If you then open a FAST PowerShell console on this non-admin node, and run:
Set-FASTSearchIPSec -create -verbose
You see the following failure:
- The admin node has not been re-configured with the deployment.xml file containing the new server, and so does not allow the connection.
- One or both of the servers involved has "TCP Chimney Offloading" enabled
- The servers have a mismatch in Windows Firewall states for the "Domain" profile
For Cause #2, TCP Chimney should be disabled on all servers as per http://support.microsoft.com/kb/951037, since it can break IPSec encapsulation. As noted in the KB article, this may have different names in the "Advanced" section of the Network Adapter properties, depending on driver. One common name besides TCP Chimney is "TCP Checksum Offloading".
For Cause #3, the Windows Firewall states on both servers should match for the "Domain" profile. The firewall should be either "ON" everywhere, or "OFF" everywhere, and can be checked by running "netsh advfirewall show domain". The product recommendations are for it to be "ON", so that all traffic between FAST servers is IPSec encapsulated, but if it must be "OFF" due to other factors, it should be "OFF" on all servers.
Raksta ID: 2534336. Pēdējo reizi pārskatīts: 2012. gada 13. dec.. Pārskatījums: 1