For those who are not aware Internet Explorer has a security feature that by default does NOT allow non-secure content (i.e. loaded on HTTP rather than HTTPS) to be displayed on a page that is loaded securely via HTTPS.  It is a good feature because after all any website that is running securely should all be secure with not just bits and pieces that are not secure.  However I ran into a problem with our SharePoint site where someone had linked a non-HTTPS RSS feed to be displayed on a site and caused the below error message to appear every time:

I finally looked into how it can be disabled and found a couple of solutions but it is important that you judge the value of each method versus the security you may be giving up.

1. Disable this error message all together (Least Secure)
2. Utilize IE’s Security Settings to disable the warning for sites you trust or sites on your intranet. (My Choice)

So here’s how to make the changes:

Regardless of Option:

1. In Internet Explorer click “Tools”.
2. Click “Internet Options”.
3. Click the tab titled “Security”.

For Option 1:

1. Ensure the icon titled “Internet” is selected.
2. Click the “Custom Level” button.
3. Scroll about half way down to the section titled “Miscellaneous”.
4. Find the setting titled “Display mixed content”.
5. Set the setting to “Enable” (It should be set to “prompt”).
6. Click “OK” twice and restart IE, problem should be resolved.

For Option 2:

1. I would select either the “Intranet” or “Trusted Sites” icons.
   1. For more information regarding the different zones check out: http://support.microsoft.com/kb/174360
2. For our example we used the Intranet zone so only our internal systems would ignore non secure calls
   1. NOTE: If you call an outside source like RSS you may end up making these changes for both the Intranet and Trusted Sites zones so that you can add your “trusted” RSS feed to your intranet sites.  Then all you have to do is add sites to your trusted sites zone one at a time when you find a new one that is not currently in the list
3. Click the “Custom Level” button.
4. Scroll about half way down to the section titled “Miscellaneous”.
5. Find the setting titled “Display mixed content”.
6. Set the setting to “Enable” (It should be set to “prompt”).
7. Click “OK” twice and restart IE, problem should be resolved.

So the only other problem this causes, specifically in a business environment where there may be hundreds of computers to make this change.  Luckily Group Policy even in Server 2003 supports setting the intranet zones, and the sites for each.

Good Luck!

-Brent

I was working on modifying SharePoint URLs again which if your not sure how to do I have another post about that here.  My problem came up when I was updating the Shared Service Provider (SSP) The complete error message that appears in the application event log has this description:

Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. (0x80041205)

For some this is a very frustrating error message because it does not provide a whole lot of information.  The solution that solved my problem had to do with the IIS Loopback Check.  In essence the Loopback Check is designed to thwart off potential security attacks to the server.  It is important to note that this problem for me was only found while utilizing Windows Integrated Security.  The error message comes up because the Search Provider tries to login and hit the web server so much and so quickly that the server thinks it is being attacked and therefore blocks the traffic and login.

There are two options to fix this problem.  The first is to simply disable the loopback check but this poses a serious security issue if your site is heavily utilized and moreover public.  The second and more secure solution is to specify allowed sites.  I would highly suggest taking the time to add in allowed sites since with either solution you have to edit the registry.  For the actual fixes I have posted the link to the Microsoft KB article below that contains the process to follow.  The article says it only applies to IIS 5 and 6 however it resolved my problem on IIS7 as well.  I think less people would have a problem with this in SharePoint if it were titled better.

http://support.microsoft.com/kb/896861

Please let me know if this does or does not work for you

-Brent