After installing WSS3 SP2 on a clean install of Server 2008 x86 SP2 STD, and using SQL 2008 SP1 as the backend, I could not get any search results.  The setup is about as simple of a farm installation you can get, it is for a small number of users, and demonstration purposes, so everything is installed on a single machine virtualized on an HP server running VMware ESXi 3.5.  There are two site collections using different application pools, one enabled for anonymous access, and the other not.

The search service is common to both, but the crawl account (data access) is unique.

I kept seeing the following error, even ID 2436 in the Application event logs on the server:

The start address <sts3://sharepoint.site.url/contentdbid={95260a4e-85ec-4fc9-8da6-27882bf9d8f3}> cannot be crawled.
Context: Application ‘Search index file on the search server’, Catalog ‘Search’

Details:Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has “Full Read” permissions on the SharePoint Web Application being crawled. (0x80041205)

Very frustrating.  Double and triple checked that the application pool identity was not running under a system account, and that the service was also not running under a system account, verified the crawl account had been added to all the correct sites and spaces with FULL READ access, check, check, and check.

So I turned up Object Auditing under the local security policy on the server, and also turned up both trace and event monitoring.  After two days of troubleshooting, mainlining coffee, crying, and losing about 1000 hair folicles….I found it was a .NET 3.0 SP1 issue……LoopBackChecking.

To resolve this, you must edit the registry and add a DWORD value.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

Open regedit and navigate to HKLMSYSTEMCurrentControlSetControlLsa.  Create a new DWORD value named DisableLoopbackCheck.  Modify the new value and enter a data value of (hex or Decimal) 1.

Restart the Windows SharePoint Services Search service (from the services MMC Snap-In), then run:

stsadm –o spsearch –action fullcrawlstart

If you open the Security Event Log, you should no longer see the above error.

Thanks to Trevor from http://sharepoint.nauplius.net/ for helping solve this issue.