Publish Enterprise Search Service Application across Farms


Introduction:

In Microsoft SharePoint Server 2010, Enterprise search service application can be shared across server farms. By publishing a service application, you can optimize resources, avoid redundancy, and provide enterprise-wide services without installing a dedicated enterprise services farm. Here we are going to publish and consume Enterprise search Service application across farms. The Publisher farm is the farm in which the Service application is running and the Consumer farm is the farm which will consume data from the publishing farm.

Steps that are required to publish and consume enterprise search service application across farms:

  • Exchange trust certificates between farms
  • Managing Trust Certificates
  • Publish an enterprise search service application
  • Set permission to the published service application for a consuming farm
  • Connect to a search service application on a remote farm
  • Add enterprise search service application proxy to default proxy group

Exchange trust certificates between farms:

In Microsoft SharePoint Server 2010, a SharePoint farm can connect to and consume a service application that is published on another SharePoint Server 2010 farm. For this to occur, the farms must exchange trust certificates. You must use Windows Power Shell 2.0 commands to export and copy the certificates between farms. After the certificates are exported and copied, you can use either Windows Power Shell 2.0 commands or Central Administration to manage the trusts within the farm. To exchange trust certificates between farms the following steps should be followed.

Steps Involved:

  1. Exporting and copying certificates.
  2. Managing trust certificates

1. Exporting and copying certificates:

An administrator of the consuming farm must provide two trust certificates to the publishing farm: a root certificate and a security token service (STS) certificate. An administrator of the publishing farm must provide a root certificate to the consuming farm.

To export the root certificate from the consuming farm:

  • In the consuming farm go to Start menu.

    PubSerEnter1.gif
     
  • Go to SharePoint 2010 Management Shell and select Run as Administrator.
  • In the command prompt, type each of the following commands.

    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    $rootCert.Export("Cert") | Set-Content
    "C:\Users\aaaaa\ConsumingFarmRoot.cer" -Encoding byte

To export the STS certificate from the consuming farm:

  • In the Command Prompt, type each of the following commands.

    $stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
    $stsCert.Export("Cert") | Set-Content "C:\Users\aaaaa\ConsumingFarmSTS.cer" -Encoding byte


To export the root certificate from the publishing farm:

  • In the Command Prompt, type each of the following commands.

    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    $rootCert.Export("Cert") | Set-Content "C:\Users\aaaaa\PublishingFarmRoot.cer" -Encoding byte


To copy the certificates:

  • Copy the root certificate and the STS certificate from the server in the consuming farm to the server in the publishing farm.
  • Copy the root certificate from the server in the publishing farm to a server in the consuming farm.


2. Managing Trust Certificates:

Establishing trust on the consuming farm:

  • To import the root certificate and create a trusted root authority on the consuming farm, type the following commands.

    $trustCert = Get-PfxCertificate "C:\Users\aaaaa\PublishingFarmRoot.cer"
    New-SPTrustedRootAuthority "EnterpriseSearchServicePublishingFarm" -Certificate $trustCert

Establishing trust on the publishing farm:

  • To import the root certificate and create a trusted root authority on the publishing farm, type the following commands.

    $trustCert = Get-PfxCertificate "C:\Users\aaaaa\ConsumingFarmRoot.cer"
    New-SPTrustedRootAuthority "EnterpriseSearchServiceConsumingFarmRoot" -Certificate $trustCert
     
  • To import the STS certificate and create a trusted service token issuer on the publishing farm, type the following commands.

    $stsCert = Get-PfxCertificate "C:\Users\aaaaa\ConsumingFarmSTS.cer"
    New-SPTrustedServiceTokenIssuer "EnterpriseSearchServiceConsumingFarmSTS" -Certificate $stsCert

Publish a Service Application:
 

  • In the publishing farm run the following script to publish the enterprise search service application.

    Publish-SPServiceApplication -Identity "519866b7-eace-49ea-b39b-897e317ec74e"

    Where "519866b7-eace-49ea-b39b-897e317ec74e" is the guid of the enterprise search service application.

    Run the following command to get the GUID for all the service applications.

    Get-SPServiceApplication

    (or)

    Publish-SPServiceApplication (Get-SPEnterpriseSearchServiceApplication "Enterprise Search Service
     Application")

    Where "Enterprise Search Service Application" is the enterprise search service application name.

Set permission to the published service application for a consuming farm:

You may encounter the following error "Unable to connect to the specified address. Verify the URL you entered and contact the service administrator for more details." in the consuming farm when you are trying to connect to the published service application by entering the published URL.
 
Error: "Unable to connect to the specified address. Verify the URL you entered and contact the service administrator for more details."

How to resolve this:

On the consumer farm, run the following command to get the id of the consumer farm:

(Get-SPFarm).Id

Copy the Id output from this command, and run the following command on the publisher farm:

$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity

$claimProvider = (Get-SPClaimProvider System).ClaimProvider

$principal = New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimProvider -ClaimValue <farmid from previous command>

Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"

Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security

Connect to a service application on a remote farm:

  • In the consuming farm, you need to create a proxy for enterprise search service application.
  • In the publisher farm, you could see the "Published URL" which is required in the consuming farm to connect to a search application on a remote farm.

    PubSerEnter2.gif
     
  • Go to the publishing farm and run the following command to get the "Published URL" from the publisher farm.

    Get-SPTopologyServiceApplication | Select LoadBalancerURL

    PubSerEnter3.gif

    Copy the LoadBalancerURL.
     
  • Go to the consuming farm and run the following command to connect to a service application.

    New-SPEnterpriseSearchServiceApplicationProxy -Name "DevEnterprise Search Service Application Proxy" –URI (Receive-SPServiceApplicationConnectionInfo -FarmUrl "https://servername:32844/Topology/topology.svc" | Where {$_.Name -eq "EnterPrise Search Service Application"}).Uri

    Where

    • "DevEnterprise Search Service Application Proxy" -> is the name of the service application proxy that we are going to create in the consuming farm.
    • "https://servername:32844/Topology/topology.svc" -> is the LoadBalancerURL that we got from the publishing farm.
    • "EnterPrise Search Service Application" -> is the name of the search service application in the publishing farm.
     
  • Go to the Central Administration->Application Management->Manage Service Applications -> You will see a new enterprise search service application proxy created successfully.

    PubSerEnter4.gif

Add enterprise search service application proxy to default proxy group:

  • Run the following command to add the newly created proxy "DevEnterprise Search Service Application Proxy" to the default proxy group.

    Add-SPServiceApplicationProxyGroupMember (Get-SPServiceApplicationProxyGroup -default) -Member (Get-SPEnterpriseSearchServiceApplicationProxy "DevEnterprise Search Service Application Proxy")

    Where

    • Default -> is the name of the proxy group.
    • "DevEnterprise Search Service Application Proxy" -> is the name of the enterprise search service application.

    Note:

    • Add the consumer farm web application urls which has to be crawled to the publisher server content source.
    • Do full crawling and search the data in the publisher farm.