2010-10-25

Access denied when trying to crawl sps3://mydomain

I've had a lot of Access Denied messages when configuring SharePoint 2007 and SharePoint 2010, and especially when trying to switch service accounts or accounts to be used when SharePoint crawls content.

This time I got an access denied when trying to crawl sps3://mydomain. Checked account, password, assigned rights (Site Collection, Web Application Policies, etc), but everyhing looked ok. Hmmm... using Google I found and read a post in the Enterprise Search forum on msdn and this blog article.


These steps fixed my issue:

  • Go to the Service Applications page
  • Select the User Profile Service Application (NOT the link)
  • Click on the administrators button
  • Add your crawl / indexing count
  • Give it the permission: Retrieve People Data for Search Crawlers
  • Click Ok

The perform a new Full Crawl of your content source(s), and hopefully no access denied messages any more,


SharePoint 2010 User Profiles Syncronization fails

In a SharePoint 2010 installation that I recently worked we got Failures in the log when trying to perform a User Profile Syncronication. The account, domain, etc where all correct. Having Googled a bit we thought that it might be a FIM related issue.

Opening the Syncroniztion Service Manager (C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe) we found the error: "The management agent failed on run profile "DS_FULLIMPORT" because of connectivity issues." Why??

We went through the checklists, guidelines and what we had done, and everyhing looked correct; correct user account, we've set the Grant Replicate Directory Changes permission on the cn=configuration manager, the FIM services where running correctly, etc.

But of course I had missed one step (there is always something :-( ): Granting Replicate Directory Changes permission on the domain.

So you must add Replicate Directory Changes permissions both on the domain AND the confiugration container!

It's all documentet on TechNet: Configure profile syncronization.