[cvsnt] CVSNT 2.5.04 build 3236 server really slow

jml at nykredit.dk jml at nykredit.dk
Wed Nov 12 11:02:15 GMT 2008 

   You may be right, but I can't find any other executables (Microsoft or
   other) on the server that are signed, except the cvs services
   (cvsservice and cvslock) and of course the cvsnt-installer, but they
   all start immediatly with no delay at all. Only the cvs.exe processes,
   that are "childs" of the cvsservice are delayed. The delay is constant
   and about 90 seconds per execution.
   The security settings on the server have no "Software Restriction
   Policies" defined.
   If I use Sysinternals Process Explorer to locate any cvs dll, I can
   push the "Verify" button on the dll-properties window, and the dll is
   verified faster than I can blink.
   If I display properties for a cvs.exe process in Process Explorer, the
   TCP/IP tab will show that the process is issuing 6 consecutive
   requests to 199.7.xxx.xxx:http (the xxx.xxx portion varies, but is
   mostly 71.190). Every request stays in status SYN_SENT for
   approximately 15 seconds.
   I cannot ping or nslookup the IP-address 199.7.71.190. (Where/what/who
   defines which IP-address to use for the certificate verification?) I'm
   told theres is no blocking in the firewall og DNS.
   "crl.verisign.com/net" resolves to different IP-adresses
   (199.7.48..54.190).
   I don't have similar problems with any other program.
   When running cvs.exe on the command line on the server there is NO
   delay.
   Regards,
   Jørgen Møller Larsen 
   
   "Arthur Barrett" <arthur.barrett at march-hare.com>

   06-11-2008 11:05

                                                                      Til

   <jml at nykredit.dk>, <cvsnt at cvsnt.org>

                                                                       cc

                                                                     Emne

   RE: [cvsnt] CVSNT 2.5.04 build 3236 server really slow

   Jørgen,
   > And what if I
   >    can't persuade the network people to change the DNS
   > servers? Can the
   >    signature verification be turned off?
   No - it's a windows thing.  CVSNT doesn't verify the signature -
   windows does.  It does this in 2.5.04 because the binaries are signed.
    Many corporates now have a policy not to run any unsigned executables
   - and many (most?) new commercial software is all signed - so you will
   be having the same problem with lots of programs - including every
   Microsoft update.
   Regards,
   Arthur Barrett

More information about the cvsnt mailing list