The setup wizard has determined that Certificate Revocation List(CRL) checking is enabled

While performing Exchange Server 2010 Update Rollup, if you encounter an error “The setup wizard has determined that Certificate Revocation List(CRL) checking is enabled on this computer“, try following the easy steps below to fix the issue.

We can prevent Microsoft Exchange Server to check Certificate Revocation from Internet Explorer Properties. Press Windows Key + R  simultaneously to open Run Dialog Box and type Inetcpl.cpl (shortcut for Internet Properties).

Click Advanced Tab > Under Security > Uncheck “Check for server certificate revocation” > Apply and Ok.

Try Re-installing the Exchange 2010 Update Rollup for Exchange. Here I am installing it from the command prompt.

Open Command Prompt in Administrator Mode. Cd to the location where update rollup is present.

C:\>.\Exchange2010-KB4536989-x64-en.msp

Note: You can even run it by double-clicking on the update file.

The Certificate Revocation List(CRL) error will not appear now. Proceed with a successful update of Exchange Server 2010.

Alternate way to disable Certificate Revocation check:

  1. Open Regedit on the Exchange Server going to be updated.
  2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing.
  3. Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal.
  4. Restart the Exchange Server and try performing the rollup update again. It will complete successfully

Note: Disabling the revocation check in the production environment is not recommended. Please do enable it back once the update is successful.

Understanding its importance:

Enabling this option will help your server to check for Certificate Revocation and check whether the certificate being used has been revoked by the certificate authority before it was set to expire. It protects our clients against the use of invalid server authentication certificates as they have expired or revoked. In the Internet Explorer browser, this option is checked by default.

In our Exchange Server Update Rollup scenario, let’s find out the easy way out to disable it. I highly recommend you to enable it back once you update your Exchange Server 2010 in the production environment.

Friends, thank you so much for reading my blog. If I helped you in any way please let me know by commenting below.  It is very much appreciated. I will see you in the next blog.

Ajey Kumar Gupta
(Exchange Admin)

Must Check: 

a) How to run the Hybrid Configuration Wizard (HCW) from Powershell?

b) Create Lynda Premium Account for 1 Year.

c) 5 Practical Easy Steps to Reduce Stress.

Subscribe Us

😀👊👆

Total Page Visits: - Today Page Visits:

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: