It is not recommended. There are content sources, such as Lotus Notes, that use Intersection ACLs, which requires that Group Expansion is executed in the same server where the content source is.
To reconfigure the Pre-Trimmer follow the next steps:
PS C:\> $ssa = Get-SPEnterpriseSearchServiceApplication PS C:\> Get-SPEnterpriseSearchSecurityTrimmer -SearchApplication $ssa SearchApp : SearchServiceApplication Name=Search Service Application Id : 1 TypeName : AspireSecurityTrimmer.AspireSecurityPreTrimmer, AspireSecurityTrimmer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e87e053e181b45ec Properties : ge~http://localhost:50505/groupExpansion~geTimeout~15000~claimIssuer~aspire~useDomain~false~ IsPrePhase : True CrawlRulePath : {0}{}
2. Remove the Security Pre-Trimmer using the Id from the previous step as Identity by running the following command:
Remove-SPEnterpriseSearchSecurityTrimmer -SearchApplication $ssa -Identity <id goes here>
3. Re-register the Security Pre-Trimmer with the necessary changes (i.e. increased timeout)
New-SPEnterpriseSearchSecurityTrimmer -Id 1 -TypeName "AspireSecurityTrimmer.AspireSecurityPreTrimmer, AspireSecurityTrimmer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e87e053e181b45ec" -SearchApplication $ssa -Properties "ge~http://localhost:50505/groupExpansion~geTimeout~2000~claimIssuer~aspire~useDomain~false~"
Restart the SharePoint Search Host Controller service (spsearchhostcontroller) now.
If there is no activity on the Aspire group expansion servlet when searches are executed, check the SharePoint log files. Look for an exception like:
Microsoft.Office.Server.Search.Query.Ims.Security.SecurityTrimmerSetup : Failed to setup trimmers for the trimmer type: AspireSecurityTrimmer.AspireSecurityPreTrimmer, AspireSecurityTrimmer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e87e053e181b45ec
Try to initialize the Security Pre-Trimmer manually using PowerShell (make sure to use the correct AspireSecurityTrimmer version in the Add-Type command):
Add-Type -AssemblyName "AspireSecurityTrimmer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=e87e053e181b45ec" $ast = New-Object AspireSecurityTrimmer.AspireSecurityPreTrimmer $nvc = New-Object System.Collections.Specialized.NameValueCollection $nvc.Add("ge", "http://aspire:50505/groupExpansion") $nvc.Add("geTimeout", "15000") $nvc.Add("claimIssuer", "aspire") $nvc.Add("useDomain", "false") $ssa = Get-SPEnterpriseSearchServiceApplication $ast.Initialize($nvc, $ssa)
Then, check the content of the error objects:
$error[0] $error[0].Exception $error[0].Exception.InnerException
In the windows registry, make sure that the user running the SharePoint Search Host Controller (spsearchhostcontroller) service, has permissions for this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
Try re-registering the Security Pre-Trimmer:
Make sure to restart the SharePoint Search Host Controller (spsearchhostcontroller) service after every configuration change.