Introduction

We have setup an SharePoint 2013 farm having 11 servers and developed intranet application, now we have faced issue in application performance like page load will take > 15 seconds for each page. We have checked the event logs and came to know that the SharePoint servers had frequent 8321 events error related to certificate validation.

This topic describes how to troubleshoot .

Event Viewer Details


Log Name Application
Source Microsoft-SharePoint Products-SharePoint Foundation
Date 6/19/2014 7:25:07 PM
Event ID 8321
Task Category Topology
Level Critical
Keywords  
User Domain\username
Computer hostname.domain
 Description  A certificate validation operation took 14996.1267 milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue. Please see http://go.microsoft.com/fwlink/?LinkId=246987 for more details.

 

Diagnostic Steps

This error might be caused by the following conditions:

  • Validity of the Security Token service certificates used for signing security tokens
  • Network and caching

To determine this issue, our SharePoint administrator has enable CAPI2 event logging and found the below exception

Event ID   11
Category Build chain

Event ID   53
Category Retrieve Object from Network

 

Resolution

http://support.microsoft.com/kb/2625048 is a KB article describing the issue. This is relevant since the servers do not have Internet connectivity on servers.
As per the suggestions in the document, I first tried importing the certificate to the Trusted Root Authorities, which did not fix the error however disabling the automatic certificate update cleared the errors.
I have also enabled the Minimum download strategy feature on the site. This is a new feature introduced in SharePoint 2013 that improves client rendering performance by downloading only the changes when navigating page to page.     

Verification

With the above changes I see a good improvement in the overall site performance and pages only take 2-6 sec to load. The search and user login which was terribly slow also works much better now.

More Information

I came to know that SharePoint periodically checks the validity of the Security Token service certificates used for signing security tokens. To check the validity of these certificates the server tries to connect to the Internet and if there is no connectivity from the server to the Internet, it takes 15 sec before the connection attempt times out. This majorly impacts the overall performance of the SharePoint farm.

 

See Also

Have a look at the following links for further reference