The certificate store on my Win7 box is constantly hanging. Observe:

C:\>1.cmd

C:\>certutil -?   | findstr /i ping
  -ping             -- Ping Active Directory Certificate Services Request interface
  -pingadmin        -- Ping Active Directory Certificate Services Admin interface

C:\>set PROMPT=$P($t)$G

C:\(13:04:28.57)>certutil -ping
CertUtil: -ping command FAILED: 0x80070002 (WIN32: 2)
CertUtil: The system cannot find the file specified.

C:\(13:04:58.68)>certutil -pingadmin

CertUtil: -pingadmin command FAILED: 0x80070002 (WIN32: 2)
CertUtil: The system cannot find the file specified.

C:\(13:05:28.79)>set PROMPT=$P$G

C:\>

Explanations:

• The first command shows you that there are –ping and –pingadmin parameters to certutil
• Trying any ping parameter fails with 30 seconds timeout (the current time is seen in the prompt)

This is a serious problem. It screws all the secure communication in my app. If anyone knows how this can be fixed - please share.

Thanks.

P.S.

1.cmd is simply a batch of these commands:

certutil -? | findstr /i ping
set PROMPT=$P($t)$G
certutil -ping
certutil -pingadmin
set PROMPT=$P$G

EDIT1

I have succeeded to pin down the single windows API that causes the problem - DsGetDcName

According to the windbg, the certutil -ping invokes it like so:

PDOMAIN_CONTROLLER_INFO pdci;
DWORD ret = ::DsGetDcName(NULL, NULL, NULL, NULL, DS_DIRECTORY_SERVICE_PREFERRED, &pdci);

On my workstation it times out for 30 seconds and then returns error code 1355, which is ERROR_NO_SUCH_DOMAIN No domain controller is available for the specified domain or the domain does not exist.

On another machine, which is accidentally a windows server 2003, it returns almost immediately with the correct domain controller name inside the returned DOMAIN_CONTROLLER_INFO structure.

Now the question is what is missing on my workstation for that API to find the correct domain controller?