You may notice that after starting the EmpowerID Web Role Service it may take an abnormally long amount of time for the EmpowerID assemblies to be synchronized with the local Global Assembly Cache (GAC). In some cases EmpowerID support teams have seen this process take upwards of 4 to 12 hours to complete.
This odd behavior is due to the .NET Framework attempting to access the certificate revocation list (CRL) for each assembly as it compiles to native code. If the EmpowerID server does not have Internet access or is restricted from accessing the crl.microsoft.com domain you will face a delay starting up or running some applications. EmpowerID includes more than 1,300 assemblies, one for each of the various workflow components. Each of these assemblies has to perform a check against the CRL and wait for the check to timeout before proceeding.
This behavior is caused by network requests to the following URLs:
Make sure to add crl.microsoft.com to the allowed list (on your firewall or proxy) and you should avoid issues of this nature. You can also disable certificate revocation list functionality machine-wide by navigating to Control Panel > Internet Options > Advanced > Security and unchecking "Check for publisher's certificate revocation option".
NOTE: EmpowerID support recommends re-enabling the "Check for publisher's certificate revocation option" setting after EmpowerID has successfully synchronized with the GAC in a production environment.
Please feel free to contact us by e-mail at firstname.lastname@example.org or by phone at (877) 996-4276 (Option 2) if you have any questions or concerns regarding this guide.