induced delay, you may also experience time-outs.
We hit the SPCertificateValidator.Validate method, which invokes the Automatic Root Certificates Update Windows Component; on Windows Servers, this component is on by default and generally whenever an application is presented with a certificate that is not present in the trusted root store, it will attempt to contact Microsoft download servers to get the latest root chain. If we cannot connect to the Microsoft download servers and get the latest root chain, we have a default timeout value of 15 seconds after which we continue with the next operation. This is why we see a 15-second delay.
There should not be specific implications to SharePoint since we are using self-signed certs and manage them ourselves. The SharePoint certificates do have an expiry and we do have a health rule that watches for that IIRC and will warn the admin to update/re-roll them.
The main aspect to think through is for “other” certificates used on the box (like SSL certificates, certificates to trust download packages or for SAFER policy etc) which are issues from certificates chained to those in the TRC store.
Allow internet access to the server to download the certificate chain (if your company policies allow that)
ULS Logs would show entries similar to below:
[Date and Time] w3wp.exe (0x1788) 0x1214 SharePoint Foundation Monitoring b4ly Verbose Leaving Monitored Scope (SPCertificateValidator.Validate). Execution Time=15004.5658997061 [Date and Time] w3wp.exe (0x1788) 0x1214 SharePoint Foundation Monitoring nass Verbose ____Execution Time=15004.5658997061
The cert management plan needs to be implemented as per http://technet.microsoft.com/en-us/library/cc731638(WS.10).aspx
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.
Article ID: 2672574 - Last Review: March 12, 2013 - Revision: 7.0