2436 event ID MOSS search problem

Posted by Donny van Huizen at 9:24 PM Thursday, November 20, 2008

Incident:

Office Sharepoint Server 2007 on Windows Server 2008...
Event ID 2436 Office Search Server
The start address <our web address> cannot be crawled
Details: Access is denied. check that the Default Content Access Account has
access to this content or add a crawl rule to crawl this content.
Searches return no results. The crawler can't crawl. There is a KB article
(952172) about this Event ID focused on removing the .txt file extension from
the file exclusion list. In our brand new installation the .txt file
extension was never on that list to begin with. The robots.txt file does
exist and it only includes some folders like /images. I don't think that's it
this time. It would seem to be an access and permissions issue.
I've configured every different Default Content Access Account I can think
of, from an ordinary user with no admin priv to the ultimate domain admin
account. Still the same error. Crawl rules didn't change anything either.
Can someone please provide details on how to choose what account to use for
the DCAA and what permissions to give that account, etc, etc. Detailed steps
please, I'm at the end of my rope...

Solution:

Method 1: Specify host names
Note We recommend that you use this method.
To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  7. Quit Registry Editor, and then restart the IISAdmin service.
Method 2: Disable the loopback check
Follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.
0 comments Labels:

Insufficient rights when configuring SSO

Posted by Donny van Huizen at 12:04 AM Thursday, November 13, 2008

When I'm setting up SSO I get the following error:

You do not have the rights to perform this operation.

The service is started, the service account is a part of the local administrators group; dbcreator, securityadmin on the database; a member of the sharepoint farm administrators group.  I'm loooking at the docs at http://technet2.microsoft.com/Office/en-us/library/841080ca-3e3b-4dbc-a081-43c29c76b3551033.mspx?mfr=true and I noticed the Central Administration site doesn't have a "Reader" group. 

The event log shows the following:

Type:  Error
Date:  1/18/2007
Time:  6:40:24 PM
Event:  6517
Source:  Office SharePoint Server
Category: SSO
User:  N/A
Computer: SERVERNAME
Description:
User DOMAIN\myuser failed to configure the single sign-on server. The error returned was 0x80630005. Verify this account has sufficient permissions and try again.

Oplossing:

  • Create a domain account like SSO_Service_Account
  • In the Windows Services applet: on tab "logon" set the "Microsoft Single Sign On Service" to run as this account
  • Add account to groups "Administrators" (for key server) and " WSS_Admin_WPG" on the MOS server
  • Log off as Administrator
  • Log on locally to you key server with this account (not as Administrator)
  • Run Central Admin 3.0, and click manage SSO
  • Enter the same account for property "SSO Administrator Account"
0 comments Labels: ,

Insufficient rights when configuring SSO

Posted by Donny van Huizen at 12:04 AM

When I'm setting up SSO I get the following error:

You do not have the rights to perform this operation.

The service is started, the service account is a part of the local administrators group; dbcreator, securityadmin on the database; a member of the sharepoint farm administrators group.  I'm loooking at the docs at http://technet2.microsoft.com/Office/en-us/library/841080ca-3e3b-4dbc-a081-43c29c76b3551033.mspx?mfr=true and I noticed the Central Administration site doesn't have a "Reader" group. 

The event log shows the following:

Type:  Error
Date:  1/18/2007
Time:  6:40:24 PM
Event:  6517
Source:  Office SharePoint Server
Category: SSO
User:  N/A
Computer: SERVERNAME
Description:
User DOMAIN\myuser failed to configure the single sign-on server. The error returned was 0x80630005. Verify this account has sufficient permissions and try again.

Oplossing:

  • Create a domain account like SSO_Service_Account
  • In the Windows Services applet: on tab "logon" set the "Microsoft Single Sign On Service" to run as this account
  • Add account to groups "Administrators" (for key server) and " WSS_Admin_WPG" on the MOS server
  • Log off as Administrator
  • Log on locally to you key server with this account (not as Administrator)
  • Run Central Admin 3.0, and click manage SSO
  • Enter the same account for property "SSO Administrator Account"
0 comments Labels:
Subscribe to: Posts (Atom)