Thursday, December 9, 2010

Access denied errors from crawl

My crawl log was showing a couple of top level errors with this message:
Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled

It turns out that I should have disabled the loopback check as mentioned in SharePoint disable loopback check (DisableLoopbackCheck in registry). This is just a matter of setting a DWORD value for DisableLoopbackCheck in the registry under HKLM\SYSTEM\CurrentControlSet\Contro\Lsa

Curious, I did some more research on what DisableLoopbackCheck actually does and came across KB896861 which mentions that the preferred approach would be to create a MultiString Value BackConnectionHostNames in the registry under HKLM\SYSTEM\CurrentControlSet\Contro\Lsa\MSV1_0 and add a list of your host names.

I also found this reference about DisableLoopbackCheck & SharePoint: What every admin and developer should know. This explains why the latter is better for security reasons.

Unfortunately, when I tried the latter, the http start address crawled properly but the sps3 one would not. Since I was short on time and this was just a demo server I decided to cheat and go with the former. Maybe someday I will reinvestigate this.

No comments:

Post a Comment