Why CA refreshes templates from DC RRS feed

  • Question

  • List of Certificate Templates  seems to be refreshed periodically. If  ADCS is inactive (no certificate is issued) for approx. 15-20 minutes it takes a long time (20-25s) refresh the list of Certificate Templates from DC. (It is equivalent  to the process of displaying certificate templates  in: mmc console –> module certification authority –> folder Certificate Templates)
    - Until the Certificate Template list is downloaded it is not possible to issue a certificate, so this behavior  add unacceptable delay to whole certificate issuance process.
    - The error was observed in both Windows Server 2012R2 and 2016 versions.
    -  Any repeated request (which is sent after the Certificate Templates are refreshed) is processed immediately (overall delay <1s)
    - After 15-20 minutes of ADCS inactivity (no certificate is issued) the situation with 20s delay repeats.

    Is this by design ?

    Can we control the behavior and delay time?

    Monday, March 11, 2019 9:12 AM

All replies