Disable LoopbackCheck

​It´s very common that after a hard work installing and configuring a sharepoint farm, the web applications, Kerberos, sql configurations… the first time you try to access your newly created site collection from the sharepoint server the browser constantly prompt you for credentials and finally receive a 401 error.

Don’t panic, it´s normal. In fact, is security configuration of windows systems that help prevent reflection attacks on the server. For that reason, every time you try to access to a web site from the same web server host that is mapped to the local loopback address (127.0.0.1) you will get this error. From other client computer the Web Site will work.

There are two workarounds:

  1. Disable the loopback check. This way the server won´t check any connection to a host mapped to the loopback address. Just go to the Registry Editor and follow the next steps:
  • Locate and click the following key in the registry:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanServerParameters

  • On the Edit menu, click Add Value, and then add the following registry value:

o   Value name: DisableStrictNameChecking

o   Data type: REG_DWORD

o   Radix: Decimal

o   Value: 1

  • locate and then click the following registry key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa

  • Right-click Lsa, point to New, and then click DWORD Value.
  • Type DisableLoopbackCheck, and then press ENTER.
  • Right-click DisableLoopbackCheck, and then click Modify.
  • In the Value data box, type 1, and then click OK.
  • Quit Registry Editor, and then restart your computer.
  1. Specify in the registry the host names of the specific web sites you need to access from the same web server. Just go to the Registry editor and follow the steps:
  • Locate and click the following key in the registry:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanServerParameters

  • On the Edit menu, click Add Value, and then add the following registry value:

o   Value name: DisableStrictNameChecking

o   Data type: REG_DWORD

o   Radix: Decimal

o   Value: 1

  • Locate and then click the following registry key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0

  • Right-click MSV1_0, point to New, and then click Multi-String Value.Type BackConnectionHostNames, and then press ENTER.
  • Right-click BackConnectionHostNames, and then click Modify.
  • In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  • Quit Registry Editor, and then restart the IISAdmin service (You don´t need to restart the server).

This  method is more recommended, since you are specifying only the host names that are allowed to be accessed from the web server.

For more info, see the official KB articles:

http://support.microsoft.com/kb/896861

http://support.microsoft.com/kb/281308

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s