Enable Windows Authentication for SharePoint web application in anonymous zone
First of all anonymous SharePoint-site should have Windows Authentication enabled. Make sure that you enabled it for the web application in CA:
- Open SharePoint 2010 Central Administration
- Click Manage web applications under Application Management-section
- Select your web application's row
- Click Authentication Providers from ribbon
- Click Internet-zone (or whatever is defined for your anonymous site)
- Make sure that Enable Windows Authentication and Integrated Windows authentication are checked
- Click OK
Enable Windows Authentication for anonymous IIS web site
Second thing you need to check is the configuration of you anonymous web site under IIS. You need to check that Windows Authentication is enabled for your IIS web site. You have to perform this task to all crawl servers.
For IIS 7:
- Click Start -> Administrative Tools -> Internet Information Services (IIS) Manager
- Click Sites
- Select your anonymous site
- Double-click Authentication under IIS-section in the Features View
- Select Windows Authentication and click Enable from the Actions-pane on the right side of the window
Give full read access to default content access account
You should have a dedicated domain account that is used as a default content access account. This is important since this account is used by the crawler in any of the servers in your farm that has been assigned as crawl servers.
Default content access account needs to have Full Read-permissions to the SharePoint web application you are crawling.
- Open SharePoint 2010 Central Administration
- Click Manage web applications under Application Management-section
- Select your web application's row
- Click User Policy from the ribbon
- Click Add Users
- Click Next
- Input your default content access account to Users-box
- Select Full Read under Permissions
- Click Finish
You need to define a default content access account in the Search Administration.
- Open SharePoint 2010 Central Administration
- Click Manage service applications under Application Management-section
- Click Search Service Application to open Search Administration
- In System Status-panel you will see Default content access account. Click on the right side of that row to define an suitable account
- Input your default content access account and password and click OK
That's it! Start a full crawl for your content source and you should see anonymous items crawled successfully.