How to Index File Shares In Untrusted Domains (298789)


The information in this article applies to:

  • Microsoft SharePoint Portal Server 2001
  • Microsoft Office SharePoint Portal Server 2003
This article was previously published under Q298789

SYMPTOMS

When you attempt to set a default content access account that resides in a domain that has no trust relationship with the domain that the Microsoft SharePoint Portal Server computer resides in, in order to index content in the untrusted domain, the procedure fails and you may receive the following error message:
The specified account information is incorrect or invalid. Confirm the correct account and password is being used.

CAUSE

This error message occurs because the search gatherer component attempts to log on with the default content access account credentials to validate them by using Windows NT LAN Manager (NTLM) authentication, and this login attempt fails if the account resides in an untrusted domain.

RESOLUTION

When you index a file share, the credentials used to access the content are those of the default content access account, or those of an alternate content access account configured in a site path rule. In order to index a file share in an untrusted domain, the credentials you specify must use either basic authentication or pass-through authentication. When you use basic authentication, credentials are sent over the network unencrypted. If you use pass-through authentication, you are able to use secure NTLM authentication.

To use a content access account in an untrusted domain, configure basic authentication by using a site path rule:

For Microsoft SharePoint Portal Server 2001:

  1. Double-click My Network Places, double-click your workspace Web folder, and then double-click Management/Content Sources.
  2. Double-click Additional Settings.
  3. Click Site Paths, and then click New.
  4. Type the path to the file share, and then click Include this path.
  5. Click Options, and then click Access Account.
  6. Type the credentials for the account in the untrusted domain, and then click Basic Authentication.

For Microsoft Office SharePoint Portal Server 2003:

  1. From your Default Web Site, click Site Settings.
  2. Click Search Settings, and then click Indexed Content.
  3. Click Configure search and indexing.
  4. Click Other Content Sources, and then click Manage Content Sources.
  5. On the menu in your content source, click Edit.
  6. Click Advanced, and then click Exclude.
  7. Click Include Content.
  8. Either create a new rule or edit an existing rule under Specify Authentication.
  9. Click Specify crawling account.
  10. Click to clear the Do not allow Basic authentication check box.


To use pass-through authentication, you must create an account by using an identical username and password in each domain. For example, suppose the account in the untrusted domain that you want to use is named Admin and has the password sps, you can then create an account of the same name and password in the domain your SharePoint Portal Server computer resides in. You are then able to set the new account in the SharePoint Portal Server domain as your default content access account. When indexing occurs, the username and password is sent over and the account in the untrusted domain that has the same credentials is used to access the content.
Modification Type:MinorLast Reviewed:4/25/2005
Keywords:kbprb KB298789
©2004 Microsoft Corporation. All rights reserved.