Facing issue with SharePoint 2013 search crawl when TLS 1.2 applied and ssl 3 disabled

%3CLINGO-SUB%20id%3D%22lingo-sub-2433573%22%20slang%3D%22en-US%22%3EFacing%20issue%20with%20SharePoint%202013%20search%20crawl%20when%20TLS%201.2%20applied%20and%20ssl%203%20disabled%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2433573%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%26nbsp%3B%3CSPAN%3EIt%20would%20be%20great%20if%20anyone%20can%20help%20with%20an%20issue%20I%20am%20having%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ERecently%20we%20have%20applied%2Fenabled%20TLS%201.2%20and%20disabled%20TLS%201.1%20and%201.0%20in%20our%20Sharepoint%202013%20Production%20environment.%20Since%20then%20we%20are%20facing%20a%20Search%20crawler%20issue.%20(unable%20to%20perform%20incremental%20crawler)%3C%2FP%3E%3CP%3EThe%20Error%20messages%20show%20as%20%22%3CSTRONG%3EThe%20secure%20sockets%20layer%20(SSL)%20certificate%20sent%20by%20the%20server%20was%20invalid%20and%20this%20item%20will%20not%20be%20crawled%3C%2FSTRONG%3E%22.%3C%2FP%3E%3CP%3Esettings%20verified%20%3A%3C%2FP%3E%3COL%3E%3CLI%3EHost%20entry%20already%20verified%20and%20it%20is%20pointed%20to%20directly%20WFE%20server.%3C%2FLI%3E%3CLI%3EIgnore%20SSL%20check%20box%20is%20already%20checked%3C%2FLI%3E%3CLI%3Eable%20to%20access%20the%20site%20from%20the%20crawler%20server%20side.no%20issues%20with%20certificates.%3C%2FLI%3E%3CLI%3Esame%20search%20crawler%20is%20working%20fine%20for%20other%20web%20applications%20in%20the%20same%20WFE%20server.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EPlease%20find%20TLS%20registry%20settings%20applied%20as%20below%3A%20Windows%20Registry%20Editor%20Version%205.00%20%5BHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CControl%5CSecurityProviders%5CSCHANNEL%5CProtocols%5CTLS%201.2%5D%20%5BHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CControl%5CSecurityProviders%5CSCHANNEL%5CProtocols%5CTLS%201.2%5CClient%5D%20%22DisabledByDefault%22%3Ddword%3A00000000%20%22Enabled%22%3Ddword%3A00000001%20%5BHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CControl%5CSecurityProviders%5CSCHANNEL%5CProtocols%5CTLS%201.2%5CServer%5D%20%22DisabledByDefault%22%3Ddword%3A00000000%20%22Enabled%22%3Ddword%3A00000001%3C%2FP%3E%3CP%3EPlease%20suggest%20to%20me%20what%20to%20verify%20next.%20Thanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2433573%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

Hi All, It would be great if anyone can help with an issue I am having 

Recently we have applied/enabled TLS 1.2 and disabled TLS 1.1 and 1.0 in our Sharepoint 2013 Production environment. Since then we are facing a Search crawler issue. (unable to perform incremental crawler)

The Error messages show as "The secure sockets layer (SSL) certificate sent by the server was invalid and this item will not be crawled".

settings verified :

  1. Host entry already verified and it is pointed to directly WFE server.
  2. Ignore SSL check box is already checked
  3. able to access the site from the crawler server side.no issues with certificates.
  4. same search crawler is working fine for other web applications in the same WFE server.

Please find TLS registry settings applied as below: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001

Please suggest to me what to verify next. Thanks in advance.

0 Replies