A year after the original FAST installation took place, the unthinkable (well, unexpected and forgotten) happened. The self-signed FASTSearchCert.pfx certificate expired!
If you have never run into this problem before, or were unaware that it was occurring like myself, you may look at many areas before you decide to check your Certificate Store or Server Certificates on your SharePoint box to see if your certificate is still there. We crashed our index along the way. Check your certificates!
Symptoms: Crawls will hang. Forever (or at least until I got frustrated enough to stop it). When you do stop it, it hangs on “Stopping” for a very long time. Basically the issue is this: Your SharePoint server cannot make a connection to the ContentDistributor that you specified when you set up your search SSA. A quick check in your ULS logs will confirm if you’re having this issue or not.
No big deal though right? Just run a few scripts, replace the default certificate with a new one, export it to your SharePoint box, install it into your Certificates(Local Computer)Personal, Re-run the script .SecureFASTSearchConnector.ps1 that you copied over in your original installation. (Technet)
Here is the major issue that we ran into, and that you may want to check/doublecheck if you’re still having troubles after following the Technet guide.
Issue: While running the .ReplaceDefaultCertificate.ps1 –generateNewCertificate $true script, we noticed that we were getting errors as the script completed. The security certificate was still created, but after importing it onto my SharePoint server and running the .SecureFASTSearchConnector.ps1 script, we were still not able to connect or validate the ContentDistributor. A quick check in your ULS logs will confirm if you’re having this issue or not.
Resolution: If you’re getting errors with .ReplaceDefaultCertificate script, make sure that you are running PowerShell under the administrator service account designated for the FAST server (could very well be the one that you used the first time you created the original certificate). Generally any errors you get with this script can be resolved by running the PowerShell script under the proper service account. If you are seeing errors here, I highly recommend resolving them and making sure that you get a new exportable certificate in your ..FASTSearchdatadata-securitycert folder.
Making a Certificate that Lasts (PowerShell)
With help from this article: http://techmikael.blogspot.com/2011/01/will-your-fast-search-server-for.html
This is a simple change that you can do before you create your new self-signed certificate. Let’s face it, you don’t want your search failing year after year because your certificate expired. You don’t have to use 100 years, 5-10 years will probably do.
In a nutshell, first open C:FASTSearchinstallerscriptsincludecertificatesetup.ps1.
Find the line —
Add-Content –Path $infFile –Value “SuppressDefaults=true”
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode, .ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode pre
{font-size:small;color:black;font-family:consolas, “Courier New”, courier, monospace;background-color:#ffffff;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode pre
{margin:0em;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .rem
{color:#008000;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .kwrd
{color:#0000ff;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .str
{color:#006080;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .op
{color:#0000c0;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .preproc
{color:#cc6633;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .asp
{background-color:#ffff00;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .html
{color:#800000;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .attr
{color:#ff0000;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .alt
{background-color:#f4f4f4;width:100%;margin:0em;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .lnum
{color:#606060;}
Add the following line underneath:
1: Add-Content –Path $infFile –Value “ValidityPeriod=Years”
2: Add-Content –Path $infFile –Value “ValidityPeriodUnits=100”
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode, .ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode pre
{font-size:small;color:black;font-family:consolas, “Courier New”, courier, monospace;background-color:#ffffff;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode pre
{margin:0em;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .rem
{color:#008000;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .kwrd
{color:#0000ff;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .str
{color:#006080;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .op
{color:#0000c0;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .preproc
{color:#cc6633;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .asp
{background-color:#ffff00;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .html
{color:#800000;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .attr
{color:#ff0000;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .alt
{background-color:#f4f4f4;width:100%;margin:0em;}
.ExternalClass5418AAFDC2DA4A7BA3E9DEA4BF2791A8 .csharpcode .lnum
{color:#606060;}
Should look like this:
Now follow the instructions from the Technet guide on creating a new self-signed certificate, and you should be good to go!
