Configuring crawl on a SBS 2008 – Default Content Access error

I installed Microsoft Office Sharepoint 2007 (MOSS) on a Small Business Server 2008. I configured the SSP and the search but the crawling did not start. Each time I started a Full Crawl, it ended up with the following error in the crawl log:

Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has “Full Read” permissions on the SharePoint Web Application being crawled. (The item was deleted because it was either not found or the crawler was denied access to it.)

At the same time the problem was that I could not browse to my Sharepoint Portal from within the IE of my server but I could do it without any problems from any other computer or from the Internet. This behaviour started immediately after modifying the default Alternate Address Mapping for my default web application: instead of the name of the server (e.g. http://companyweb) I had put the internet address (e.g. http://www.mycompany.com). (as a detail, I had also mapped my internet address to 127.0.0.1 in the local hosts file)

After some research I found that this error comes when you use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer. It seems that this security protection is in place since IIS 5.1. So if I can not browse on the server to my own portal, neither the search service can do it (running as the same admin user)

Cause and resolution are fully described here: http://support.microsoft.com/kb/896861

Method 1: Disable the loopback check

Follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.

This worked fined for me but be aware that the Microsoft article proposes an alternative solution: Method 2: Specify host names

Solutions are there but nevertheless, I can not stop myself of saying that these solutions make Sharepoint server just a bit less secure, at least in he eyes of an security audit trail.

This blog post definitely help me in finding the right solution : http://svengillis.blogspot.com/2008/10/access-denied-when-crawling-moss.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: