locked
Active Directory Certificate Services slow to connect. RRS feed

  • Question

  • Hello,

    If I want to connect remotely to an Active Directory Certificate Services, hosted on a Windows Server 2019 STD, by using RSAT, the progress bar takes a long time to get to 100%, eventually the connection is done and everything works just fine. For example the DNS RSAT Tool connects very fast.

    When I used Windows Server 2012 R2, the connection took much less time, it was almost instantaneous.

    I use windows 10 build 1803 with the latest RSAT tools available.

    As a debugging measure I installed Windows 10 1809, and used the built-in RSAT tools, no change, the connection is still done slowly even with a freshly installed server in the same L2 network.

    Wednesday, March 20, 2019 1:39 PM

All replies

  • hello,
    Thank you for posting in our TechNet forum.

    According to our description, we troubleshoot as below:

    1. If we connect remotely to other AD services (hosted on a Windows Server 2019 STD, by using RSAT) is it fast or the same slow?

    2. If we reinstall RSAT in Windows 10 client, can we connect 
    remotely to an Active Directory Certificate Services (hosted on a Windows Server 2019 STD, by using RSAT) fast?

    3. If it does not work above, maybe we need to g
    rab network packets when we connect to Windows server 2012 and Windows server 2012, compare the connection information in the network package and check what impacts connection speed.



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 21, 2019 6:56 AM
  • 1. Other AD Services connect very fast, almost instantaneously on the same server, however conecting remotely to AD Certificate Services takes about 22 seconds, every time. (The firewall rules are the default ones, no rule was deactivated or deleted)

    2. Reinstalling RSAT makes no difference. I've also installed RSAT on a fresh Windows 10 and a fresh test Active Directory Domain Controller with a default install of Active Directory Certificate Services in the same L2 network. Both the client and the server had all updates.

    3. I do not believe the problem is with the network the rest of the roles connect very fast.

    On the Domain Controller, if I load Active Directory Certifcate Services, it loads fast, like all the other roles.

    So, the plot thickens:

    I did another test, I used a fresh Windows 10 (1803) test client, but with a fresh Windows Server 2012 R2 AD DS & AD CS installed. When I use RSAT for AD CS, it loads slowly.

    So I did another test, I used a fresh 8.1 Update 2 Client (with all updates), with the same Windows Server 2012 R2 AD DS & AD CS installed. When I use RSAT for AD CS, it loads slowly.

    Apparently some windows update(s), messed this up, because, back in January this was not an issue.

    The infrastructure that I work with was upgraded from 2012 R2 to 2019, so I thought it was a problem with the latest relase of Windows Server.
    Thursday, March 21, 2019 2:38 PM
  • Hi,
    According to "Apparently some windows update(s), messed this up, because, back in January this was not an issue", if we try to uninstall the Windows update(KB) we installed after January, can we connect remotely to an Active Directory Certificate Services fast?


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 22, 2019 10:22 AM
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 25, 2019 3:37 AM