Hybrid Crawl Failing with Certificate Validation Error

%3CLINGO-SUB%20id%3D%22lingo-sub-3008092%22%20slang%3D%22en-US%22%3EHybrid%20Crawl%20Failing%20with%20Certificate%20Validation%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3008092%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20trying%20to%20configure%20SharePoint%20hybrid%20search%20in%20SharePoint%202013.%20Onboard%20scripts%20have%20worked%20but%20the%20crawl%20is%20falling%20over%20with%20this%20message%20raised%20in%20the%20event%20viewer%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EAn%20operation%20failed%20because%20the%20following%20certificate%20has%20validation%20errors%3A%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3ESubject%20Name%3A%20CN%3D*.search.production.emea.trafficmanager.net%2C%20O%3DMicrosoft%20Corporation%2C%20L%3DRedmond%2C%20S%3DWA%2C%20C%3DUS%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EIssuer%20Name%3A%20CN%3DMicrosoft%20Azure%20TLS%20Issuing%20CA%2006%2C%20O%3DMicrosoft%20Corporation%2C%20C%3DUS%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EThumbprint%3A%20412B0024E1C79B5F633643855F5DB344A02E85D0%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EErrors%3A%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EPartialChain%3A%20A%20certificate%20chain%20could%20not%20be%20built%20to%20a%20trusted%20root%20authority.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3ERevocationStatusUnknown%3A%20The%20revocation%20function%20was%20unable%20to%20check%20revocation%20for%20the%20certificate.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EOfflineRevocation%3A%20The%20revocation%20function%20was%20unable%20to%20check%20revocation%20because%20the%20revocation%20server%20was%20offline.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20my%20root%20certs%20form%20the%20MS%20root%20certification%20program%20are%20up%20to%20date%2C%20This%20certificate%20validation%20appears%20to%20be%20happening%20at%20the%20SharePoint%20level%20and%20not%20the%20system%20level%20as%20not%20seeing%20any%20Schannel%20errors%20or%20the%20like.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3008092%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3008785%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Crawl%20Failing%20with%20Certificate%20Validation%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3008785%22%20slang%3D%22en-US%22%3EHello%3CBR%20%2F%3E%3CBR%20%2F%3EI%20am%20not%20sure%20if%20it%20is%20related%2C%20but%2C%20have%20you%20seen%20and%20applied%20MC270671%20while%20performing%20the%20configuration%3F%3CBR%20%2F%3EThe%20MC%20is%20now%20gone%20from%20admin%20center%20so%20posting%20this%20unofficial%20one%20%3CA%20href%3D%22https%3A%2F%2Fm365log.com%2Fsharepoint%2Fmicrosoft-is-updating-the-hybrid-federated-search%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fm365log.com%2Fsharepoint%2Fmicrosoft-is-updating-the-hybrid-federated-search%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E
Contributor

I'm trying to configure SharePoint hybrid search in SharePoint 2013. Onboard scripts have worked but the crawl is falling over with this message raised in the event viewer:

 

An operation failed because the following certificate has validation errors:

Subject Name: CN=*.search.production.emea.trafficmanager.net, O=Microsoft Corporation, L=Redmond, S=WA, C=US

Issuer Name: CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US

Thumbprint: 412B0024E1C79B5F633643855F5DB344A02E85D0

 

Errors:

PartialChain: A certificate chain could not be built to a trusted root authority.

RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.

OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.

 

All my root certs form the MS root certification program are up to date, This certificate validation appears to be happening at the SharePoint level and not the system level as not seeing any Schannel errors or the like.

 

1 Reply
Hello

I am not sure if it is related, but, have you seen and applied MC270671 while performing the configuration?
The MC is now gone from admin center so posting this unofficial one https://m365log.com/sharepoint/microsoft-is-updating-the-hybrid-federated-search/