Error running full crawl in hybrid search – “AzurePlugin was not able to get Tenant Info from configuration server”. As this error appears on a clean installed environment, the issue appears to be a bug in SP2016 which MS is yet to provide a solution.
Issue:
If you need to configure SharePoint 2016 Hyrbrid Search, please refer here for detailed steps.
To run a full crawl, you need to have a search service configured with content source pointing to on-prem. The documentation for setting up Hybrid Search also contains the Windows PowerShell script (OnBoard-HybridSearch.ps1) required for enabling server-to-server authentication
Run the PowerShell script and provide the SharePoint Online site url at the prompt along with authentication of a site collection Admin.
If connection is successful, the script will proceed and you should be presented with an output similar to the screen below.
In this print screen you can see the Tenant ID, Authentication Realm and the connected endpoint address.
At this point on-boarding is completed. After that you need to create a content source and run full crawl
However, while attempting to run full crawl we are getting an error in the Crawl log
An unexpected error occurred in the Azure plugin. This item will be retried in the next incremental crawl. ( AzureException AzurePlugin was not able to get Tenant Info from configuration server; SearchID = C2564792-BE82-56B6-C815-369B729EBC93 )
After googling, I came to know this can happen for proxy setting (http://www.spjeff.com/2016/12/12/fixed-azureplugin-was-not-able-to-get-tenant-info-from-configuration-server-cssa/)
Unfortunately, since I was not using any proxy I had to find an answer myself. I had to looked in to the ULS to get more clue and what I found stunned me.
AzureServiceProxy::GetCerts caught AggregateException: Unable to connect to the remote server
AzureServiceProxy::GetCerts: Failed to get encryption certificates from cert server * for realm *, documents will be send unencrypted (if unecrypted submit is allowed)
AzureServiceProxy::GetAzureTenantInfo caught AggregateException: Unable to connect to the remote server, unable to get ServiceProperties, submit is blocked
AzureServiceProxy caught Exception: *** Microsoft.Office.Server.Search.AzureSearchService.AzureException: AzurePlugin was not able to get Tenant Info from configuration server at Microsoft.Office.Server.Search.AzureSearchService.AzureServiceProxy.GetAzureTenantInfo(String portalURL, String realm, String& returnPropertyValue, String propertyName) at Microsoft.Office.Server.Search.AzureSearchService.AzureServiceProxy.SubmitDocuments(String azureServiceLocation, String authRealm, String SPOServiceTenantID, String SearchContentService_ContentFarmId, String portalURL, String testId, String encryptionCert, Boolean allowUnencryptedSubmit, sSubmitDocument[] documents, sDocumentResult[]& results, sAzureRequestInfo& RequestInfo) ***
I looked in the permission and found that Default content access account doesn’t not have read permission on web application. I manually provided read permission but did not work.
Solution:
I again run On-boarding script after adding the permission manually and crawl the content, everything worked.
Verification:
Here is the crawl history which is showing that previously failed all contents have been successfully crawled.
I have verified the same from crawl database too
Now all on-premise contents are available in O365.
