Thursday, January 03, 2013

SharePoint Foundation Event ID 8321, solved

I have two servers running SharePoint 2013 and both were getting the same Event ID 8321 error every 15 minutes or so in the Event Viewer:

A certificate validation operation took 15004.9996 milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue. Please see for more details.

I made two changes to solve this, not sure which one did the trick finally but both are worth trying.  The first, my company uses a proxy server, but I didn't have this configured on either server.  The second was to download the latest (December 2012) Root Certificates from Microsoft here:

So far no more 8321 errors, if they do come back I'll let you know!

Happy 2013!

Updated 5/6/2013...well, turns out it was the first trick that solved this.  My company uses a proxy server to connect out to the Internet, but it's set up with a configuration script.  So...the fix is:

1) Regedit
2) In HKEY_USERS, for each SID based ID (not with _Classes) drill in to:

\Software\Microsoft\Windows\CurrentVersion\Internet Settings

3) Create two keys:

AutoConfigURL, string, set the value to your config script URL
ProxyEnable, DWORD, set to 0

Reboot for good measure.  This did work for me, no more of those pesky errors.

Update 1/21/14:
Found this Support article describing a fix which adds the SharePoint certificate to the trusted certificates store on the server:



Anonymous said...

Hi Steve,

The download link takes to the "Root Certificates For Windows XP".

I tried to download and install that in server 2012... no luck.. I could not install the file..

Wondering if the link is correct. ?


Unknown said...

the same for me, i try to find equivalent of this but it's only for XP.

Unknown said...


the same for me, i try to find an equivalent of this but it's only for XP...

Anonymous said...

Hey, thanks for this article. My situation was slightly different because I was sitting behind a web proxy and was running SharePoint with an Active Directory service account. So, my regular user account was getting through the proxy just fine, but the service account wasn't since it's a per user setting. Your article pointed me in the right direction. Thanks again!

Phil said...

Hi Steve,
For those who use a proxy but don't use an autoconfigure script for proxy settings, it's pretty easy to use the old:
netsh winhttp set proxy ...
or, set the proxy in IE, and use:
netsh winhttp import proxy source=ie


Phil said...

For those who use a proxy but not an autoconfigure script, it's pretty easy to use either:
netsh winhttp set proxy ...
or set the proxy up in IE in Connections and use:
netsh winhttp import proxy source=ie



Mayank said...

Certain times this is caused if the proxy settings are not valid for the server. These are not the IE connection settings.
Set your IE to talk to the correct proxy etc and then run the "import proxy" command in this link

Used PC Distributor said...

Nice Blog Post !