Hybrid search fails to crawl or return results
Symptoms
You experience one or more of the following issues when you use hybrid search in SharePoint in Microsoft 365:
- Crawling fails.
- No result is returned.
- You receive an error message, such as "An existing connection was forcibly closed."
Cause
We have begun deprecation of TLS 1.1 and 1.0 in Microsoft 365. Starting on June 30, 2021, the Search service will no longer accept connections that use TLS 1.1 or 1.0. If you're using the cloud Search service application (SSA) on older versions of Windows, you have to manually enable TLS 1.2 to have on-premises content indexed in SharePoint in Microsoft 365.
Resolution
To fix this issue, enable TLS 1.2 by following these instructions:
- Enable TLS and SSL support in SharePoint 2013
- Enable TLS 1.1 and TLS 1.2 support in SharePoint Server 2016
- Enable TLS 1.1 and TLS 1.2 support in SharePoint Server 2019
Note
If you still experience these issues in Windows Server 2012 or Windows Server 2008 R2 SP1, try the following solutions:
- The Easy Fix Tool can add TLS 1.2 and TLS 1.1 Secure Protocol registry keys automatically. For more information, see Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.
- For Windows Server 2012, if you still receive intermittent connectivity errors after you run the Easy Fix Tool, consider disabling DHE cipher suites. For more information, see Applications experience forcibly closed TLS connection errors when connecting SQL Servers in Windows.
Also, check the supported cipher suites and cipher suite sort order. For TLS 1.2, the following cipher suites are supported by Azure Front Door:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
To add cipher suites, either deploy a Group Policy setting or use the Local Group Policy Editor, as described in Configuring TLS Cipher Suite Order by using Group Policy.
Important
Change the order of the cipher suites to make sure that these four suites are at the top of the list (the highest priority).
For more information, see What are the current cipher suites supported by Azure Front Door?.
References
- Preparing for TLS 1.2 in Microsoft 365 and Microsoft 365 GCC
- Authentication errors occur when client doesn't have TLS 1.2 support
Still need help? Go to SharePoint Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for