Skip to main content

SharePoint 2013 Keeps Prompting For Credentials (DisableLoopbackCheck - BackConnectionHostNames - Logon Failure 401.1 - Access Denied )

Problem:

When you access a SharePoint site collection, it keeps on prompting for authentication and eventually give you an Access Denied error.


Reason:

This is a feature that prevents access to a web application using a fully qualified domain name (FQDN) if an attempt to access it takes place from a machine that hosts that application. The end result is a 401.1 Access Denied from the web server and a logon failure in the event log.


Solution:

There are 2 ways to solve this, (1) the correct way and (2) the fast and easy way.

1 - The correct way (test/production servers)
Specify the host names that needs to do loop back check in the registry – BackConnectionHostNames. This is the correct way and is more secure. http://support.microsoft.com/kb/896861
 - Open regedit.exe
 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
 - Create a new multi-string value and name it "BackConnectionHostNames"
 - Type the host name of site that are referencing on the local server 
   (multiple host names must be separated by a newline)
 - Click OK and close regedit
 - You should no longer get the 401.1 Access Denied message (you may also need to restart the IISAdmin service)

1 - The easy way (development servers)
Disable the loopback check (DisableLoopbackCheck) altogether. This puts your server in a security risk. http://support.microsoft.com/kb/896861
 - Open regedit.exe
 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
 - Create a new d-word (32-bit) and name it "DisableLoopbackCheck"
 - Edit the d-word and give it a value of 1
 - Click OK and close regedit
 - You should no longer get the 401.1 Access Denied message (you may also need to restart the IISAdmin service)



Additional info:

The event view might also give the following error.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number

Comments

Popular posts from this blog

Error occurred in deployment step 'Add Solution': Attempted to perform an unauthorized operation.

Received this error today when trying to create a SharePoint solution against a newly created site.


My first problem was the site was configured to use a port which was already used by another web site. Therefore the site could not start at all.

In my case both Default Web Site and SharePoint - 2000 was both using port 2000. Changing the port of Default Web Site and I was able to start the site.

However now I still received the same error message. When browsing the site I realized I did not have access to the site.

Giving access to my user and I was able to deploy the solution.

To sum up this post:
 - Check the site can start
 - Check the site can be browsed
 - Check your user have access to the site

SharePoint 2013 : Cannot connect to the targeted site.

On my Contoso environment I was trying to create a sandboxed solution. I have already configured my app domain and app management services. But when I tried to validate the site I got the following error message.
Error

Cannot connect to the targeted site. This error can occur if the specified site is not hosted on the local system. SharePoint solutions work only with locally-installed versions of SharePoint Foundation or SharePoint Server. Remote development is supported only for apps for SharePoint 2013.
If you search around the internet you will find many people suggesting to change your host file from 127.0.0.1 to the actual IP.

Solution However the solution, at least on a Contoso environment, is to type in the actual IP address in the host file.
(the IP 192.168.150.1 is the special IP for Contoso, I have 2 network adapters)
And do not forget to clear/flush the DNS cache. Now the solution can be created and validates.


PowerShell results size unlimited/truncated - $FormatEnumerationLimit/Width

Ever experienced the problem where you run a Powershell command and you cannot see the whole result because the result is truncated.

Problem: If you for example run the Test-SPsite command you might see something like the following:


Site : SPSite Url=http://atlas/pwa Results : { SPSiteHealthResult Status=Passed RuleName="Conflicting Content Types" RuleId=befe203b-a8c0-48c2-b5f0-27c10f9e1622, SPSiteHealthResult Status=FailedWarning RuleName="Customized Files" RuleId=cd839b0d-9707-4950-8fac-f306cb920f6c, SPSiteHealthResult Status=Passed RuleName="Missing Galleries" RuleId=ee967197-ccbe-4c00-88e4-e6fab81145e1, SPSiteHealthResult Status=Passed RuleName="Missing Parent Content Types" RuleId=a9a6769f-7289-4b9f-ae7f-5db4b997d284, SPSiteHealthResult Status=FailedError RuleName="Missing Site Templates" RuleId=5258ccf5-e7d6-4df7-b8ae-12fcc0513ebd, …