IIS 6.0 CRL Checking issue

Hi

I'm running a ASP.NET 2.0 website on IIS 6.
I have installed a SSL Server Certificate and configured the website
to use SSL.
I'm currently trying to configure the site for SSL client
authentication using X509 Client Certificates generated on a local

Windows 2003 CA.
The website has been configured to "Require Client Certifciates" on
IIS 6.

It all works fine except for one thing : CRL checking.

I want to configure IIS 6 to update its cached CRL after a specific
time interval.

I understand that thsi can be done by setting the following keys in
the IIS 6 metabase :

CertCheckMode
RevocationFreshnessTime
RevocationURLRetrievalTimeout

Could you please confirm if my understanding is correct :
>From what I gather , setting CertCheckMode to 4 will force IIS to
update it's CRL after an interval specified
as the RevocationFreshnessTime in seconds.
The amount of time allowed to download the new CRL is to be set as the
RevocationURLRetrievalTimeout ( in seconds) key.

I have tried this out and am unable to get this working.
When CertCheckMODe is set to 4 , irrespective of whether the client
certificate is revoked or valid
I always get a HTTP Error 403.13 error :
( Client certificate has been revoked on the Web server.)
I have tried installing valid client certificates , re-publishing the
CRL but always end up with the 403.13 error.

My IIS 6 server is not behind a prxoy and I was able to successfully
downlaod the CRL from the url specified in the
CRl Distribution Point in the client certificate.

Running "certutil.exe -verify -urlfetch clientcertificate.cer " on
the IIS server also gives the proper results.

IIS 6.0 works fine when CertCheckMode is set to 0,1 or 2 and the issue
only occurs with CertCheckMode set to 4 which I need

to use.

Please help ...All suggestions welcome !!