Page History
Table of Contents |
---|
FAQs
Specific
Can the Security Pre-Trimmer be hosted on a separate server?
It is not recommended. There are content sources, such as Lotus Notes, that use Intersection ACLs, which requires that Group Expansion is executed in the same server where the content source is.
Reconfiguring the Security Pre-Trimmer
To reconfigure the Pre-Trimmer follow the next steps:
- Retrieve the current settings in the SharePoint Management Shell
Code Block | ||||
---|---|---|---|---|
| ||||
PS C:\> $ssa = Get-SPEnterpriseSearchServiceApplication PS C:\> Get-SPEnterpriseSearchSecurityTrimmer -SearchApplication $ssa SearchApp : SearchServiceApplication Name=Search Service Application Id : 1 TypeName : AspireSecurityTrimmer.AspireSecurityPreTrimmer, AspireSecurityTrimmer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e87e053e181b45ec Properties : ge~http://localhost:50505/groupExpansion~geTimeout~15000~claimIssuer~aspire~useDomain~false~ IsPrePhase : True CrawlRulePath : {0}{} |
2. Remove the Security Pre-Trimmer using the Id from the previous step as Identity by running the following command:
Code Block | ||||
---|---|---|---|---|
| ||||
Remove-SPEnterpriseSearchSecurityTrimmer -SearchApplication $ssa -Identity <id goes here> |
3. Re-register the Security Pre-Trimmer with the necessary changes (i.e. increased timeout)
Code Block | ||||
---|---|---|---|---|
| ||||
New-SPEnterpriseSearchSecurityTrimmer -Id 1 -TypeName "AspireSecurityTrimmer.AspireSecurityPreTrimmer, AspireSecurityTrimmer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e87e053e181b45ec" -SearchApplication $ssa -Properties "ge~http://localhost:50505/groupExpansion~geTimeout~2000~claimIssuer~aspire~useDomain~false~" |
Note |
---|
Restart the SharePoint Search Host Controller service (spsearchhostcontroller) now. |
Troubleshooting
Security Pre-Trimmer is never invoked
If there is no activity on the Aspire group expansion servlet when searches are executed, check the SharePoint log files. Look for an exception like:
Code Block | ||||
---|---|---|---|---|
| ||||
Microsoft.Office.Server.Search.Query.Ims.Security.SecurityTrimmerSetup : Failed to setup trimmers for the trimmer type: AspireSecurityTrimmer.AspireSecurityPreTrimmer, AspireSecurityTrimmer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e87e053e181b45ec |
Debug the Security Pre-Trimmer
Try to initialize the Security Pre-Trimmer manually using PowerShell (make sure to use the correct AspireSecurityTrimmer version in the Add-Type command):
Code Block | ||||
---|---|---|---|---|
| ||||
Add-Type -AssemblyName "AspireSecurityTrimmer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e87e053e181b45ec" $ast = New-Object AspireSecurityTrimmer.AspireSecurityPreTrimmer $nvc = New-Object System.Collections.Specialized.NameValueCollection $nvc.Add("ge", "http://aspire:50505/groupExpansion") $nvc.Add("geTimeout", "15000") $nvc.Add("claimIssuer", "aspire") $nvc.Add("useDomain", "false") $ssa = Get-SPEnterpriseSearchServiceApplication $ast.Initialize($nvc, $ssa) |
Then, check the content of the error objects:
Code Block | ||||
---|---|---|---|---|
| ||||
$error[0] $error[0].Exception $error[0].Exception.InnerException |
Check Event Log Permissions
In the windows registry, make sure that the user running the SharePoint Search Host Controller (spsearchhostcontroller) service, has permissions for this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
Re-Register the Security Pre-Trimmer
Try re-registering the Security Pre-Trimmer:
- Using the installation script: SharePoint 2013 Publisher Endpoint Installationl.
- Manually: Reconfigure Reconfigure the Security Pre-Trimmer
Make sure to restart the SharePoint Search Host Controller (spsearchhostcontroller) service after every configuration change.
Search not working at all
If Aspire is not running and the Search Center returns with errors, check the Windows Application log for these error messages:
Internal Server Error
Code Block | ||||
---|---|---|---|---|
| ||||
The remote server returned an error: (500) Internal Server Error.
at System.Net.HttpWebRequest.GetResponse()
at AspireSecurityTrimmer.AspireSecurityPreTrimmer.GetAclsFromAspire(String username) |
Check Aspire for any error messages or exceptions.
Operation Timeout
Code Block | ||||
---|---|---|---|---|
| ||||
The operation has timed out
at System.Net.HttpWebRequest.GetResponse()
at AspireSecurityTrimmer.AspireSecurityPreTrimmer.GetAclsFromAspire(String username) |
Try to adjust the timeout in the Security Pre-Trimmer configuration. You need to remove and add it again in a SharePoint 2013 Management Shell.