MOSS Search Stopped working
One fine day,one customer mailed me that he is not getting any search result."not even a single search result"..well it was more than a panic to me as day after we had a project server training and ppl might use Search functionality alot to get their projects and documents.
After hell lot of effort, finally I was able to find out the reason behind it.
There may be many reasons to stop Moss search but in our case it was MS Security update in MOSS web server "MS08-068: Vulnerability in SMB could allow remote code execution"
Basically,this security update stops client to log in in Server machine(so you can log in on any application outside server,but if you try to log in on same app inside MOSS server,it will not allow you to do so.
Now,due to this patch,our search service account was not able to crawl( as access denied was occurring) ..
to Fix this problem I published a paper as follows
Search Crawl is not working in MOSS 2007 server
Symptoms: whenever we try to crawl search content source, it doesn’t get crawl properly and we start getting access denied message.
“Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled.”
If we check our server’s security event viewer, we get logs with following details
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number
Cause: This issue occurs if you install Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that we use does not match the local computer name.
Workaround :
Specify host names (Preferred method if NTLM authentication is desired, which we are using)
To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:
1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
281308
2. Click Start, click Run, type regedit, and then click OK.
3. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
4. Right-click MSV1_0, point to New, and then click Multi-String Value.
5. Type BackConnectionHostNames, and then press ENTER.
6. Right-click BackConnectionHostNames, and then click Modify.
7. In the Value data box, type the host name or the host names for the sites that are on the local computer and then click OK.
8. Quit Registry Editor, and then restart the IISAdmin service.
Important: Please have a back up of registry so that we can restore them in case of any issue in future.
*For more details Please see MS KB 896861
I wrote following script to change the registry keys also..create a registry notepad with name Insert_DisableLoopback and copy following script in it
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableLoopbackCheck"=dword:00000001
Just run this script ..and it will allow your search account to crawl fully ..
To Remove it ..create Remove_DisableLoopback text and save as registry file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableLoopbackCheck"=-
Now,you have to crawl search content source once(as shown in image) to render result right away
After hell lot of effort, finally I was able to find out the reason behind it.
There may be many reasons to stop Moss search but in our case it was MS Security update in MOSS web server "MS08-068: Vulnerability in SMB could allow remote code execution"
Basically,this security update stops client to log in in Server machine(so you can log in on any application outside server,but if you try to log in on same app inside MOSS server,it will not allow you to do so.
Now,due to this patch,our search service account was not able to crawl( as access denied was occurring) ..
to Fix this problem I published a paper as follows
Search Crawl is not working in MOSS 2007 server
Symptoms: whenever we try to crawl search content source, it doesn’t get crawl properly and we start getting access denied message.
“Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled.”
If we check our server’s security event viewer, we get logs with following details
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number
Cause: This issue occurs if you install Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that we use does not match the local computer name.
Workaround :
Specify host names (Preferred method if NTLM authentication is desired, which we are using)
To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:
1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
281308
2. Click Start, click Run, type regedit, and then click OK.
3. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
4. Right-click MSV1_0, point to New, and then click Multi-String Value.
5. Type BackConnectionHostNames, and then press ENTER.
6. Right-click BackConnectionHostNames, and then click Modify.
7. In the Value data box, type the host name or the host names for the sites that are on the local computer and then click OK.
8. Quit Registry Editor, and then restart the IISAdmin service.
Important: Please have a back up of registry so that we can restore them in case of any issue in future.
*For more details Please see MS KB 896861
I wrote following script to change the registry keys also..create a registry notepad with name Insert_DisableLoopback and copy following script in it
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableLoopbackCheck"=dword:00000001
Just run this script ..and it will allow your search account to crawl fully ..
To Remove it ..create Remove_DisableLoopback text and save as registry file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"DisableLoopbackCheck"=-
Now,you have to crawl search content source once(as shown in image) to render result right away
Comments