Error: Access is denied. Check that the Default Content Access Account has access to this account, or add a crawl rule to crawl this content.
When working with the Search feature in Microsoft Office SharePoint Server (MOSS) 2007 you may have encountered the following error:
Access is denied. Check that the Default Content Access Account has access to this account, or add a crawl rule to crawl this content.
I have experienced this error on Windows Server 2008 R2 (and SQL Server 2008) as well as Windows Server 2003 R2 (and SQL Server 2005). In both cases I was running MOSS 2007.
SOLUTION 1 – Specify the Content Access Account & Password
To resolve this error, the most obvious thing to try is to add the Content Access account to the crawl rule as described below. However, this may not solve your problem. In any case, try this method first before you try solution 2.
1. Go to Central Administration and click on the Shared Services Provider (SSP) where you want to configure search.
2. From the home page of the Shared Services Administration, under Search click Search settings.
3. In the left navigation bar, under Crawling section click Default content access account.
4. Enter the Content Access account in the form DomainName\AccountName. For example, SeattlePro\Content. Alternatively, you can also enter it in the User Principal Name (UPN) format, such as AccountName@DomainName.com.
NOTE: Some people have reported that they have fixed the above error simply by changing the format from DomainName\AccountName to AccountName@DomainName.com. However, that solution didn’t work for me.
SOLUTION 2 – Disable the Loopback Check
Another solution is to disable the loopback check by setting the DisableLoopbackCheck registry key. The loopback check security feature is designed to help prevent reflection attacks on your computer. Therefore, disabling it has its consequences. Microsoft describes the disabling of loopback check in more detail in KB896861. Here’s how.
Follow these steps to set the DisableLoopbackCheck registry key:
- Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
281308 (http://support.microsoft.com/kb/281308/ ) Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
NOTE: I was able to fix my problem without making the registry change mentioned in this step 1. I only made the change described below. - Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Although Microsoft suggests that you need to restart your computer, I have been able to make the above change and fix the problem without restarting the server.
WARNING! There’s one thing that you ought to know about disabling the loopback. It’s okay to disable it in a test/development environment but not in a production environment. Microsoft SharePoint MVP Spencer Harbar has written a blog post about the consequences of disabling loopback in the production environment that is a must read.
Copyright ©2010 Zubair Alexander. All rights reserved.