Skip to main content

SharePoint 2013 Keeps Prompting For Credentials (DisableLoopbackCheck - BackConnectionHostNames - Logon Failure 401.1 - Access Denied )

Problem:

When you access a SharePoint site collection, it keeps on prompting for authentication and eventually give you an Access Denied error.

Reason:

This is a feature that prevents access to a web application using a fully qualified domain name (FQDN) if an attempt to access it takes place from a machine that hosts that application. The end result is a 401.1 Access Denied from the web server and a logon failure in the event log.

Solution:

There are 2 ways to solve this, (1) the correct way and (2) the fast and easy way.

 1 - The correct way (test/production servers)
Specify the host names that needs to do loop back check in the registry – BackConnectionHostNames. This is the correct way and is more secure. http://support.microsoft.com/kb/896861
 - Open regedit.exe
 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
 - Create a new multi-string value and name it "BackConnectionHostNames"
 - Type the host name of site that are referencing on the local server 
   (multiple host names must be separated by a newline)
 - Click OK and close regedit
 - You should no longer get the 401.1 Access Denied message (you may also need to restart the IISAdmin service)

 1 - The easy way (development servers)
Disable the loopback check (DisableLoopbackCheck) altogether. This puts your server in a security risk. http://support.microsoft.com/kb/896861
 - Open regedit.exe
 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
 - Create a new d-word (32-bit) and name it "DisableLoopbackCheck"
 - Edit the d-word and give it a value of 1
 - Click OK and close regedit
 - You should no longer get the 401.1 Access Denied message (you may also need to restart the IISAdmin service)

Additional info:

The event view might also give the following error.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number
Labels:

Comments

Post a Comment

Popular posts from this blog

Azure DevOps - Gantt Chart

It's been a while since my last post - in the past couple of weeks I have played around with some videos of topics I find interesting. One of these topics are a very cool way of displaying a Gantt Chart upon your Azure DevOps board's. Check it out here!
18 comments
Read more

How to integrate MS Planner in MS Roadmap (Gantt chart)

Hi, It is no secret i am exited about the new Roadmap service from Microsoft. Even though only limited features have been released I beleive Roadmap and the new Project home have great potential. Anyway, check out my video on how to connect Planner into Roadmap with Microsoft Flow.
9 comments
Read more

Project online sync to Outlook

Project online sync to Outlook Ever since the "Sync to Outlook" button have been disabled I have looked for other ways to do this. The other day I found a way for a project manager to do this - it requires a little bit of configuration though. In the following we will create a calendar for one project and have the team members connect to that project. SharePoint calendar On your project site create a new calendar. Give it the same name as your project. Flow -> As a project manager go to Flow and create a new blank flow: https://emea.flow.microsoft.com/  Insert a new trigger of the type "When a new task is created". Type in your PWA URL. Insert a new condition and configure it match your project name. If the condition is not met let the flow exit without any further steps. If the condition is met configure the flow to create a new SharePoint list item and chose your calendar as the list. Set the start, end and title t...
6 comments
Read more