|Applies To||RSA Product Set: Archer|
RSA Product/Service Type: Archer
RSA Version/Condition: Any
|Issue||Network logs show ArcherTech.JobFramework.Job processes making a large number of outbound requests to external servers registered to Akamai. Is this the expected behavior?|
Akamai is a content hosting service that hosts certificate revocation lists. When the Archer Job Engine makes calls through HTTPS, it also makes calls to Akamai to check for certificate revocation.
|Resolution||To prevent the external calls to Akamai you can do the following:|
Disable CRL checking for the user account running job engine. Note that this does NOT disable signature verification--the signing cert is still matched against the trusted root store and must be valid.
HKEY_USERS[SID of user account running Job Engine]\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
Change State from 23c00 (default, checking enabled) to 23e00 (checking disabled)
To find the Security ID (SID) of the user account running the job engine, you can use the command line as described in this link: