Long delay at PowerShell startup

Sometimes, a relatively large amount of time elapses from PowerShell startup resp. the loading of the Snap-In until the point in time when the PowerShell prompt appears and you can start working. In general this appears in environments without Internet connectivity.


Part of the PowerShell Extensions for Ivanti DSM is a digitally signed .NET assembly. Such assemblies are treated in a special way by the Microsoft .NET Framework, resulting in a long delay at startup under some circumstances.


While loading the assembly, the .NET Framework needs to proof the validity of the assembly's signing certificate. Therefore a so called "Certificate Revocation List", that is a list of certificates revoked by their issuer for some reason, needs to be refreshed from an external host.


The actual certificate is issued by the certification authority "GlobalSign" (http://www.globalsign.com) and therefore the .NET Framework tries to fetch the certificate revocation list available at the URL http://crl.globalsign.com. In an environment without Internet connectivity, this results in timeouts causing the delay at startup.



There are at least two workarounds to speed up the starting process:


  1. Configuration of the DNS in the testing environment
    If you can forgo Internet connectivity in your testing environment, you can configure the DNS not to forward queries that can not be resolved locally. In such a configuration, the server can answer queries immediately without waiting for answers from remote machines.

  2. Configuration of the Internet Explorer
    The refreshing of the certificate revocation list can be disabled on a per user base in the configuration options of  Internet Explorer. This sensible and low risk configuration is recommended in separate testing environments.

    Please follow the instructions to apply the configuration:
    • Log on with the account you plan to use the PowerShell Extensions for Ivanti DSM with
    • Open the Internet Explorer
    • Click on Tools | Internet Options
    • Select the tab "Advanced"
    • Scroll down to the section "Security" and uncheck the entry "Check for publisher's certificate revocation"
    • Close the dialog by clicking the "OK" button