By default, enrollment endpoints will poll the server hosting the Certificate Enrollment Policy Web Service every 8 hours. If you want to increase or decrease how often enrollment endpoints poll the Certificate Enrollment Policy Web Service, complete the following procedure.

To adjust the polling interval of the Certificate Enrollment Policy Web Service using PowerShell

  1. Log in to the server hosting the Certificate Enrollment Policy Web Service.
  2. Open an elevated PowerShell window. Select Start > Windows PowerShell, then right-click Windows PowerShell > Run as administrator.
  3. Set the $PSPath variable for the authentication type:

    • For user name and password authentication, enter the following command:

      $PSPath = "MACHINE/WEBROOT/APPHOST/Default Web Site/ADPolicyProvider_CEP_UsernamePassword"

    • For Kerberos authentication, enter the following command:

      $PSPath = "MACHINE/WEBROOT/APPHOST/Default Web Site/ADPolicyProvider_CEP_Kerberos"

  4. Enter the following command to add the configuration option nextUpdateHours:

    Add-WebConfigurationProperty -pspath "$PSPath" -filter "appSettings" -name "." -value @{key="nextUpdateHours"}

    The configuration option nextUpdateHours controls how often, in hours, enrollment endpoints will poll the Certificate Enrollment Policy Web Service.

  5. Enter the following command to set the value of nextUpdateHours to 1 hour (the minimum interval supported).

    Set-WebConfigurationProperty -pspath "$PSPath" -filter "appSettings/add[@key='nextUpdateHours']" -name "value" -value "1"

  6. Enter the following command to add the configuration option RetryIntervalMs:

    Add-WebConfigurationProperty -pspath "$PSPath" -filter "appSettings" -name "." -value @{key="RetryIntervalMs"}

    The configuration option RetryIntervalMs controls controls how frequently, in milliseconds, Certificate Enrollment Policy Web Service refreshes templates and Certificate Authority (CA) information.

  7. Enter the following command to set the value of RetryIntervalMs to 300,000 milliseconds (5 minutes):

    Set-WebConfigurationProperty -pspath "$PSPath" -filter "appSettings/add[@key='RetryIntervalMs']" -name "value" -value "300000"

    Avoid setting the value too small (values less than 1000) to avoid overhead on Microsoft IIS and Active Directory servers.

  8. Enter the following command to restart Microsoft IIS and apply the changes:

    iisreset