Event 2436 for SharePoint Services 3 Search

Event 2436 for SharePoint Services 3 Search

  • Comments 8
  • Likes

[Today's post comes to us courtesy of Eric Sun]

You may experience SharePoint Search issue when browsing http://companyweb on SBS 2008 server and specifically, you are seeing below 2436 errors in your Application event log every several minutes.

Log Name:      Application
Source:        Windows SharePoint Services 3 Search
Date:          4/29/2009 4:20:05 PM
Event ID:      2436
Task Category: Gatherer
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      server.domain.local
Description:
The start address <sts3s://remote.Domain.com:987/contentdbid={d4078aab- ce82-4581-8d4f-973e1e6eac23}> cannot be crawled.

Context: Application 'Search index file on the search server', Catalog 'Search'

Details:
Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content.   (0x80041205)

Cause

You receive above warning events because WSS3.0 Search service is trying to crawl the WSS content via the URL – remote.domain.com, which is mentioned in above event. Windows Server 2008 includes a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, Kerberos authentication on Default Content Access Account fails if this URL does not match the local computer name and is not registered in system as additional Service Principle Name (SPN).

Resolution

To resolve this issue, it is recommended to manually register the URL in your system, or even disable the Loopback check feature. To register this URL, please use the following steps,

Note: We recommend that you use this method.

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the URL mentioned in the above warning event, and then click OK.
  7. Quit Registry Editor, and then restart the IIS service.

If you want to disable Loopback Check feature to work around this issue, please refer to the Method 2 in the following KB article

896861 You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6

More Information

WSS3.0 Search service crawls the WSS content by default Alternate Access Mapping Zone. Not like normal WSS 3.0 website, which uses http://SiteName as the default Alternative Access Mapping, SBS 2008 server uses https://remote.domain.com:987 as the default Zone. This is by design, and we do not recommend changing it to http://companyweb, as it may break the SBS specific settings.

clip_image002

Additionally, changing the Default Content Access Account for content crawl is NOT officially supported method to work around this issue, as it has not been tested and can cause other potential issues.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Comments
  • <p>*UPDATE: Still not why the steps below work on some boxes but not others. However, the SBS team just</p>

  • <p>OK gang - The SBS team has blogged explaining where our 2436 errors come from on SBS 2008.&amp;#160; The</p>

  • <p>When posting can you include weather the issue affects sbs2003 or sbs2008 or both if you have that information? &nbsp;For those of us in the field it will help us resolve issues more quickly. &nbsp;Thanks.</p> <p>Don</p>

  • <p>I took the following steps based on 3 Microsoft articles. &nbsp;The cause of the error is from applying the patch KB957097. &nbsp;While article KB896861 discusses the full fix for this issue, it refers to KB281308 as the first step, which you didn't include in your blog post.</p> <p>--------------------------------------------</p> <p>Cause: Security Update MS08-068</p> <p><a rel="nofollow" target="_new" href="http://support.microsoft.com/kb/957097/">http://support.microsoft.com/kb/957097/</a></p> <p>--------------------------------------------</p> <p>--------------------------------------------</p> <p>Step 1: Disable Strict Name Checking</p> <p><a rel="nofollow" target="_new" href="http://support.microsoft.com/kb/281308/">http://support.microsoft.com/kb/281308/</a></p> <p>--------------------------------------------</p> <p>Locate and click the following key in the registry:</p> <p>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters</p> <p>On the Edit menu, click Add Value, and then add the following registry value:</p> <p>Value name: DisableStrictNameChecking</p> <p>Data type: REG_DWORD</p> <p>Radix: Decimal</p> <p>Value: 1 </p> <p>--------------------------------------------</p> <p>Step 2: Specify host names that are mapped to the loopback address</p> <p><a rel="nofollow" target="_new" href="http://support.microsoft.com/kb/896861">http://support.microsoft.com/kb/896861</a></p> <p>--------------------------------------------</p> <p>Locate and click the following key in the registry:</p> <p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0</p> <p>Right-click MSV1_0, point to New, and then click Multi-String Value.</p> <p>Type BackConnectionHostNames, and then press ENTER.</p> <p>In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.</p> <p>Quit Registry Editor, and then restart the IISAdmin service.</p> <p>--------------------------------------------</p> <p>The Hostname above should match that of the Event 2436 Warning you see in Event Viewer.</p> <p>I also restarted the Windows SharePoint Search service and didn't actually need a reboot, but probably not a bad idea.</p>

  • <p>Great post!</p> <p>Quick question. &nbsp;</p> <p>We have multiple aliases that are broken. &nbsp;<a rel="nofollow" target="_new" href="http://alias1">http://alias1</a>, <a rel="nofollow" target="_new" href="https://alias1.domain.com">https://alias1.domain.com</a>, <a rel="nofollow" target="_new" href="http://alias2">http://alias2</a></p> <p>How do would you type those? &nbsp;Do you create seperate values for each one or do you just hit enter after each alias/url?</p> <p>Thanks!</p>

  • <p>am also experiencing that error in my sbs 2003</p>

  • <p>Make sure you add:</p> <p>companyweb</p> <p>remote.servername.com</p> <p>servername.domainname.local</p> <p>this fixed it for us</p>

  • <p>I’ll admit this post is long overdue.&amp;#160; I’m sitting here staging a new server for a client and just</p>