Event 2436 for SharePoint Services 3 Search

[Today's post comes to us courtesy of Eric Sun]

You may experience SharePoint Search issue when browsing https://companyweb on SBS 2008 server and specifically, you are seeing below 2436 errors in your Application event log every several minutes.

Log Name:      Application
Source:        Windows SharePoint Services 3 Search
Date:          4/29/2009 4:20:05 PM
Event ID:      2436
Task Category: Gatherer
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      server.domain.local
Description:
The start address <sts3s://remote.Domain.com:987/contentdbid={d4078aab- ce82-4581-8d4f-973e1e6eac23}> cannot be crawled.

Context: Application 'Search index file on the search server', Catalog 'Search'

Details:
Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content.   (0x80041205)

Cause

You receive above warning events because WSS3.0 Search service is trying to crawl the WSS content via the URL – remote.domain.com, which is mentioned in above event. Windows Server 2008 includes a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, Kerberos authentication on Default Content Access Account fails if this URL does not match the local computer name and is not registered in system as additional Service Principle Name (SPN).

Resolution

To resolve this issue, it is recommended to manually register the URL in your system, or even disable the Loopback check feature. To register this URL, please use the following steps,

Note: We recommend that you use this method.

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the URL mentioned in the above warning event, and then click OK.
  7. Quit Registry Editor, and then restart the IIS service.

If you want to disable Loopback Check feature to work around this issue, please refer to the Method 2 in the following KB article

896861 You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6

More Information

WSS3.0 Search service crawls the WSS content by default Alternate Access Mapping Zone. Not like normal WSS 3.0 website, which uses https://SiteName as the default Alternative Access Mapping, SBS 2008 server uses https://remote.domain.com:987 as the default Zone. This is by design, and we do not recommend changing it to https://companyweb, as it may break the SBS specific settings.

clip_image002

Additionally, changing the Default Content Access Account for content crawl is NOT officially supported method to work around this issue, as it has not been tested and can cause other potential issues.