401.1 Error when you browse a web site that is hosted on the same server 

Tags: Server 2008

This is one that has taken a few years off of my life multiple times so I have finally decided to blog about it to save a few more years in the future. When logged onto a server that is hosting a site you are trying to access, you are prompted for credentials multiple times before it finally throws a 401.1 error back at you. This is caused by what Microsoft calls "a loopback check security feature that is designed to help prevent reflection attacks on your computer". Authentication then fails if the FQDN or the custom host header that you have implemented does not match the local computer name. Microsoft has listed 2 workarounds to fix the problem, although I have only used the second method to avoid having to continually modify the registry when adding additional web sites with custom host headers to the server. Please note that Microsoft does recommend using the 1st method to resolve the issue, as you will be disabling the loopback check security feature in the 2nd method.

   

Method 1: Specify host names

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  7. Quit Registry Editor, and then restart the IISAdmin service.


Method 2: Disable the loopback check

Follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.

   

   

For complete information on this item, please visit Microsoft's KB Article 896861.

 
Posted by Pat McGown on 9-Sep-09
0 Comments  |  Trackback Url  |  Link to this post | Bookmark this post with:        
 

Links to this post

Comments

Name:
URL:
Email:
Comments: