Thursday, July 16, 2009

Search not working on a MOSS site, "Access denied" error on search crawl

I faced this problem once, the search on my MOSS site did not seem to capture the latest documents or items. One look at the server and I found that crawl job is failing. Gives "Access Denied" error on search crawl. I obviously started by checking that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. (The item was deleted because it was either not found or the crawler was denied access to it.)"

I looked left right top bottom everywhere to get a plausible solution why it could break so suddenly. It was using the admin account as default content access, even tried changing that, to no avail.

Then came across the following solution after lots of digging on net, and a solution that is totally irrelevant to the problem, but neverthless tried it, and lo it works!!!
Solution is to disable the loopback check on the server. Use the following steps to do this:

Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
Right-click Lsa, point to New, and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
Quit Registry Editor, and then restart your computer.

Anybody would wonder how the loopback check has to do something with the authentication on the moss server. So a possible explanation is given by the following article:

In a nutshell they try to say that this issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

It sounds a bit relevant finally!! Hope it helps somebody facing a similar problem....

Happy Sharepointing!!!

No comments:

Post a Comment