Hello All. I found an interesting bug and solution you might want to put in "long-term storage". I have a SharePoint server which is the dev environment. As per standard rules of least privelage, the farm runs using various service accounts, the majority of which have either no internet access or limited access - as internet access restrictions apply to user accounts where I work. Everything passes through a proxy/content filter.
I have just begun to explore Sandboxed solutions but immediately hit upon problem. I was getting "The sandboxed code execution request was refused because the Sandboxed Code Host Service was too busy to handle the request". Which is weird because everything is set up correctly and the server has loads of RAM and processors doing not much. It was talking botox.
I found that the "SharePoint 2010 User Code Host" service contacts Microsoft HQ to check certificate revokation. If it gets no http response, it carries on and lets the thing run. If it gets an http response but not the correct one, it gives this message. Clever eh?
So if you have a proxy/content filter which comes back with "Access denied due to corporate policy" (or some such) then it thinks it has made contact with Microsoft HQ but did not receive the response it wanted. It then gets stuck in a timeout or retry loop.
The fix for this is either to get the IT folks permit access to crl.microsoft.com (for the account running the User Code host service) or just add 127.0.0.1 crl.microsoft.com to your hosts file in C:\Windows\system32\drivers\etc (easier in my case) so that it gives up straight away without getting an http reply.
No comments:
Post a Comment