Signed PowerShell cmdlets run slower than unsigned cmdlets

Applies to: Windows Server 2012 R2Windows Server 2012Windows Server 2016

Symptoms


You find that signed Windows PowerShell cmdlets are running more slowly than unsigned cmdlets.

Cause


This issue occurs because the computer cannot connect to the following addresses for Certificate Trust List (CTL) verification:

  • http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
  • http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

This occurs when a network issue exists. For example, there are incorrect proxy settings.

Workaround


To work around this issue, follow these steps:

  1. Under the Computer Configuration node in Local Group Policy Editor, double-click Policies.
  2. Double-click Windows Settings, double-click Security Settings, and then double-click Public Key Policies.
  3. In the details pane, double-click Certificate Path Validation Settings.
  4. Select the Network Retrieval tab, select the Define these policy settings check box, and then clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box.
  1. Select OK, and then close Local Group Policy Editor.