I run into a problem of accessing a SharePoint site which was setup using host headers instead of host name plus port number. When I tried to access the site locally on the server, I was asked to provide authentication information. Even the correct login name and password were given, the server failed to authenticate.
The same site can be accessed from another computer without any problem.
After some research, I found out this is a result of loopback security check that exists from Windows Server 2003 SP1 and later. Micsoft described this feature in the following articles:
http://support.microsoft.com/kb/926642
http://support.microsoft.com/kb/896861
Microsoft also give workaround to fix this issue. The following is a copy and paste from the two articles:
Method 1: Specify host names
Note We recommend that you use this method.
To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
Quit Registry Editor, and then restart the IISAdmin service.
Method 2: Disable the loopback check
Follow these steps:
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Right-click Lsa, point to New, and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
Quit Registry Editor, and then restart your computer.
We took the first approach - specifying host names in the BackConnectionHostNames entry and our issue was solved.
Friday, 21 August 2009
Subscribe to:
Posts (Atom)