Search code examples
.netwindows-server-2016.net-4.8

.net 4.8 install failing - the revocation function was unable to check revocation because the revocation server was offline

Server 2016 attempting to install the offline dotnet 4.8 exe "ndp48-x86-x64-allos-enu.exe" I receive the following error:

"the revocation function was unable to check revocation because the revocation server was offline"

Have attempted disabling Check for publisher's certificate revocation

Solution

  • Follow the steps below:

    Step 1:

    • Run Local Group Policy Editor (gpedit.msc)
    • When the Local Group Policy Editor opens, expand Computer Configuration > Security Settings > Public Key Policies, and then double click on certificate path validation settings.
    • When certificate path validation settings properties open, go to the network retrieval tab.
    • check "Define these policy settings" and then uncheck "Automatically update certificates in the Microsoft root certificate program (recommended)".
    • Click OK.
    • note: This configuration change can impact the security of your deployment. Before proceeding, your organization should internally review and assess the impact of disabling this setting.

    Step 2:

    download these three CRL files using a pc that has access to the internet and copy them to your server.

    MicRooCerAut2011_2011_03_22.crl

    MicCodSigPCA2011_2011-07-08.crl

    microsoftrootcert.crl

    I assume you copied the files to the root of drive D, Open PowerShell, and execute these commands:

    certutil.exe -addstore -f Root D:\microsoftrootcert.crl
certutil.exe -addstore -f Root D:\MicCodSigPCA2011_2011-07-08.crl
certutil.exe -addstore -f Root D:\MicRooCerAut2011_2011_03_22.crl

    Step 3:

    Install .net 4.8 and as soon as installation completed revert the settings that you changed in step one.

    **Do not forget to reset the settings of step one after installation.**