We help IT Professionals succeed at work.

SharePoint 2010 Enterprise Search

Tehzar
Tehzar used Ask the Experts™
on
SharePoint 2010 environment.

A little background information.  Originally, this farm was stood up with FAST Search (though it was never properly configured).  I unprovisioned FAST Search and opted for Enterprise search (for the time being).  

I DisabledLoopBackCheck on all servers, I blew away the index, I verified my Default Access Account has full read permissions (and it can browse the sites with no issues).  
I've created several crawl rules (FQDN and IP) to include complex URLS and the SSL cert (also tried using the DCA but then I get an error saying the site requires a certificate).
When I run a crawl (full or TL), I receive the following error message

"Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled. ( Error from SharePoint site: HttpStatusCode Unauthorized The request failed with HTTP status 401: Unauthorized. )"

I am not seeing anything in the application logs or SharePoint ULS.  I've deleted the Enterprise Search Application and recreated to no avail.  

Farm is:

2 DMZ WFEs
3 Trust servers (1 CAD, 1 Index, 1 APP)

Current Search topology is
ADMIN component on APP server
Query and Crawl on Index server.  

I have tried to move the query component to the DMZ WFE but I get an error
"Topology activation was aborted because of Microsoft.Office.Server.Search.Administration.QueryComponentTransitionException: System.IO.IOException: The network path was not found."

Any assistance is greatly appreciated!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Additional Information:  

User Profile Service is not started on any of the servers (pending ForeFront UAG installation)

Any assistance with resolving search issues would be greatly appreciated, Thanks


ZaR
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
Out of curiosity.....are your web servers not attached to the domain?

Author

Commented:
Hi Ach1lles,

The wfes are joined to the domain, however, we've gone away from load balancing the wfes.  Primarily because we had issues with ForeFront TMG and our custom authentication scripts.  

Until ForeFront UAG is installed/configured (hopefully next week //fingers crossed//),   we've bound our web app to wfe01.  So, the site is only accessible internally via internal IP 172.xx.xx.xx.
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
Are you using Kerberos?

Author

Commented:
Yes, we are using Kerberos
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
I'm quite certain the URL you are crawling must use NTLM

Author

Commented:
I checked the web app and IIS, it's set to Negotiate (Kerberos).  I checked AD and verified SPNs are set to appropriate accounts.  What makes you think it's NTLM?
Sr. System Engineer
Top Expert 2012
Commented:

Author

Commented:
Thanks, ACH1LLES.  I'll take a look at it right now.

Author

Commented:
So, if this web app was originally created using NTLM (which it was) then later changed to Kerberos, Search will still try to crawl the url using NTLM, is that right?  If so, then that leaves me with two options:

1. extend the web app (which i don't fancy)
2. take a back up of my current web app and restore it to a new web app configured with Kerberos

That a fair summation?

Thanks,

ZaR

Author

Commented:
Sorry for the delay, had to wait for downtime to test out the theory.  

Ach1lles,  you were right.  It was still trying to crawl the URL with NTLM.  Creating a new web pplication dismounting the databases on hte old web app and remounting on the new web app with Kerberos resolved the issue.  Thank you for your assistance.  I was banging my head on the wall for several days trying to figure this out.  

ZaR
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
Great, glad it worked out.