[CyberArk] [PSM] Connections from PSM servers take long time to connect to targets

Modified on Mon, 6 Aug, 2018 at 3:51 PM

Symptom:

When working with a RDS environment that is not connected to the internet, RDP from PSM servers take long time and is usually stuck on "securing connection.."


Cause:

This issue is caused by the local policy on the RDS to try and get Microsoft's CRL list from the internet for each connection. Since the PSMs are isolated from the internet, it takes them around 10-15 seconds to time-out and continue with the RDP connection.


Solution:
In order to solve the issue, please disable the Microsoft CRL lookup for isolated RDS environments. This can be done via the PSM GPO:

  1. Open the GPO editor and go to Computer Configuration > Windows settings > Security Settings > Public Key Policies
  2. In the details pane, double-click the Certificate Path Validation Settings.
  3. In the network Retrieval tab, select Define these policy settings and then clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box
  4. Apply policy on the server ("gpupdate /force" or "gpupdate /sync /boot") and test the RDP again. It should connect immediately.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article