Knowlege base

Connection to IMAP/POP3/SMTP servers using SSL/TLS can take a long time

Article ID: 680
Last updated: 12 Jun, 2019
Applies from Application Suite 201x (any version)
to version Application Suite 201x (any version)

Applies to

All IAS versions.

Description

Connection to a POP3/IMAP/SMTP server using a secured channel (SSL or TLS) can take a long time (even 75 seconds) on IAS machines that are in a workgroup and isolated from Internet.

You can experience this also on the IAS WEB page pressing the "Test" button.

Cause

When a secure connection is established with an external mail server (including GMail and Office365), Windows tires to verify if the remote sserver certificate is a trusted (and not revocated) certificate.

Normally this is done querying the local CA (domain controller); if the IAS server is not in a Windows Domain, this check is attempted online invoking an HTTPS Windows Update URL .

If the machine is isolated form Internet this attempt can fail with a very long timeout (up to 75 seconds).

Solution

Edit the local policies of the server reducing the connection timeout for the Certificate Path Validation.
Below the required steps.

1) Execute gpedit.msc with admin privileges.

2) Select Windows Settings -> Security Settings -> Public Key Policies -> Certificate Path Validation Settings.

3) Edit the properties of Certificate Path Validation Settings, select the Network Retrieval tab.

4) Enable the flag "Define these policy settings", disable the other ones and set the two retrieval timeout to 1 second.

5) Apply the change, then restart Stonefax and IIS.

Article ID: 680
Last updated: 12 Jun, 2019
Revision: 1
Views: 876
Print Export to PDF Subscribe Share
This article was:  
Prev   Next
How to set fax rate / modem max speed in Stonefax     The SIP invite coming from the CUCM and directed to the QME is...