Due to nature of proper certificate validation processes, windows server need to validate the CRL (Certificate Revocation List). Since the CRL is a normal file, which we can download from CA provider, we need to ensure the accessibility of those files.
in some customer environments we also find a mysterious behavior and we need to modify the WINHTTP proxy settings manually.
there are two ways how to do so, if the normal IE setting will not work:
netsh winhttp import proxy ie
netsh winhttp set proxy proxy-server="http://wstmg.customer.com:3128" bypass-list="*.customer.com,<local>"
while with the bypass-list we need to play around till it fits.
Also happened, especially in Exchange, I had to reboot the server before the settings got activated.
Also don't forget about the IE Setting:
for installation purposes (also for service packs), you should disable these setting if you DONT have…