Content Analyzer Scheduled Job Fails to Operate Due to Registry Access (298813)

SYMPTOMS

Content Analyzer generates a report that has only one page when you run it through a schduled task. In other words, when you try to crawl (by using a schduled task) a Web site that has Basic Authentication enabled and no user is logged on to the server, the report shows that only one page was crawled.

Security Event log data shows access is denied to the system account that is attempting to access the registry for the needed information.

WORKAROUND

To work around this problem, do one of the following:

Make sure that someone is logged on to the server running Content Analyzer at all times.

-or-
Disable Basic Authentication on the Web site that you are crawling with Content Analyzer. Note that the security policy on the Web site may not allow for this option.

-or-
Use Windows 2000 and configure the Task Scheduler to start under the user account context (for example, the administrator).

RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Site Server service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:

   Date        Time      Version     Size       File name     Platform
   -------------------------------------------------------------------
   05/14/2001  03:19 PM  7.0.1318.0    410,464  Cacmd.exe     X86
   05/14/2001  03:25 PM  7.0.1318.0    456,256  Casdk.dll     X86
   05/14/2001  03:20 PM  7.0.1318.0  2,168,400  Sanalyst.exe  X86

MORE INFORMATION

For additional information on the limitations of the Task Scheduler operation under the system account for Windows NT 4.0, click the article number below to view the article in the Microsoft Knowledge Base:

223170 Task Scheduler Service Must Be Started with System Account

NOTE: The credentials that are configured for Content Analysis crawling are now stored in the following registry location:

HKEY_Local_Machine\SoftWare\Microsoft\Site Server\3.0\Analysis\CA\Legs

Prior to the release of this hotfix, the information was stored in HK_Current_user, which allowed only one user to have context access to the registry information. Although the credentials are not directly accessible because they are encrypted, Content Analysis is able to access the credentials for crawling under HKEY_Local_Machine. As a result, all users with permission to log on locally at the system can initiate Content Analysis crawl operations that use the specified credentials. To limit Web crawling using the stored credentials:

Limit physical security and log on locally privileges for users accessing the system that is running Content Analysis.Specify permissions on the registry in question, so that only the system account and appropriate administrators have access to the registry key.