SharePoint 2016 – Connect search between two farms.

Today I tried to configure search between two SharePoint 2016 farms and connect the search results

All of the work was relatively easy. I published my search service  within one farm then I connected from the other farm.  and all was easy.

Then I added a search result web part created a result source but my web parts kept giving me:

SharePoint 2016 - Connect search between two farms. Microsoft SharePoint, SharePoint 2016

1 ¾ System.Net.WebException: The remote server .returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute() at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate() at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest() at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery() at Microsoft.Office.Server.Search.RemoteSharepoint.RemoteSharepointEvaluator.RemoteSharepointProducer.RetrieveDataFromRemoteServer(Object unused) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at Microsoft.Office.Server.Search.RemoteSharepoint.RemoteSharepointEvaluator.RemoteSharepointProducer.ProcessRecordCore(IRecord record)

A bit of a strange error starting with 1¾ but this does make it easier to find the error with Google or Bing as the rest of the message is quite generic.

While searching I came across the following SharePoint 2013 article:

Configure server-to-server authentication between publishing and consuming farms

The important clue: ConsumeHostName is the name and port of any SSL-enabled web application of the consuming farm

So I added Self Signed Certs to my application and still no luck as I tried to setup my trust on my farm using the following script:

[code lang=text]
Add-PSSnapin “Microsoft.SharePoint.PowerShell”

Set-SPAuthenticationRealm -realm “dev3dev2realmname”
$sts=Get-SPSecurityTokenServiceConfig
$Realm=Get-SpAuthenticationRealm
$nameId = “00000003-0000-0ff1-ce00-000000000000@$Realm”
Write-Host “Setting STS NameId to $nameId”
$sts.NameIdentifier = $nameId
$sts.Update()

New-SPTrustedSecurityTokenIssuer -MetadataEndpoint “https://myhost.mycomp.co.uk/_layouts/15/metadata/json/1” -Name “sp2016dev3”
Setting STS NameId to 00000003-0000-0ff1-ce00-000000000000@dev3dev2realmname
[/code]

I kept getting:

New-SPTrustedSecurityTokenIssuer : The underlying connection was closed: An unexpected error occurred on a send.

and

New-SPTrustedSecurityTokenIssuer : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

The solution was simple at the end.

Instead of using self signed certs I put a proper wild card certificate in place and all suddenly started working.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 4,912 other subscribers

Recent Posts

Archive

Thank you for visiting SharePains

%d bloggers like this: