harbar.net component based software & platform hygiene

Crawling Kerberos Web Applications on non-default ports

Print | posted on Friday, April 02, 2010 5:48 PM

Quite a long time ago there was a comedy to and fro regarding the non-ability of SharePoint Server 2007 to crawl (or index) Web Applications on non-default ports which had been configured to use Kerberos Authentication. The upshot was that you needed to have a non Kerberos site in the default zone for the purposes of crawling.

The full details of this are posted over at TechNet: Configure Kerberos-authenticated sites for crawling.

Now of course using non default ports is really rather silly, but it happens a lot. There was also some misinformation posted over on the To the SharePoint blog regarding this issue in the Infrastructure Updates announcement.

[UPDATE: The presence of the .NET 3.5 SP1 is not the “resolution” to this problem. It appears to be just a simple SPN issue – more soon!]

The reality is that this issue has been fixed completely since 18th November 2008 – the release date of the .NET Framework 3.5 SP1. It’s these bits which enable crawling of Kerberos Web Applications using non-default ports. The original issue was down to the .NET framework, not SharePoint. (Although admittedly I've only tested on 6421 (SP2) and above).

So the approaches detailed in the TechNet article above are no longer necessary. It all just works flawlessly as it should. If you are on a recent build (and you should be!) you can ignore the article and it’s counterpart in the planning and deployment guides. Of course in SharePoint 2010 it’s also no longer an issue either.

But you still shouldn’t be creating web apps on non default ports! :)