We wanted to add a Default Domain so that the users did not have to enter a domain name to logon to our site. Did that, using Basic Authentication and added our domains on the IIS site. Fine, worked perfectly – the user only had to enter the username and password to logon. Fine. But…. when you win some you loose some… then my Search stopped working and Event Viewer filled up with the following error:
Event Type: WarningEvent Source: Windows SharePoint Services 3 SearchEvent Category: Gatherer Event ID: 2436Date: 2009-02-09Time: 09:15:02User: N/AComputer: xxxDescription:The start address
Context: Application ‘Search index file on the search server’, Catalog ‘Search’
Details: Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. (0x80041205)
Riiiight. What is your first thoughts on this error? Well, you update all passwords on the search account. On the services, on the Search settings, you check that the account has rights on your SQL server and so on… Until you realize that is has got nothing to do with permissions on the account. Must be something else that stops the crawl from working.
So I extended the site and used Windows Authentication. Search is working! So.. after endless testing back and forth it started to clear for me what was wrong.. Basic Authentication cannot be used as Default zone? During this weekend I came up with a solution that I tried today and that was successful! I did the following:
I have a web application on a site with SSL. Authentication provider is set to use Basic Authentication and on the IIS site I have entered a default domain.
I extended that web application to a site with Windows Authentication and select a zone for it, I chose Intranet. Now this is the site that the search will crawl, otherwise it cannot authenticate and it gives you the 2436 error message.
So therefore this site must be in the Default zone.
Enter Alternate Access Mappings and change places for your Default and Intranet Zone.
Wait 5 minutes (or whatever timer you use for the indexer) and… wow!
Search is working!!!
And since our load balancing servers are using the site with SSL, then I do not have to use a host header on any of the web applications – it uses the 443 port anyhow.
Now the challenge is to install Search Server Express 2008 once again, as a single server deployment. To be continued….