Search Service Application: Crawl Log Error - Access is denied :-(

Today I had some trouble with a new installation of a SharePoint Server Subscription Edition. The customer complains about the search and missing results. I checked the Crawl-Log entries and noticed the following error message:

Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled.
Crawl-Log error message

First I checked the permission of the search account, the AAM settings and zones. I also double checked the permission to the User profile service. Everything was poperly set.

Hmmmm ... :-(

Finally I was able to figure out the problem.

To solve this error I disabled the Loopback-Check in the registry. Here are the steps

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. In the Value data box, type 1, and then click OK.
  6. Finish. Close the Registry Editor.
  7. Restart if needed

Keep in mind: Changes in the registry are dangerous. Do it with precaution.

The above registry setting is fine to check if the error is solved with this setting. For production SharePoint farms it is recommended to create Local Security Authority host names that can be referenced in a NTLM authentication requests. To use the method, follow the next listed steps for all the nodes on the client computer:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. In the Name column, type BackConnectionHostNames, and then press Enter.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the CNAME or the DNS alias, that is used for the local shares on the computer, and then click OK.
    • Type each host name on a separate line.
    • If the BackConnectionHostNames registry entry exists as a REG_DWORD type, you have to delete the BackConnectionHostNames registry entry.
  7. Close the Registry Editor, and then restart the computer
See also:


Beliebte Posts aus diesem Blog

Exchange Online: Schutzregel für E-Mail Weiterleitung

Vertikaler Bereich deaktiviert

Power Automate: Abrufen von SharePoint Listenelementen mit ODATA-Filter