Search This Blog

Saturday, 10 November 2012

Renew Self-Signed Certificate FAST Search 2010 for SharePoint




When you install FAST Search for SharePoint 2010 and configure SSL Communication with self-Certificate. This self cert have expires one year in develop farm SharePoint 2010.

My SharePoint Farm Architecture
WFE SharePoint 2010 - 3 Servers (1 as Application Server, 2 as Load Balancing Server)
SQL Server 2008 R2 - 2 Servers
Fast Search 2010 - 2 Servers
AD 2008 - 1 Server
RMS - 1 Server

FASTSearch certificate expired symptoms
  •             Crawling happens continuously (Incremental or Full)
  • ·         Cannot stop the crawling
  • ·         Crawl Report(Success, Error, Warning) remains same
How to Replace and Renew Self-Signed Certificate FAST Search 2010 for SharePoint.

1. Stop services in FastSearch 2010 using following command
·         net stop fastsearchservice
·         net stop fastsearchmonitoring
2. In FASTSearch Administrative Server
  1. On the Start menu, click All Programs.
  2. Click Microsoft FAST Search Server 2010 for SharePoint.
  3. Right-click SharePoint 2010 Management Shell, and select Run as administrator.
  4. At the command prompt, browse to installer\scripts under the installation folder.
  5. Type the following command: 
  6. .\ReplaceDefaultCertificate.ps1 -generateNewCertificate $true
  7. Enter a password for the certificate.
 3. On SharePoint 2010 Server (Application Server)

  1. Configure SSL enabled communication between FASTSearch 2010 and SharePoint 2010.
  2. Copy securefastsearchconnector.ps1 script is in the<FASTSearchFolder>, under installer\scripts\ in server FASTsearch.


3.      Copy the certificate file FASTSearchCert.pfx from the FAST Search Server 2010 for SharePoint administration server to the SharePoint Server 2010 server. The certificate file is in the <FASTSearchFolder>, underdata\data_security\cert\.

 4. Create Folder FASTSearchNew in Drive C and copy file in (2), (3) into this folder.
 5. Open SharePoint 2010 Shell run as administrator and CD in folder FASTSearchNew.
 6. Run this command
            .\SecureFASTSearchConnector.ps1 –certPath “path of the certificate\certificatename.pfx” –ssaName “name of your content SSA” –username “domain\username” 
      ssaName – It’s not content source name 
                              Username – Fast Search Server Admin Login (which used to connect with SharePoint 2010 Server)
 7. Enter your password certificate. (1.7)
 8. You see > Conenection to contentdistributor FQDN successfully validated.
 9. Done


 4. Start all Services on FastSearch 2010.
  • net start fastsearchservice 
  • net start fastsearchmonitoring
To ensure the crawl is working fine, do following steps on FASTSearch Server

Clear-FASTSearchContentCollection
    It asks Name - enter sp (performing operation "Clear-FASTSearchContentCollection" on "sp"
    It asks confirmation - enter y
$g=get-FASTSearchContentColletion "sp"
$g.documentcount
    It returns the count

If you get following error in search result after done this, then you should do following things

Error:
    “Property does not exist or is used in a manner inconsistent with schema settings”

FastSearch Server
Restart the Query Server using following command in SharePoint 2010 Management Shell
  • nctrl restart qrserver

Reference Links
http://blogs.msdn.com/b/vrajas/archive/2012/02/15/replacing-the-self-signed-certificate-with-a-new-self-signed-certificate-in-fast-search-for-sharepoint.aspx

http://www.windowsclever.com/sharepoint/sharepoint-2010/replace-and-renew-self-signed-certificate-fast-search-2010-for-sharepoint-2010.html

http://technet.microsoft.com/en-us/library/ff381244.aspx#BKMK_ReplaceTheSelfSignedCertificateWithANewSelfsignedCertificate

http://blog.tallan.com/2012/06/22/solution-fast-search-crawls-stop-working-unexpectedly/

http://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/7794b4e4-3c89-4ec2-a1b2-b9fd6fc28821









No comments:

Post a Comment