Hybrid search fails to crawl or return results

• Applies to:

  SharePoint Server 2019, SharePoint Server 2016, SharePoint Server 2013, SharePoint in Microsoft 365

Symptoms

You experience one or more of the following issues when you use hybrid search in SharePoint in Microsoft 365:

• Crawling fails.
• No result is returned.
• You receive an error message, such as "An existing connection was forcibly closed."

Cause

We have begun deprecation of TLS 1.1 and 1.0 in Microsoft 365. Starting on June 30, 2021, the Search service will no longer accept connections that use TLS 1.1 or 1.0. If you're using the cloud Search service application (SSA) on older versions of Windows, you have to manually enable TLS 1.2 to have on-premises content indexed in SharePoint in Microsoft 365.

Resolution

To fix this issue, enable TLS 1.2 by following these instructions:

• Enable TLS and SSL support in SharePoint 2013
• Enable TLS 1.1 and TLS 1.2 support in SharePoint Server 2016
• Enable TLS 1.1 and TLS 1.2 support in SharePoint Server 2019

Note

If you still experience these issues in Windows Server 2012 or Windows Server 2008 R2 SP1, try the following solutions:

• The Easy Fix Tool can add TLS 1.2 and TLS 1.1 Secure Protocol registry keys automatically. For more information, see Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.
• For Windows Server 2012, if you still receive intermittent connectivity errors after you run the Easy Fix Tool, consider disabling DHE cipher suites. For more information, see Applications experience forcibly closed TLS connection errors when connecting SQL Servers in Windows.

Also, check the supported cipher suites and cipher suite sort order. For TLS 1.2, the following cipher suites are supported by Azure Front Door:

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

To add cipher suites, either deploy a Group Policy setting or use the Local Group Policy Editor, as described in Configuring TLS Cipher Suite Order by using Group Policy.

Important

Change the order of the cipher suites to make sure that these four suites are at the top of the list (the highest priority).

For more information, see What are the current cipher suites supported by Azure Front Door?.

References

• Preparing for TLS 1.2 in Microsoft 365 and Microsoft 365 GCC
• Authentication errors occur when client doesn't have TLS 1.2 support

Still need help? Go to SharePoint Community.