Consuming SP2013 Search on SP2010 Farm : A step towards moving to SP2013
First Search Migration approach is way where you take your first step towards SharePoint 2013. Also, this gives you an option to utilize the powerful search as early as possible in this move. Read more about this by searching "First Search Migration Approach" . Following were the main steps for consuming the Search service application from SP2013 environment.
Step 1: Setting Up Trust across Farms
To enable federated search across two versions of SharePoint Search (SP2010 and Sp2013) , first, there should be trust enabled between both the farms (SP2010 and SP2013). We will refer SP2010 as Consuming Farm and SP2013 as Publishing Farm or provider farm.
An administrator of the consuming farm must provide two trust certificates to the administrator of the publishing farm a root certificate and a security token service (STS) certificate. Additionally, an administrator of the publishing farm must provide a root certificate to the administrator of the consuming farm. By exchanging certificates, each farm acknowledges that the other farm can be trusted.
Run the following script on the Consuming farm (SP2010) by an administrator to export the SharePoint Root and STS certificates.
#Export the Farm and STS certificates from the SharePoint 2010 farm: $rootCertificate = (Get-SPCertificateAuthority).RootCertificate $rootCertificate.Export("Cert") | Set-Content C:\Certificates\2010FarmRoot.cer -Encoding byte $stsCertificate = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate $stsCertificate.Export("Cert") | Set-Content C:\Certificates\2010FarmSTS.cer -Encoding byte |
Then Run the below script to export the SharePoint Root certificate on Publishing Farm (SP2013).
#Export the Farm certificate from the SharePoint 2013 farm: $rootCertificate = (Get-SPCertificateAuthority).RootCertificate $rootCertificate.Export("Cert") | Set-Content C:\Certificates\2013FarmRoot.cer -Encoding byte |
Import the consuming farm (SP2010) certificates on publishing farm (SP2013) using the following scripts
$trustCertificate = Get-PfxCertificate C:\Certificates\2010FarmRoot.cer New-SPTrustedRootAuthority "2013 Trust" -Certificate $trustCertificate $stsCertificate = Get-PfxCertificate C:\Certificates\2010FarmSTS.cer New-SPTrustedServiceTokenIssuer "2013 Trust" -Certificate $stsCertificate |
And Finally Import the Publishing farm certificate to consuming farm
Import the SharePoint 2013 certificate into the SharePoint 2010 farm: $trustCertificate = Get-PfxCertificate C:\Certificates\2013FarmRoot.cer New-SPTrustedRootAuthority "2013 Trust"-Certificate $trustCertificate |
Step 2: Setup Search and Publishing
Once the trust is setup, The Search service application needs to be created and published for other farm to be able to consume it. it is recommend that search should be built using the PowerShell.
Do publishing of the search service application from the Central Administration portal.
After the Search is provisioned, Navigate to CA, and look for Search service application. Select the service application and click on the Publish button in the ribbon.On the popped out page, Select the checkbox “publish this service for other farms” and copy the URN after scrolling down the page for later use in consuming farm. Finally Click “Ok” to save the changes
Step 3: Permissions
This step is not required on Single Server farm setup. For Load, balanced environment following setup is required to allow service application to have appropriate permissions. This was not part of the POC. Hence, the steps are excluded from this document.
Please follow below TechNet article in case; this is required in future setups.
https://technet.microsoft.com/en-us/library/ff700211(v=office.15).aspx
Step 4: Connect to the Published service application
After the publishing farm has published the service application, an administrator of the consuming farm can connect to that service application from the consuming farm by using the URL of the published service application. From the consuming Farm, Navigate to Manage Service application page in central Administrator (CA >> Application Management >> Manage service Applications)
Select in ribbon, Connect >> Search service proxy.
In the text box, enter the URL of the published service application URL. Click Ok, and the service application from the published farm will appear. Select the Search Service application. Click Ok to create the service proxy for Search from the publishing Farm.
Step 5: Associate Service application with the Web Application
The web application, which should be crawled from the publishing farm, requires being associated with this service application proxy. Make sure the proxy is added to web application from CA >>Application Management >>Service applications >> Configure Service application Associations.
Step 6: Configure Server-to-Server authentication between farms
To enable a web application or an application service to request a resource from a web application on another farm on behalf of a user, you must configure server-to-server authentication between the farms.
The scripts needs to be run to enable S2S.
##Setup of the final stage during publishing $security=Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity $claimprovider=(Get-SPClaimProvider System).ClaimProvider $principal=New-SPClaimsPrincipal -ClaimType "https://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimprovider -ClaimValue <farm id of consumer farm> Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control" Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security |
Step 7: Configure Content Source
This is final stage where content source is configured on publishing farm. Make sure that the content crawling account has “Full Read” permissions on the Web application running in consumer farm.
From the Publishing farm, Navigate to Search service application. Click on Content source and add the web application URL for the crawling. After the Full crawl, the content can be searched from Consuming farm.