Connection to IMAP/POP3/SMTP servers using SSL/TLS can take a long time

Applies to

All UCX Suite versions.

Description

Connection to a POP3/IMAP/SMTP server using a secured channel (SSL or TLS) can take a long time (even 75 seconds) on UCX Suite servers that are in a workgroup and isolated from Internet.

You can experience this also on the UCX WEB page pressing the "Test" button.

Cause

When a secure connection is established with an external mail server (including GMail and Office365), Windows tires to verify if the remote server certificate is a trusted (and not revocated) certificate.

Normally this is done querying the local CA (domain controller); if the UCX server is not in a Windows Domain, this check is attempted online invoking an HTTPS Windows Update URL .

If the machine is isolated form Internet this attempt can fail with a very long timeout (up to 75 seconds).

Solution

Edit the local policies of the server reducing the connection timeout for the Certificate Path Validation.
Below the required steps.

1. Execute gpedit.msc with admin privileges.

2. Select Windows Settings -> Security Settings -> Public Key Policies -> Certificate Path Validation Settings.

3. Edit the properties of Certificate Path Validation Settings, select the Network Retrieval tab.

4. Enable the flag "Define these policy settings", disable the other ones and set the two retrieval timeout to 1 second.

5. Apply the change, then restart Digital Fax and IIS services.