Share via

Access Denied with Windows Server 2008 and MOSS when Crawling

  • Article

So i created a new vm using Windows Server 2008, SharePoint Server 2007 + SP1 + Infrastructure updates.  I'm also using a least priveleged account setup with least priveleged accounts running the individual MOSS Services and app pools.  When I started a crawl of local office sharepoint server sites i noticed i was getting 401'ed by SiteData.asmx.  

If you receive an warning in your event log with event id 2436 - "Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content.   (0x80041205)". 

or this one in your crawl logs

Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. (The item was deleted because it was either not found or the crawler was denied access to it.) 

After a day of banging my head against my desk i figured out that Loopback check needed to be disabled.  Interesting that IIS 7 isn't mentioned in the KB.  Here's the Disabling the Loopback Check KB.

Comments

  • Anonymous
    September 18, 2008
    PingBack from http://www.easycoded.com/access-denied-with-windows-server-2008-and-moss-when-crawling/

  • Anonymous
    October 14, 2008
    Thank you so much for this timely post! I ran into this exact issue after switching to using host headers in my MOSS farm (SP1, Infrastructure Updates, August Cumulative Updates). All was fine while I used different ports for the web sites, but as soon as I configured the farm with host headers, I kept getting the errors mentioned above. Thanks again!

  • Anonymous
    October 16, 2008
    Dude, thanks!  3 days of looking for an answer and this was it!

  • Anonymous
    November 09, 2008
    There is one more issue you will probably encounter (and I think this will apply to any version of SharePoint

  • Anonymous
    December 02, 2008
    love your work , hair is growing back now, although i have a bit of a bald patch because of this

  • Anonymous
    February 16, 2009
    The comment has been removed

  • Anonymous
    February 16, 2009
    Never mind. I finally got it working. Went to the Central Administration site, Operations, Services on Servers. Set it to ALL Services, then clicked on the Search Server. Set the parameters correctly for my new ID. First time it failed because I had added the intrinsic Administrator. I went back and removed all the administrator groups from the ID, then updated it again. It took and everything was wonderful.

  • Anonymous
    March 05, 2009
    Did you apply this change to all WFEs or just the indexing server?

  • Anonymous
    March 05, 2009
    i would think that all wfe servers need this update if they are being crawled.  Personally i only ran a single server setup.  

  • Anonymous
    March 19, 2009
    Great job, shawnfel! Thanks a lot - we were pulling our hair for 3 days now. Don't know how you figured that out but that was right on target - didn't even require any other action like search service restart or anything else. The search just picked up after the registry change has been made.

  • Anonymous
    May 18, 2009
    Thanks, Shawnfel! Works like a charm. Finally we have an index to search ... Keep up the good work!

  • Anonymous
    August 06, 2009
    Thank you for the posting.  Method 1 worked for me!

  • Anonymous
    November 10, 2009
    The comment has been removed

  • Anonymous
    December 02, 2009
    Search Server 2008 shows this error for a SharePoint Site (Windows SharePoint Services 3 SP2): Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. (The item was deleted because it was either not found or the crawler was denied access to it.) I solved it by adding the crawler account to: Central Administration > Application Management > Policy for Web Application. Permissions: Full Read.

  • Anonymous
    December 23, 2009
    The comment has been removed

  • Anonymous
    January 04, 2010
    @Rupinder Kaur Virdi Are you crawling FQDN's? For example http://myhost.mydomain.com. This will require you to setup your domain as part of the intranet zone in IE.  By default the crawler does not know how to login to the internet zone via windows credentials.  

  • Anonymous
    October 20, 2010
    A big thank you!!!! Search Apps are up

  • Anonymous
    February 16, 2012
    The comment has been removed