Skip to main content

SharePoint 2013 Keeps Prompting For Credentials (DisableLoopbackCheck - BackConnectionHostNames - Logon Failure 401.1 - Access Denied )

Problem:

When you access a SharePoint site collection, it keeps on prompting for authentication and eventually give you an Access Denied error.

Reason:

This is a feature that prevents access to a web application using a fully qualified domain name (FQDN) if an attempt to access it takes place from a machine that hosts that application. The end result is a 401.1 Access Denied from the web server and a logon failure in the event log.

Solution:

There are 2 ways to solve this, (1) the correct way and (2) the fast and easy way.

 1 - The correct way (test/production servers)
Specify the host names that needs to do loop back check in the registry – BackConnectionHostNames. This is the correct way and is more secure. http://support.microsoft.com/kb/896861
 - Open regedit.exe
 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
 - Create a new multi-string value and name it "BackConnectionHostNames"
 - Type the host name of site that are referencing on the local server 
   (multiple host names must be separated by a newline)
 - Click OK and close regedit
 - You should no longer get the 401.1 Access Denied message (you may also need to restart the IISAdmin service)

 1 - The easy way (development servers)
Disable the loopback check (DisableLoopbackCheck) altogether. This puts your server in a security risk. http://support.microsoft.com/kb/896861
 - Open regedit.exe
 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
 - Create a new d-word (32-bit) and name it "DisableLoopbackCheck"
 - Edit the d-word and give it a value of 1
 - Click OK and close regedit
 - You should no longer get the 401.1 Access Denied message (you may also need to restart the IISAdmin service)

Additional info:

The event view might also give the following error.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number
Labels:

Comments

Post a Comment

Popular posts from this blog

Azure DevOps - Gantt Chart

It's been a while since my last post - in the past couple of weeks I have played around with some videos of topics I find interesting. One of these topics are a very cool way of displaying a Gantt Chart upon your Azure DevOps board's. Check it out here!
14 comments
Read more

Project Server - Change field name on PDP for standard fields (like the Owner field)

Project Server - Change owner field name on PDP The field names on the PDPs (Project Detail Pages) has been preselected on the standard fields for a project. If you want to change the Owner to something else it is quite difficult. In the following i will explain how we can change this field through the Content Editor webpart. To change the owner field add a Content Editor webpart to the PDP page where the field is inserted. Select the webpart and from the ribbon select HTML->Edit HTML Source. Copy/Paste the following code into the Content Editor webpart. < script type ="text/javascript">     var old_name = "Owner" ;     var new_name = "Ansvarlig" ;     var ttnA = document.getElementsByTagName( "div" );     for ( var j = 0; j < ttnA.length; j++) {         var orig = ttnA[j].innerHTML;         var stripped = orig.replace( /^\s*/ , "" ).replace( /\s*$/ , &quo
3 comments
Read more

PowerShell results size unlimited/truncated - $FormatEnumerationLimit/Width

Ever experienced the problem where you run a Powershell command and you cannot see the whole result because the result is truncated. Problem: If you for example run the Test-SPsite command you might see something like the following: Site : SPSite Url=http://atlas/pwa Results : { SPSiteHealthResult Status=Passed RuleName="Conflicting Content Types" RuleId=befe203b-a8c0-48c2-b5f0-27c10f9e1622, SPSiteHealthResult Status=FailedWarning RuleName="Customized Files" RuleId=cd839b0d-9707-4950-8fac-f306cb920f6c, SPSiteHealthResult Status=Passed RuleName="Missing Galleries" RuleId=ee967197-ccbe-4c00-88e4-e6fab81145e1, SPSiteHealthResult Status=Passed RuleName="Missing Parent Content Types" RuleId=a9a6769f-7289-4b9f-ae7f-5db4b997d284, SPSiteHealthResult Status=FailedError RuleName="Missing Site Templates" RuleId=5258ccf5-e7d6-4df7-b8ae-12fcc0513ebd,
1 comment
Read more