OK so the user can access the file, but not search for it.
Worth checking - the question is posted to the right group.
Unless someone else reading this can help,
I think you will have to do some experimentation.
But I'm not sure where to start.
Have Catalog Properties turned up as normal in the MMC ?
That is a good indicator that catalog build is successful,
and it is purely a query problem.
Google turned up "Security Tips"
http://msdn2.microsoft.com/en-us/library/ms689651.aspx
"Indexing Service fully respects NTFS security. As long as the catalog is on
an NTFS drive, users will not see documents in the results list if they do
not have permission the appropriate permission. Note that this is only true
for local NTFS volumes.
If you index a universal naming convention share, users will be able to see
documents on that share in the results list, whether they have permission or
not. They might be able to open the documents, depending on their
permissions, essentially bypassing security. "
That surprises me, and suggests your users might see more results, rather
than nothing !
Very odd !
There may be some fundamental change in the way permissions work 2000 - 2003.
It might be worth seeing if you can sit at the windows 2000 server,
connect to the share on the Windows 2003 server via UNC, create a folder,
set permissions on it, create content in it, index, search and find it !
If you actually use Windows 2000 to set the permissions, that may help.
You may even have access to the user \\2000server\joe ?
I know we had some strange results from setting permissions on Windows 2000
servers from XP workstations ...
It sounds as though you may not want to use the server in the DMZ to publish
to the more secure 2003 server,
but it might help you identify the exact problem !
Sometimes permissions set with one version of Windows are not visible to
another.
I think Windows 2003 shows them in Windows 2000 style, then if you click
Advanced it shows you what is really happening in Windows 2003 style !
You may get more information about the permissions using the command-line
tools CACLS & XCACLS (2003 Resource Kit Tools download ?)
There is another usenet news group
microsoft.public.win2000.file_system
that may help more if you are convinced it is an NTFS problem.
If you do have to copy files around it's worth tracking down RoboCopy
version XP026, not the Win2003 RK Tools one !
(Buy "Windows XP Resource kit", or download & install
http://codegallery.gotdotnet.com/robocopygui and look in your 'Documents &
settings'.)
Windows 2003 is more locked-down (securely configured) by default.
I'm sure there is a list of changes published on MS site - might be worth
finding ?
Maybe upgrading the Windows 2000 server to 2003 might be worth considering ?
Post by May RI'll try to explain better
1.- I have a web Server with Windows 2003 (Server A) in zone DMZ1.
The role of the Server is "member".
This Server has a Share (\\ServerA\News), that it's also an IIS virtual
directory of server A.
"Joe" (local user) is Administrator of Server A.
2.- Server B is in DMZ2.
It is an Index Server with W2K.
Server B has a local user "Joe".
User "Joe" of Server A has the same password of user "Joe" of B.
3. I want to index in the Index Server (B), the Share of Server A using
credentials of User "Joe".
It's: \\ServerA\News.
I have verified that from Server A (Explorer, Tools, Map a network disk)
I can map \\ServerA\News with the user "Joe". It works.
4.- I Stop the Index Service in Server B and I Start it again.
It seems that there are X documents to be indexed. After indexing the
documents, I try to find them using the "Query to Catalog" from the MMC.
There are no results.
5.- Previously the Server A was a W2K server and everything was fine
using exactly the same configuration.
The key point is that now the "Query to catalog" doesn't work.
It seems that there is something in W2003 different that when it was
with W2k.
5.- In the firewall the ports and the protocols between the servers are
open to allow this architecture work perfectly.
Best regards,
May.
Post by Gang_WarilyHi May
I don't feel like I've managed to help you.
I can't help more without more information.
That is why I ask so many questions.
I still can't tell if it is an Indexing Service problem (cataloging or
querying),
or a file access problem (permissions),
or a server communication problem (ping/firewall).
Even if you post your problem to another group,
they will still need the same information !
do you understand 'ping' ?
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/iitrblsh.mspx?mfr=true
Eric
Post by May RI'm doing like this article.
Local user id on each machine with the same user id with same password
This user is local administrator in both servers. He has all permissions in
the remote server to index the remote server. in windows 2000 all of things
were working ok but the problem like I said you before appears when i change
the server
I think that maybe is by the security of windows 2003 or the authentication
or something like this.
Thanks for your attention
Post by Gang_WarilyPost by May RThis is a local administrator user that exists in the both servers.
Do you mean that user "\\2000server\localadmin" has rights to access the
file UNC path "\\2003server\share\folder\file.ext" ?
I thought that 'local' meant the user wasn't available to other servers ?
If user "\\2000server\localadmin" can access files which have permissions
granted to user "\\2003server\localadmin", then that might just work by
accident, if both users have the same password. I would be surprised, though
- I would hope Microsoft fixed that long ago ! Maybe that is the change in
2000->2003 ?
And what are the queries ?
And what response do you get ?
And does the catalog build seem to have worked ?
If not,
Has the firewall been updated, or does the new server have the same IP
address & ports as the old one ?
Can you 'ping' from one to the other ?
Can the user access the files from the other computer ?
Eric
Post by May RUNC files are files in another server with windows 2003
Yes my index server and catalog are on a windows 2000 server, but i want to
index a physical path like this:"\\server\path" that exists on a diferent
server with windows 2003.
This is a local administrator user that exists in the both servers.
Post by Gang_WarilyHi May
What queries ?
What do you mean by "UNC Files " - on another server ?
I think you mean your catalog & search process are on a windows 2000 server,
accessing files to be searched on a different server with Windows 2003.
"same problem" - same as what ?
Are you indexing a website virtual root (vpath) or physical root (path) ?
Does the catalog build look OK - about the right number of documents ?
Eric
Post by May RI have the same problem. The queries do not return any results.
I have two servers in two different networks. One server with w2k and
index server and the remote server that is a server with windows 2003.
This is the file server that I want to index.
I have the same account with the same name and password on both servers
the windows 2000 (indexing server) and the remote machine (windows 2003)
with exactly the same username and password.
With the two servers with w2k the queries were OK but now the queries do
not return any results.
Thank you
May