We are integrating a SharePoint website ( Project Plan Management that is integrated with Sharepoint) with CA SSO Agent for SharePoint. We finished installing and configuring the agent and when access the website, we see that the CA SSO Agent for Sharepoint is able to generate the WS FED token and post it to the Sharepoint successfully. However when SharePoint gets the token, during the validation, it tries to check the certificate Root for some reason as seen in the highligted section #and then we see an error on the browser:
Log Name: Microsoft-Windows-CAPI2/Operational
Source: Microsoft-Windows-CAPI2
Date: 12/14/2016 8:16:43 PM
Event ID: 20
Task Category: Retrieve Third-Party Root Certificate from Network
Level: Error
Keywords: Automatic Root Update,Retrieval,Path Discovery
User: xxxxxxxxyyyyyyyy
Computer: <central admin server>
Description:
For more details for this event, please refer to the "Details" section
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>20</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000032</Keywords>
<TimeCreated SystemTime="2016-12-15T02:16:43.516305100Z" />
<EventRecordID>504</EventRecordID>
<Correlation ActivityID="{1027C19D-4CFB-0044-D746-6AB86ADD498A}" />
<Execution ProcessID="13752" ThreadID="1208" />
<Channel>Microsoft-Windows-CAPI2/Operational</Channel>
<Computer>xxxyyy.mmmmm.com</Computer>
<Security UserID="S-1-5-21-602162358-448539723-682003330-744972" />
</System>
<UserData>
<CertAutoRootUrlRetrievalWire>
<SubjectCertificate fileRef="30E226074153D615E915D77B84F1018A363252DE.cer" subjectName="FederationSTGsignging certificate" />
<URL scheme="http">http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab</URL>
<EventAuxInfo ProcessName="w3wp.exe" />
<CorrelationAuxInfo TaskId="{CB21EF27-D5F7-49C4-B2E5-28E419067B48}" SeqNumber="5" />
<Result value="5B4">This operation returned because the timeout period expired.</Result>
</CertAutoRootUrlRetrievalWire>
</UserData>
</Event>
Now this is a DMZ server that does not have access to the internet. We did import the Root CA and the intermediate certifiacte into the SharePoint at the time of running the Powershell during configurtion on the Central Admin server as well as into the windows certificate Datastore under Trusted Certificate Authorities on to the server through MMC. But stil we keep getting this error??
Any suggestions on where to look on the Sharepoint server for this issue ??
Thanks