Monday, February 9, 2009

Search and Basic Authentication

We wanted to add a Default Domain so that the users did not have to enter a domain name to logon to our site. Did that, using Basic Authentication and added our domains on the IIS site. Fine, worked perfectly - the user only had to enter the username and password to logon. Fine. But.... when you win some you loose some... then my Search stopped working and Event Viewer filled up with the following error:

Event Type: WarningEvent Source: Windows SharePoint Services 3 SearchEvent Category: Gatherer Event ID: 2436Date: 2009-02-09Time: 09:15:02User: N/AComputer: xxxDescription:The start address cannot be crawled.
Context: Application 'Search index file on the search server', Catalog 'Search'
Details: Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. (0x80041205)

Riiiight. What is your first thoughts on this error? Well, you update all passwords on the search account. On the services, on the Search settings, you check that the account has rights on your SQL server and so on... Until you realize that is has got nothing to do with permissions on the account. Must be something else that stops the crawl from working.

So I extended the site and used Windows Authentication. Search is working! So.. after endless testing back and forth it started to clear for me what was wrong.. Basic Authentication cannot be used as Default zone? During this weekend I came up with a solution that I tried today and that was successful! I did the following:

I have a web application on a site with SSL. Authentication provider is set to use Basic Authentication and on the IIS site I have entered a default domain.
I extended that web application to a site with Windows Authentication and select a zone for it, I chose Intranet. Now this is the site that the search will crawl, otherwise it cannot authenticate and it gives you the 2436 error message.
So therefore this site must be in the Default zone.
Enter Alternate Access Mappings and change places for your Default and Intranet Zone.
Wait 5 minutes (or whatever timer you use for the indexer) and... wow!
Search is working!!!
And since our load balancing servers are using the site with SSL, then I do not have to use a host header on any of the web applications - it uses the 443 port anyhow.

Now the challenge is to install Search Server Express 2008 once again, as a single server deployment. To be continued....

Thursday, February 5, 2009

Search Server Express 2008 on a WSS farm NO NO

That will NOT work! Even if it says so when you read about it... or does it? Quite unclear information on MS pages I would say. But after having installing, trying to make it work, uninstalling, and install again I finally got an answer to why it didn't work:

So, do NOT install the advanced option of Search Server Express 2008 if you have a WSS 3 server farm. It will NOT work! So bad for me it had to take 2 days and nights to find that out... I thought that the issue with Search was that we are using Basic Authentication on our sites, since that is a problem as well. My work right now only consists of troubleshooting, errors, ugly sessionstate errors in web.config files etc. Read article on issues with using Basic Auth and Search here:
Now I will try to reinstall SSEX using Basic installation and not the Advanced....