If you start seeing this error (below) being logged in the Application Log on the SharePoint Server that hosts the FAST Search Content SSA.
Log Name: Application
Source: Microsoft-SharePoint Products-SharePoint Server Search
Date: 22/06/2012 10:23:01 AM
Event ID: 2567
Task Category: Content Plugin
Failed to connect to spfast-01.like10.local:13391 Failed to initialize session with document engine: Unable to resolve Contentdistributor
This error can happen for a few reasons (FAST Search Certificate expired) but in my case it was because after applying the updated April 2012 CU for SharePoint 2010 SP1 (Note: The revised package includes support for resolving issues found in the original April 2012 CU) the domain account running the SharePoint Server Search 14 service was changed from the Database Access Account (like10\_sp_ap_dac) to the Search Service Account (like10\_fs_cssaa) and because of this the new account no longer had permissions to the FAST Search Certificate and caused the connections to fail. You can verify this by checking for the following error being logged in the System Log:
Log Name: System
Date: 22/06/2012 10:29:17 AM
Event ID: 36870
Task Category: None
A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003.
The fix for this is quite easy, you simply have to configure the Content SSA to use an SSL certificate for FAST Search Server 2010 for SharePoint again.
To verify the account name you need to configure go to Administrative Tools | Services and scroll down to the service named SharePoint Server Search 14 and check the user account named under Log On As which in this case was like10\_fs_cssaa.
I had already copied the files from the FAST Search Server to the SharePoint Server that I required to execute the Powershell command below. The instructions “Configure SSL enabled communication” covers all the steps if you’re looking for more detail.
On the SharePoint Server I opened a SharePoint 2010 Management Shell (as Administrator) and executed the following command:
PS D:\FASTSearch> .\SecureFASTSearchConnector.ps1 -certPath “D:\FASTSearch\FASTSearchCert.pfx” -ssaName “FAST Search Content SSA” -username “LIKE10\_fs_cssaa”
Enter the certificate password: ********
Updated acls on certificates private keys.
Your FAST Search Connector has been setup to use certificate, restarting osearch14.
Connection to contentdistributor spfast-01.like10.local:13391 successfully validated.