FAST Search Authorization Admin Unable to complete request to sam worker node

This FAST Search error appeared after running Configuration Wizard and rebooting. NOTE: We had not configured either of the FAST Content SSA or FAST Query SSA yet.

  In one of our environments we got the errors below.  We tried a number of things to resolve the error and after a while it felt like we were banging our head against a wall.

The last thing I did which lead me to the solution was downloading Network Monitor and enable the filter for “Authentication Traffic” and what I noticed was a number of errors like this:

KerberosV5:KRB_ERROR  – KDC_ERR_S_PRINCIPAL_UNKNOWN (7)

FAST Search Event Log Errors

Log Name:      FAST Search
Source:        FAST Search Authorization Admin
Date:          1/7/2011 1:44:37 PM
Event ID:      1000
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      QA-FST-01.QA.LOCAL
Description:
AdminLibrary.dll:MakeRemoteRequestToWorker – Unable to complete request to sam worker node "net.tcp://qa-fst-01.qa.local:13279/" – Unable to get last committed transaction id Main Exception: Client is unable to finish the security negotiation within the configured timeout (00:00:00).  The current negotiation leg is 1 (00:00:00).   [System.TimeoutException] Caused By: The open operation did not complete within the allotted timeout of 00:00:00. The time allotted to this operation may have been a portion of a longer timeout. [System.TimeoutException] Caused By: Open timed out after 00:00:00 while establishing a transport session to net.tcp://qa-fst-01.qa.local:13279/TransactionLogService. The time allotted to this operation may have been a portion of a longer timeout. [System.TimeoutException] Caused By: Connecting to via net.tcp://qa-fst-01.qa.local:13279/TransactionLogService timed out after 00:00:00. Connection attempts were made to 0 of 2 available addresses (). Check the RemoteAddress of your channel and verify that the DNS records for this endpoint correspond to valid IP Addresses. The time allotted to this operation may have been a portion of a longer timeout. [System.TimeoutException]

Log Name:      FAST Search
Source:        FAST Search Authorization Admin
Date:          1/7/2011 1:44:37 PM
Event ID:      1000
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      QA-FST-01.QA.LOCAL
Description:
AdminLibrary.dll:Resuscitate – Unable to get LastCommittedTransactionId from "net.tcp://qa-fst-01.qa.local:13279/".  Can’t resuscitate.

The FIX

The FAST Search Service should be stopped before the next steps.  I logged onto the DC and launched the ADSI edit and created the following SPNs for the SharePoint FAST User Domain Account where QA-FST-01 is the name of the FAST Search server:

http/qa-fst-01
http/qa-fst-01.qa.local

I then launched the Active Directory Users and Computer MMC snap-in and located the SharePoint FAST User Account and in the properties dialog under the delegation tab select the “Trust this user for delegation to any service (Kerberos only)” and press Apply.

At this point on the FAST Search Server you can start the FAST Search service and continue with the configuration of the Content and Query SSAs.