Some days ago this certificate expired within the Microsoft Information Worker VM. The reason I noticed is because I’m currently conduction a FAST for SharePoint workshop in Brussels, and this very morning all the attendees got the same error
Failed to connect to demo2010a.contoso.com:13391 Failed to initialize session with document engine: Unable to resolve Contentdistributor
Certainly not the easiest error to decode, but as I lectured on the importance of the validity period of the certificate yesterday I got on the right track in not too long…. after checking some logs in FAST and not finding anything in particular.
So we added the certificate replacement as an ad-hoc exercise.
If you want to fix this the quick way, here are the steps you need to take to get indexing back up on the image, and read my previous post as to how you can extend this longer than a year.
In a FAST PowerShell Command
net stop FASTSearchMonitoring
net stop FASTSearchService
cd C:\FASTSearch\installer\scripts
.\ReplaceDefaultCertificate.ps1 -generateNewCertificate $true
net start FASTSearchService
net start FASTSearchMonitoring
In a SharePoint PowerShell Command
cd C:\FASTSearch\installer\scripts
.\SecureFASTSearchConnector.ps1 –certPath "..\..\data\data_security\cert\FASTSearchCert.pfx" –ssaName "FASTContent" –username "contoso\administrator"
iisreset
or you can do this which will handle all of the above in a single elevated PS instance:
ReplyDelete###################################
# Apply Certificate to FAST
###################################
write-host "Applying Certificate to FAST" -ForegroundColor Yellow
Add-PSSnapin AdminSnapIn
Add-PSSnapin Microsoft.FASTSearch.PowerShell
Add-PSSnapin Microsoft.SharePoint.PowerShell
stop-service FAST*
$installerdir = $env:FASTSEARCH + "installer\scripts"
cd $installerdir
$pw = ConvertTo-SecureString -AsPlainText -force pass@word1.\ReplaceDefaultCertificate.ps1 -generateNewCertificate $true -certificatePassword $pw
$cert = @(dir cert:\LocalMachine\My -recurse | ? { $_.Subject -eq 'CN=FASTSearchCert' })[0]
$thumb = $cert.Thumbprint
Start-service FAST*
.\SecureFASTSearchConnector.ps1 -certThumbprint $thumb -ssaName "FASTContent" -username "contoso\administrator"
Brian,
ReplyDeleteCool script with some powershell niceties I'll try to remember :D
Of course in production you would have to copy the certificate and use two shells as you would have at least two servers.
Thanks for posting this! I was wondering why my FAST Demo VM crawling stopped working :)
ReplyDeleteSezai, glad the post could be of help :)
ReplyDeleteI did the same steps and I am still getting the same error :-(
ReplyDeleteHave you checked the expiration date of the installed certificate to verify that it's the certificate which is the problem for indexing?
ReplyDeleteAfter renewing the certificate you need to follow the instructions under "Configure SSL enabled communication" here http://technet.microsoft.com/en-us/library/ff381261.aspx
ReplyDeletePeter: that is what the last step in the post does. Calling "SecureFASTSearchConnector.ps1".
ReplyDeleteI have the same error after about a year of everything working fine. I was confused as to why it had stopped working but I think this probably explains it. The thing is on my development box I'm not using SSL. So when I try to run the .\securefastsearchconnectior.ps1 command I get the following error:
ReplyDeleteCould not secure SSA. Script can be rerun to only configure SSA when reason for
error is detected.
New-SPEnterpriseSearchExtendedConnectorProperty : Operation is not supported fo
r Search Application of type Regular.
At C:\FASTSearch\installer\scripts\securefastsearchconnector.ps1:196 char:62
+ $unwanted = New-SPEnterpriseSearchExtendedConnectorProperty <<<< -Se
archApplication $script:ssaName -Name $mUseSsl -Value "true"
+ CategoryInfo : InvalidData: (Microsoft.Offic...nnectorProperty:
NewExtendedConnectorProperty) [New-SPEnterpris...nnectorProperty], Invalid
OperationException
+ FullyQualifiedErrorId : Microsoft.Office.Server.Search.Cmdlet.NewExtende
dConnectorProperty
Is there something else I must do?
You still have to configure the certificate due to crawling is using it for auth against the Content Distributor.
DeleteAnd be sure to run the script in a SharePoint shell. Should work fine if you closely follow the steps in the TechNet article.
That's great, thanks Mikael. It worked.
ReplyDelete