- When the Microsoft .NET Framework 2.0 loads a managed assembly, the managed assembly calls the CryptoAPI function to verify the Authenticode signature on the assembly files to generate publisher evidence for the managed assembly.
- The CryptoAPI function checks a Certificate Revocation List (CRL) that is available at http://crl.microsoft.com. This action requires an Internet connection.
- If the Internet connection is blocked, the outgoing HTTP requests may be dropped. Therefore, an error message is not returned. This problem may also occur if the computer cannot resolve http://crl.microsoft.com. This long delay causes the CRL check to time out.
- The Service Control Manager (SCM) determines that the service is taking too long to start and that the service has exceeded the maximum service start time. Therefore, the SCM reports the error message, and the Exchange managed code services are not started.
- Exchange server does not have to have a connection to the Internet. It just needs to have routers that do not send packets into a black hole. The CRL check is timing out because it never receives a response. If a router were to send a “no route to host” ICMP packet or similar error instead of just dropping the packets, the CRL check would fail right away, and the service would start. You can add an entry to crl.microsoft.com in the hosts file or on the DNS server and send the packets to a legitimate location on the network, such as 127.0.0.1, which will reject the connection. To do this, use a text editor to open the Windows\system32\drivers\etc\host file, and then add the following entry: crl.microsoft.com 127.0.0.1
- Use a switch in the configuration files that are associated with the Exchange services. This switch works in the common language runtime (CLR) 2.0 SP1 environment that is included with the .NET Framework version 3.5.
If you are using the .NET Framework 2.0, follow the steps in the “Install a software update” section. Then, continue to the “Create configuration files” section. If you already have the CLR 2.0 SP1 environment installed, go to the “Create configuration files” section.
Install a software updateIf you are using the .NET Framework 2.0, install one of the following software updates:
- Software update 936707 with CRL build 2.0.50727.876
For more information, click the following article number to view the article in the Microsoft Knowledge Base:936707 FIX: A .NET Framework 2.0 managed application that has an Authenticode signature takes longer than usual to start
- Software update 942027 with CRL build 2.0.50727.926
For more information, click the following article number to view the article in the Microsoft Knowledge Base:942027 FIX: You may notice that the memory load is very high when you run an application that is built on the .NET Framework 2.0
- A different software update that has a later CRL build.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:945757 Problems that are fixed in the .NET Framework 2.0 Service Pack 1
To download the .NET Framework 3.5, visit the following Microsoft Web site:
Create configuration filesImportant You must save a copy of your existing configuration files to a safe location. If there is an error in a configuration file, the applicable service cannot start.
You must create configuration files for all Exchange Server 2007 managed code services.
How to create a new configuration fileIf you already have a configuration file, go to the “How to change an existing configuration file” section. To create a new application configuration file that contains the switch that is introduced in CLR 2.0 SP1, follow these steps:
- Create a file, and then name it
- In a text editor, open this file.
- Add the following code to the file.
<generatePublisherEvidence enabled="false" />
- Save the changes to the file.
How to change an existing configuration fileImportant Before you make any changes to the configuration file, save a copy of the current file in a safe location.
If the configuration file already exists for a service, add the following line to the runtime options section in the file.
You may have to update the configuration files for the following services or programs: