Hybrid Federated Search from SPO to SP on-prem

%3CLINGO-SUB%20id%3D%22lingo-sub-1038023%22%20slang%3D%22en-US%22%3EHybrid%20Federated%20Search%20from%20SPO%20to%20SP%20on-prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1038023%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20have%20configured%20hybrid%20federated%20search%20for%20SPO%20to%20SP%20on-prem.%20A%20reverse%20proxy%20is%20already%20in%20place%20and%20KCD%20is%20working%20just%20fine.%20We%20use%20Azure%20AD%20Application%20Proxy%20as%20the%20reverse%20proxy.%3C%2FP%3E%3CP%3EWe%20have%20created%20the%20Secure%20Store%20object%20in%20SPO%20and%20uploaded%20the%20SSL%20certificate%20used%20by%20the%20Reverse%20Proxy%20(wild%20card%20cert).%3C%2FP%3E%3CP%3EAfter%20creating%20the%20result%20source%20the%20problem%20occurs.%3C%2FP%3E%3CP%3EWhen%20I%20run%20Test%20Result%20Source%20I%20receive%20the%20following%20errors%20depending%20on%20if%20I%20have%20included%20the%20private%20key%20or%20not%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2%C2%BE2%C2%BEFailed%20to%20retrieve%20certificate%20from%20properties%2C%20not%20calling%20secure%20store%20proxy%20due%20to%20TWSRemoveSecureStoreProxyCall%20flight%20being%20enabled.%20WSRemoveSecureStoreProxy%20flight%20is%20enabled%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E0%C2%BEMicrosoft.SharePoint.Client.ClientRequestException%3A%20Cannot%20contact%20site%20at%20the%20specified%20URL%20%3CA%20href%3D%22https%3A%2F%2Fsharepoint.demo365.nu%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fsharepoint.demo365.nu%3C%2FA%3E.%3CBR%20%2F%3Eat%20Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfo(WebRequestExecutor%20executor)%3CBR%20%2F%3Eat%20Microsoft.SharePoint.Client.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20or%20guidance%20is%20much%20appreciated!%3C%2FP%3E%3CP%3ESearch%20is%20working%20fine%20in%20each%20individual%20platform%20but%20not%20in%20hybrid.%20AD%20and%20Azure%20AD%20is%20federated%20via%20Azure%20AD%20Connect%20and%20SSO%20works%20great%20between%20the%20platforms.%3C%2FP%3E%3CP%3EThanks%20in%20advanced!%3C%2FP%3E%3CP%3EMartin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1038023%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2019%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hi,

I have configured hybrid federated search for SPO to SP on-prem. A reverse proxy is already in place and KCD is working just fine. We use Azure AD Application Proxy as the reverse proxy.

We have created the Secure Store object in SPO and uploaded the SSL certificate used by the Reverse Proxy (wild card cert).

After creating the result source the problem occurs.

When I run Test Result Source I receive the following errors depending on if I have included the private key or not:

 

2¾2¾Failed to retrieve certificate from properties, not calling secure store proxy due to TWSRemoveSecureStoreProxyCall flight being enabled. WSRemoveSecureStoreProxy flight is enabled

 

0¾Microsoft.SharePoint.Client.ClientRequestException: Cannot contact site at the specified URL https://sharepoint.demo365.nu.
at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfo(WebRequestExecutor executor)
at Microsoft.SharePoint.Client.

 

Any help or guidance is much appreciated!

Search is working fine in each individual platform but not in hybrid. AD and Azure AD is federated via Azure AD Connect and SSO works great between the platforms.

Thanks in advanced!

Martin

2 Replies

@Martin_Ericsson  is the issue resolved?

I am facing the same issue for inbound hybrid federated search in online Search Result source page

@aurramu Sadly No. MS support is working on it and was able to re-produce the error on their environment after many months.

I wont recommend anyone going down this path since we have spent a lot of time debugging this together with the support and actually not coming anyway near a solution.

The Hybrid Federated Search have so many limitations and is so unstable so I will not go for it again. It feel that its just a matter of time until its withdrawn as an solution.