Has been a week of make, break, fix and make it faster.
Performance issues with SharePoint can be caused by many issues. This is one small avoidable issue that can help improve the page load speeds.
As a general rule the first thing to start with when troubleshooting performance issues with web page loads times, is to enable the developer dashboard. This will give you a break down of the components the page loads and the associated load times.
To enable the Dev Dash : http://workingsharepoint.blogspot.co.uk/2012/03/developer-dashboard.html
One item we found consistently coming up with a long load time (20s) during testing was the following. (SPCertificateValidator.Validate). Execution Time=20034.2566316328
A quick explanation of this is that a component on the page is trying to check the validity (CRL check) of the "SharePoint Root authority" certificate. As it cant find it in the Trusted root certificates, Windows tries to retrieve the CRL from the net and causes the delay.
See the MS article for a full explanation.
Solutions to this are to do one, or both if a test environment, on your WFE servers.
This comes straight from the MS article which is referenced below.
A> Install the SharePoint Root Authority certificate in the Trusted Root Certification store.
1. Obtain the “SharePoint Root Authority” certificate as a physical (.cer) file
a. Launch the SharePoint 2010 PowerShell window as Administrator
b. $rootCert = (Get-SPCertificateAuthority).RootCertificate
c. $rootCert.Export("Cert") | Set-Content C:\SharePointRootAuthority.cer -Encoding byte
2. Import the “SharePoint Root Authority” certificate to the Trusted Root Certification store
a. Start | Run | MMC | Enter
b. File | Add/Remove Snap-in
c. Certificates | Add | Computer account | Next | Local computer | Finish | OK
d. Expand Certificates (Local Computer), expand Trusted Root Certification Authorities
e. Right-click Certificates > All tasks > Import
f. Next | Browse | navigate to and select C:\SharePointRootAuthority.cer | Open | Next | Next | Finish | OK
B> Disable the automatic update of root certificates on the SharePoint Servers.
1. Launch gpedit.msc as a local administrator.
2. Go to Computer Configuration | Windows | Security settings | Public Key Policies | Certificate Path validation settings.
3. On the Network Retrieval tab, define the policy and uncheck “Automatically update certificates in the Microsoft Root Certificate Program”
4. Run gpupdate /force for the policy to take effect immediately.
In our development environment we enabled both as there is a minimal risk but is not reccomended for any public facing Production Environment.
The article was for a search page but in our case was happening on the Home page of our site so this helped increase the page loads time by around 20 seconds.
MS Article : Search results are returned much slower intermittently
http://support.microsoft.com/kb/2639348
No comments:
Post a Comment