SharePoint - Steps to Consume Search Service App from 2010 in 2013

Updated on 2/19/2015

Pre-requisites

  1. Sharepoint 2010 and 2013 farms are installed an configured
  2. SharePoint 2010 has a search service application that has crawled the SharePoint 2013 content
  3. SharePoint 2010 has a search center configured

1) The first step would be to establish a trust between the 2010 and 2013 farms

In 2013 (consuming farm) SharePoint management shell, export the root and sts certs:

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content C:\ConsumingFarmRoot.cer -Encoding byte
$stsCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$stsCert.Export("Cert") | Set-Content C:\ConsumingFarmSTS.cer -Encoding byte

In 2010 (publishing farm) SharePoint management shell, export the root cert:

$rootCert = (Get-SPCertificateAuthority).RootCertificate
$rootCert.Export("Cert") | Set-Content C:\PublishingFarmRoot.cer -Encoding byte

In central admin for both farms, click Security. On the Security page, in the General Security section, click Manage trust. On the Trust Relationship page, on the ribbon, click New. On the Establish Trust Relationship page upload the Root Authority Certificate for the trust relationship. This must be the Root Authority Certificate that was previously exported from the other farm using Windows PowerShell.

If you are performing this task on the publishing farm, select the check box for Provide Trust Relationship. Type in a descriptive name for the token issuer and browse to and select the STS certificate that was copied from the consuming farm.

2) Publish the search service application in the SharePoint 2010 farm

  1. On the SharePoint Central Administration website, click Application Management, and then click Manage service applications.
  2. Click the row that contains the service application that you want to publish. Commands on the ribbon become available.
  3. On the ribbon, click Publish.
  4. In the Publish Service Application dialog box: Select the Connection Type that you want from the drop-down list.
  5. If you want the service application to be available to remote farms, select the check box for Publish this Service Application to other farms. 
  6. Copy the Published URL into Notepad or another text editor. You must provide this URL to remote farms to connect the remote farms to the published service application. The URL will be similar to the following:
    urn:schemas-microsoft-com:sharepoint:service:9c1870b7ee97445888d9e846519cfa27#authority=urn:uuid:02a493b92a5547828e21386e28056cba&authority=https://ua_powershell:32844/Topology/topology.svc

3) Add permissions to the search application so that the SharePoint 2013 farm can connect to it

  1. In SharePoint 2013 SharePoint management shell find the farm id:
  2. Get-SPFarm | Select Id
  3. In the SharePoint 2010 Central Administration website, click Application Management, and then click Manage service applications.
  4. Click the row that contains the search service application we are setting permissions for.
  5. On the ribbon, click Permissions.
  6. In the Connection Permissions dialog box, do the following:
  7. Manually paste the ID of the consuming farm
  8. Click Add.
  9. Select the consuming farm ID, and then select the Full Control check box.
  10. Click OK

4) Connect to the published search service application

  1. In the 2013 (consuming) farm, on the SharePoint Central Administration website, click Application Management, and then click Manage service applications.
  2. On the ribbon, click Connect.
  3. On the Connect drop-down menu, click the kind of service application to which you want to connect.
  4. On the Connect to a Remote Service Application page, type the appropriate URL in the Farm or Service Application address text box, and then click OK.
  5. This is the url that was copied in step 2. It will look like:
    urn:schemas-microsoft-com:sharepoint:service:9c1870b7ee97445888d9e846519cfa27#authority=urn:uuid:02a493b92a5547828e21386e28056cba&authority=https://ua_powershell:32844/Topology/topology.svc
  6. The Connect to a Remote Service Application dialog box displays the service applications that match the URL entered in the previous step. Click the row that contains the name of the service application, and then select the check box to add the service application connection to the farm’s default list of service application connections (that is, the default proxy group). Click OK.
  7. You are prompted to change the connection name. Type a new name into the Connection Name text box or leave the default name, and then click OK.
  8. After the new connection is created, you must click OK to complete the procedure.

5) In SharePoint 2013, change the search settings for the site collections to point to the 2010 search center. Now when users use the search box, they will be redirected to the SharePoint 2010 search center 

Note: You may need to give access to the topology service as the consuming farm does not have rights to speak to the publishing farm's topology service

  1. On the consumer farm, run the following command to get the id of the consumer farm: (Get-SPFarm).Id
  2. Copy the Id output from this command, and run the following command on the publisher farm:
$security = Get-SPTopologyServiceApplication | Get-SPServiceApplicationSecurity
$claimProvider = (Get-SPClaimProvider System).ClaimProvider
$principal = New-SPClaimsPrincipal -ClaimType "http://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimProvider -ClaimValue "farmidFromPrevStep" Grant-SPObjectSecurity -Identity $security -Principal $principal -Rights "Full Control"
Get-SPTopologyServiceApplication | Set-SPServiceApplicationSecurity -ObjectSecurity $security

For more details on these steps see: Share service applications across farms in SharePoint 2013