Slow UAC – Fixing SSL Connection Issues to Router

connectiondnsperformanceuac

Some apps (UAC and others) have been slow to open, a 5~25 second delay. Even task manager, because of UAC. This is consistent.

Resource Manager showed 100+ new connections being created to my router's hostname edgerouter.fnc within seconds, and closed immediately.

Eventually I discovered that my router's hostname, not IP address, was shown in these connections. I removed hostname from my hosts file and from my DNS server (Acrylic). That is a workaround, no more connections are being created. I can also disable the web server in my router, this also prevents connections being created.

But this isn't a real solution. I should be able to give my router a hostname in my DNS server.

So why are these connections created? You can't say it's consent.exe, because other apps do it too, and it's not normal behavior. It's not malware, I've scanned with two separate applications.

I can't test it in Safe Mode, since UAC doesn't show up.

Edit: if I change the name in my hosts file, say 192.168.1.1 blabla, no connections are made and there is no delay.

Edit: for some applications, consent.exe is fast. For some, it takes 25 seconds.

Edit: TCPView was not helpful. At least Wireshark shows all traffic, which isn't helpful because of SSL (can't see a thing).

Edit: The name edgerouter.fnc also doesn't occur in my registry. I did have a self signed certificate with that name, so Chrome would accept it. That certificate is now gone, and I didn't delete it myself.

Edit: The issue disappeared! The router now has a new certificate, probably through a software update. I downloaded that certificate, installed it, added the new name to my hosts file. Using the hostname, I can connect to the router, browser is happy. Consent.exe is no longer creating SSL connections to the router.

Best Answer

Not a guaranteed solution, but it most likely has to do with custom or self signed certificates.

Run

certmgr.msc

and look under Trusted Root Certification Authorities to find anything self-signed, i. e. not issued by an existing certification authority.

All I did is delete that certificate and the problem was gone.

Explanation:

I created a certificate for my router, that I installed as a trusted root certificate. Because otherwise, my browser kept showing nasty certificate errors.

Wireshark proved that the hostname was specifically requested by my computer. So that points to the hostname being read from somewhere, not the registry - because I checked for that. The only other place was my certificate store.

Addendum: It looks like consent.exe checks if certificates have been revoked. The poster of this answer had self signed certificates and problems with them as well: https://security.stackexchange.com/a/179064

Related Solutions

Linux – Putty can’t connect over SSH to hostname, IP connection works

You have a problem with name resolution on the client you try to connect from (W7).

All connections are made to a destination IP address. If you supply a name, the computer first resolves that name into an IP address. This is where you fail today.

If your gentoo box / home router's IP address can't be looked up from either the hosts file, or with an A (or AAAA for IPv6) record in DNS (possibly via a CNAME), your windows machine won't understand what IP the gentoo box has.

To be able to give a good answer to your question, we need a bit more information from you, describing the network setup a bit, so we don't make wrong guesses. For instance:

are the windows and gentoo boxes both on the "inside" network?
are they both configured as DHCP clients?
is the router the only DHCP server on the internal network?

Did you use any DynDNS service when it was working earlier, or has the W7 installation changed somehow? (Different PC, reinstall, virus, etc?) Perhaps you had an entry in the hosts file before, when it was working, and it is now missing.

Why the router can figure out the internal/private IP address of the linux box while the windows box cannot, is because they use different sources for their name information. Maybe the router itself has that information. Is it also a DHCP server? Maybe that's why the router knows.

EDIT (2012-08-06): Based on new input,
On the gentoo box, make sure you have an entry in /etc/hosts that looks like this:

192.168.0.3   hostname.domain.tld  hostname

(replace 192.168.0.3 with the real (internal) IP address of the gentoo server, and hostname.domain.tld to be the fully qualified domain name you wish to use, and the last word on the line to be the hostname without the domain (ie, the word before the first .).

Put the same line in the %WINDIR%\System32\drivers\etc\hosts file, but remember that windows name lookups of your gentoo box will be then taken from that file, and not from DNS.

This should make the name lookups work (locally) on both the gentoo server itself, and the windows client, without consulting DNS.

In /etc/apache2/vhosts.d/00_default_vhost.conf (if that's where your web server is configured), make the ServerName entry match the FQDN (hostname.domain.tld) that you have in the /etc/hosts file.
This should allow apache to start without warnings.

Best Answer

Related Solutions

Linux – Putty can’t connect over SSH to hostname, IP connection works

Related Question