How to Renew Your FAST Search Server License the Easy Way
By a show of hands, how many of you have installed FAST Search on your SharePoint 2010 farm and not had any issues with it for over a year? If your hand is up, this blog is not for you. For those of you still with us, you’re in for a FAST Search troubleshooting treat!
A few weeks ago, we had a customer open up a support ticket because their server performance had decreased significantly and newly added items were not showing up in their search results.
A few of their FAST Search Server symptoms were:
- Search Crawl was running and would not stop, even if attempted manually.
- Memory utilization was at a steady 99% on the Web Front End server.
- New documents were not being crawled and therefore not showing up in search results.
- The following error was displayed in Event Viewer on the Web Front End server:
Failed to connect to WFEServerName.Domain.local:14400 Failed to initialize session with document engine: Unable to resolve ContentDistributor
As with most errors we see, this essentially means nothing to us. What are possible causes for this error?
For those of you who have installed FAST Search, you should be familiar with the certificate that is required for communication between the FAST server(s) and the Web Front End(s). In this particular case we were using a self-signed certificate. When you generate the certificate during the initial FAST install, the default validity period is set to one year.
Based on the screenshot above, who can guess when this particular certificate expired? If you guessed 5/31/2013, you are absolutely correct.
How can you check to see when your FAST Search certificate expires?
- On either your Web Front End or FAST Search server, browse to Start > Run. Type “mmc” and click OK.
- From the MMC Console window, browse to File > Add/Remove Snap-In…
- Highlight Certificates, select Add.
- On the Certificates Snap-In screen, select Computer account, click Next. Select Local computer, click Finish.
- Click OK.
- Expand the Certificates object. Expand Personal object. Select Certificates.
As you can see from the screenshot above, the FASTSearchCert is our self-signed certificate. The expiration date is clearly seen in the third column. Unfortunately there isn’t really a way to be notified of this cert expiring, at least until it’s too late…
So, as I am sure you are all wondering:
How do I renew the FAST Search Server certificate?
1. The first step is to be logged into your FAST server.
2. Before you begin, we will need to stop two services.
- Browse to Start > Administrative Tools > Services.
- Find and stop the FAST Search for SharePoint and the FAST Search for SharePoint Monitoring services.
3. Browse to Start > Microsoft FAST Search Server 2010 for SharePoint > Microsoft FAST Search Server 2010 for SharePoint shell.
4. Point the Microsoft FAST Search Server 2010 for SharePoint shell to the FAST scripts directory.
- In this example, our directory is D:\FASTSearch\installer\scripts.
5. Run this command to generate a new FAST Search Certificate:
- .\ReplaceDefaultCertificate.ps1 –generateNewCertificate $true
6. Enter a password for the new certificate. Record this password, as you will need it in a later step. Press Enter.
7. You have now generated a new certificate that is valid for another year. The default location of this is: %FASTSearchFolder%\data\data_security\cer\FASTSearchCert.pfx
8. Now, simply copy this cert to your primary Web Front End server. This can be placed just about anywhere. In this example, I copied it to the root of C:.
9. Now that we’re in copying mode, we must also copy a script to the Web Front End that we will use in a later step. This script is located at %FASTSearchFolder%\installer\scripts\SecureFASTSearchConnector.ps1
10. Once the certificate and script are copied to the Web Front End server, we can now start those two services from step 2 above.
Now that the certificate is renewed, how do I apply it to my SharePoint farm?
- Now that you are logged in to your Web Front End server, we must open up the SharePoint 2010 Management Shell. To do this, browse to Start > All Programs > Microsoft SharePoint 2010 Products > SharePoint 2010 Management Shell. Right-click the Management Shell and Run as administrator.
- Point the SharePoint 2010 Management Shell to the location in which you moved the Fast Search certificate and script to. In this example, it is in the root of C.
- Run the following command:
PS C:\> .\SecureFASTSearchConnector.ps1 –certPath “C:\FASTSearchCert.pfx” –ssaName “FASTCibtebtSSA” –username “DOMAIN\SP_Farm”
*If you are unsure what the ssaName is, this is the name of the FAST Search Service Application, which can be found in Central Administration.
**The username must match the account running the SharePoint Search Service.
- After that command is run, it will ask for that pesky password that we entered in step 6 of the certificate renewal process. It’s ok because you wrote it down, right?
And that’s a wrap!
Once I completed this process on this particular environment, the performance immediately increased and the full crawl that had been running for over 400 hours finally came to an end. We were also able to see new items in our search results.
If you have similar issues with your Fpweb.net hosted SharePoint environment, please open up a Support Ticket and we can take a look. Thanks for reading!