Description
We have updated our code signing certificate due to which some users may experience challenges in connectivity between Studios with Agents, this is happening because code signing certificate details updated by Leapwork are not updated at Windows end and Windows might take time to update new certificates. With disconnected networks, this issue becomes more predominant and may lead to slow start of the agent (half of a minute or even more). Waiting for Windows update is not advisable as in disconnected/firewalled networks, Windows update may not be possible or may take a few months.
Resolution
You can disable the network retrieval of trusted and untrusted CTLs. To do this, you have to disable automatic root updates by using Group Policy settings. To disable automatic root updates by using policy settings, follow these steps:
- Create a Group Policy or change an existing Group Policy in the Local Group Policy Editor.
- In the Local Group Policy Editor, double-click Policies under the Computer Configuration node.
- Double-click Windows Settings, double-click Security Settings, and then double-click Public Key Policies.
- In the details pane, double-click Certificate Path Validation Settings.
- Click the Network Retrieval tab, select Define these policy settings, and then clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) checkbox.
- Click OK, and then close the Local Group Policy Editor.
After you make this change, automatic root updates are disabled on those systems to which the policy is applied. We recommend that the policy be applied only to those systems that do not have Internet access or that are prevented from accessing Windows Update because of firewall rules.
If automatic root updates are disabled, Administrators must manually manage root certificates that are trusted by Windows. Trusted root certificates can be distributed to computers that are running Windows by using Group Policy. Please refer to the following link => "More Information" section:https://support.microsoft.com/en-us/help/2677070/an-automatic-updater-of-untrusted-certificates-is-available-for-window
If this issue continues, please contact our Priority Support.
Comments
0 comments
Please sign in to leave a comment.