Errors when crawling content sources in SharePoint Server 2007: "Event ID 2436" and "Access is denied"

Crawling of content on a server that is running Microsoft Office SharePoint Server 2007 or Windows SharePoint Services 3.0 fails for sites that use host headers. Sites that use the NetBIOS name of the server are crawled successfully.

After you apply one of the following, errors may occur:

• KB957097 MS08-068: Vulnerability in SMB could allow remote code execution
• KB958687 MS09-001: Vulnerabilities in SMB could allow remote code execution
• Framework 3.5 Service Pack 1 (SP1) - Changes to NTLM authentication for HTTPWebRequest in Version 3.5 SP1
  http://msdn.microsoft.com/en-us/library/cc982052.aspx (http://msdn.microsoft.com/en-us/library/cc982052.aspx)

The errors that may occur are as follows:

• The following event may be logged in the Application log of the Index server:

  Event Source: Windows SharePoint Services 3 Search
  Event Category: Gatherer
  Event ID: 2436
  Computer: SERVERNAME
  Description:
  The start address <sts3://*******/contentdbid={GUID}> cannot be crawled.
  Context: Application 'Search index file on the search server', Catalog 'Search'
  Details:
  Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. (0x80041205)

• Or, the following error may be logged in the Microsoft Office SharePoint Server (MOSS) 2007 crawl logs:
  Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content.
  (The item was deleted because it was either not found or the crawler was denied access to it.)
• On a SharePoint 2003 Index server, an event that resembles the following may be logged in the Application log:

  Event Type: Warning
  Event Source: Microsoft SharePointPS
  Search Service Event Category: Gatherer
  Event ID: 3036
  Date: 8/24/2009
  Time: 1:00:01 PM
  User: N/A
  Computer: <indexservername>
  Description: The content source <http://<Indexservername>/> cannot be accessed.
  Context: http://<Indexservername>/Application, Portal_Content Catalog
  Details: Access is denied. Check that the Default Content Access Account in SharePoint Central Administration is correct, or follow the "Exclude and Include Content" link to add a rule to specify the proper crawling account to access this URL. (0x80041205) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Windows Server 2003 Service Pack 1 (SP1) includes a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

For more information, click the following article number about how to back up and restore the registry to view the article about how to back up and restore the registry in the Microsoft Knowledge Base:

To resolve this problem, use one of the following methods. Follow these steps on all Web Front End servers and on any Index server that is configured to crawl itself.

Method 1: Specify host names

Note We recommend that you use this method.

To specify the host names that are mapped to the loopback address and that can connect to Web sites on your computer, follow these steps.

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. Type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
7. Exit Registry Editor, and then restart your computer.

Method 2: Disable the loopback check

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Exit Registry Editor, and then restart your computer.

For more information about a similar issue, click the following article number to view the article in the Microsoft Knowledge Base:

For more information, click the following article number to view the article in the Microsoft Knowledge Base: