So, I released a new version of one of my applications. This application is a Windows service. Nothing strange about this version so I rolled it out. Suddenly, a lot of users where complaining about that the service did not start.
One strange thing was that when changing the user that runs the service from SYSTEM (which is my default) to a local administrator it worked.
I tried to create similar environments but could not reproduce the problems. I got desktop access on one of the users server and saw, while running ProcessExplorer that a lot of queries were done to CryptoAPI dll’s before it finally gave up and timed out. This led me to think of that it was some deeper security problem.
I recently started signing my service with GlobalSign instead of Thawte so maybe it was something about that. I ran into this KB: http://support.microsoft.com/kb/936707
So, I added the following lines to the config and it started to work when running as SYSTEM:
I don’t know if the problem is specific to GlobalSign. Implementation error or that root certificates are missing. Or that my previous signing certificate was cached in some way. If you know – then please let me know. Right now, I am just satisified that this solution works.