This entry is for those environments with the June 2012 CU for SharePoint 2010 (And as Mike notes in the comments 2012 December CU) . This patch causes CRL checks to be enforced, which in turn affects some native functionality of SharePoint AdminV4 service.
When running the SharePoint Product Configuration Wizard, the configuration will fail with the following error:
Failed to create the configuration database.
An exception of type System.InvalidOperationException was thrown. Additional exception information: Cannot start service SPAdminV4 on computer '.'.
When running the SharePoint Product Configuration Wizard, the configuration will fail with the following error:
Failed to create the configuration database.
An exception of type System.InvalidOperationException was thrown. Additional exception information: Cannot start service SPAdminV4 on computer '.'.
In order to bypass the CRL Check for SPAdminV4 service startup, the
following steps need to be completed on each SharePoint server.
1.) Add a new computer policy which alters the options for retrieving
certificate validation on a network.
2.) Add host file entries into the local computer host file.- Alter the computer policy
- Click on Start-Run
- Type in "GPEdit.msc" and click "OK"
- Expand Computer Configuration-Windows Settings-Security Settings-Public Key Policies
- Double-click "Certificate Path Validation Settings"
- Click on the "Network Retrieval" tab
- Check the box "Define these policy settings"
- Uncheck "Automatically update certificates in the Microsoft Root Certificate Program (recommended)" and "Allow issuer certificate (AIA) retrieval during path validation (recommended"
- Click on "OK"
- Close out of GPEdit.msc
- Add host file entries
- Click on Start-Run
- Type in "C:\Windows\System32\Drivers\Etc" and click "OK"
- Double-click the file "Hosts"
- Select "Notepad" as the program to open the file
- Insert the following lines into the hosts file
- 0.0.0.0 crl.microsoft.com
- 0.0.0.0 crl.verisign.com
- 0.0.0.0 ocsp.verisign.com
- 0.0.0.0 SVRSecure-G2-crl.verisign.com
- 0.0.0.0 SVRSecure-G3-crl.verisign.com
- 0.0.0.0 www.download.windowsupdate.com
- 0.0.0.0 SVRSecure-G2-aia.verisign.com
- Save the file and exit notepad
