Today I tried to configure search between two SharePoint 2016 farms and connect the search results
All of the work was relatively easy. I published my search service within one farm then I connected from the other farm. and all was easy.
Then I added a search result web part created a result source but my web parts kept giving me:
1 ¾ System.Net.WebException: The remote server .returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute() at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate() at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest() at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery() at Microsoft.Office.Server.Search.RemoteSharepoint.RemoteSharepointEvaluator.RemoteSharepointProducer.RetrieveDataFromRemoteServer(Object unused) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at Microsoft.Office.Server.Search.RemoteSharepoint.RemoteSharepointEvaluator.RemoteSharepointProducer.ProcessRecordCore(IRecord record)
A bit of a strange error starting with 1¾ but this does make it easier to find the error with Google or Bing as the rest of the message is quite generic.
While searching I came across the following SharePoint 2013 article:
Configure server-to-server authentication between publishing and consuming farms
The important clue: ConsumeHostName is the name and port of any SSL-enabled web application of the consuming farm
So I added Self Signed Certs to my application and still no luck as I tried to setup my trust on my farm using the following script:
[code lang=text]
Add-PSSnapin “Microsoft.SharePoint.PowerShell”
Set-SPAuthenticationRealm -realm “dev3dev2realmname”
$sts=Get-SPSecurityTokenServiceConfig
$Realm=Get-SpAuthenticationRealm
$nameId = “00000003-0000-0ff1-ce00-000000000000@$Realm”
Write-Host “Setting STS NameId to $nameId”
$sts.NameIdentifier = $nameId
$sts.Update()
New-SPTrustedSecurityTokenIssuer -MetadataEndpoint “https://myhost.mycomp.co.uk/_layouts/15/metadata/json/1” -Name “sp2016dev3”
Setting STS NameId to 00000003-0000-0ff1-ce00-000000000000@dev3dev2realmname
[/code]
I kept getting:
New-SPTrustedSecurityTokenIssuer : The underlying connection was closed: An unexpected error occurred on a send.
and
New-SPTrustedSecurityTokenIssuer : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The solution was simple at the end.
Instead of using self signed certs I put a proper wild card certificate in place and all suddenly started working.