Connection could be validated error in production after renewing FAST Certificate RRS feed

  • Question

  • I have renew the FAST certificate in admin and non admin servers and copied to Sharepoint Application server and ran the 

    PS C:\> .\SecureFASTSearchConnector.ps1 –certPath “C:\FASTSearchCert.pfx” –ssaName “ ” –username “DOMAIN\SP_Farm”

    It error out: Connection to contentdistributor could not be validated. Check your certificates and ssa configuration and make sure that instance of FAST Search Server backend is running.

    And I try to run 

    Ping-SPEnterpriseSearchContentService –HostName "FQDN"

    The ConnectionSuccess value for FASTSearchCert should show "True" if the certificate is configured properly.

    Connection success is always false. 

    I have done IISreset and tried to renew the certificates couple of times. But no user. 

    Can anyone please try to point me in right direction.


    Thursday, August 28, 2014 2:52 AM

All replies

  • Hello KPallela,

    Can you confirm the below items?

    -         What service pack and CU do  you have applied to your Fast Search for SharePoint 2010 environment?

    -         Are you putting the port 13991 in your Ping-SPEnterpriseSearchContentService command?  For example: Ping-SPEnterpriseSearchContentService

    -         Can you confirm that your %fastsearch%\etc\Contentdistributor.cfg has the correct port number 13990

    -         Can you confirm that the Fast Content SSA content distributor section is configured with the correct port number 13991 in the UI?

    -         Can you confirm that the certificate is found in the MMC on the SharePoint crawler node is not showing expired (since you have renewed it)

    -         Can you confirm that the Search Service account is a member of the FastSearchAdministrators group

    -         Can you check if the thumbprint for the contentdistributor in %fastsearch%\etc\nodeconf.xml matches what is in %fastsearch%\etc\node.xml (note: It is not recommended to update these files manually)

    -         Can you confirm that the steps you followed to generate the new certificate match the TechNet article

    -         Can you verify that when you ran .\SecureFASTSearchConnector.ps1 –certPath “C:\FASTSearchCert.pfx” –ssaName “ ” –username “DOMAIN\SP_Farm” that the –ssaName did not contain the “ “ as the parameter, but rather the actual name of  your SSA (example: “Fast Content SSA”)

    -         Can  you confirm that there is not a special character in your search service account, such as a dollar sign?

    Let us know your findings, and if you have any questions on the above.


    Rob Vazzana | Sr Support Escalation Engineer | US Customer Service & Support

    Customer Service   & Support                            Microsoft| Services

    Thursday, September 4, 2014 9:02 PM