Slow App Pool Startup - IIS 6 & IIS 7 - Servers with no Internet access

We've resolved an issue that some customers have been seeing with slow application pool start up times. When I say slow start up times, I mean 2-5 minutes (not 10 seconds). This was happening for customers in secure/closed environments where the servers did not have outside internet access.

Basically for ASP.Net web applications any certificate signed assemblies [and we have them in our Web Client] are verified on load [when the AppPool spins up] with a Certificate Revocation List (CRL) over the internet. If the internet is not accessible then this eventually times-out causing the extra delay seen in the Web Client responding after an IIS reset or similar. So, the MetastormWebAppPool would take 90-120s to start up. Then, if you were using HTTP in your EngineServiceConfig.xml, you would see another 90-120s for the MetastormEngineDotNetAppPool to start up. Obviously this is a big barrier to deal with.

Use the following setting in the runtime tag

<configuration>
    <runtime>
        <generatePublisherEvidence enabled="false"/>
    </runtime>
</configuration>

If it's not desirable to turn off this verification system-wide then add the above setting in the ASPNET.CONFIG located under framework directory (%windir%\Microsoft.NET\Framework\framework_version\) version IIS running under.

Otherwise for a system wide setting, the system-wide MACHINE.CONFIG can be used in CONFIG folder under framework directory (%windir%\Microsoft.NET\Framework\framework_version\CONFIG) version IIS running under.

Some details can be found on MSDN blogs such as http://blogs.msdn.com/b/amolravande/archive/2008/07/20/startup-performance-disable-the-generatepublisherevidence-property.aspx

Now, keep in mind that 9.1.3 is utilizing ,net 4.0 as well as 3.5. so you’re going to need to update machine configs in the following locations (app pools as 32bit):

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config

Or 64bit:

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config

The original runtime tag in the machine.config’s looks like:

<runtime/>

So I deleted that and inserted:

<runtime>
  <generatePublisherEvidence enabled="false"/>
</runtime>

After making the changes, an IISRESET will suffice.

As always, make backups of the original files before making changes. I've attached some sample machine.config's so you can see what the change would look like.

Find more posts tagged with

BPM

Comments

Daniel_Michael

I have verified that this works for IIS 6 and for IIS 7. Be sure to pay attention to what version of asp.net your application is utilizing. I updated both the v4 and v2 machine.config's to resolve this issue.

Ryan Saul

Hi Dan,

Thank you for sharing!

I have been bothered for months as to why the app pools were so slow at startup (and during the day when the app pool refreshed).

Running Wireshark showed that the server was going through a range of Verisign IP's looking for the CRL. (all denied due to no internet access on the server)

I made the changes as per below and the problem has been resolved.

Kind regards,

Ryan

Matt_Michael

The article has been updated so that it reflects the information provided from images that were no longer present. Should be a bit easier to follow now.