Skip to main content

SharePoint 2013 Keeps Prompting For Credentials (DisableLoopbackCheck - BackConnectionHostNames - Logon Failure 401.1 - Access Denied )

Problem:

When you access a SharePoint site collection, it keeps on prompting for authentication and eventually give you an Access Denied error.

Reason:

This is a feature that prevents access to a web application using a fully qualified domain name (FQDN) if an attempt to access it takes place from a machine that hosts that application. The end result is a 401.1 Access Denied from the web server and a logon failure in the event log.

Solution:

There are 2 ways to solve this, (1) the correct way and (2) the fast and easy way.

 1 - The correct way (test/production servers)
Specify the host names that needs to do loop back check in the registry – BackConnectionHostNames. This is the correct way and is more secure. http://support.microsoft.com/kb/896861
 - Open regedit.exe
 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
 - Create a new multi-string value and name it "BackConnectionHostNames"
 - Type the host name of site that are referencing on the local server 
   (multiple host names must be separated by a newline)
 - Click OK and close regedit
 - You should no longer get the 401.1 Access Denied message (you may also need to restart the IISAdmin service)

 1 - The easy way (development servers)
Disable the loopback check (DisableLoopbackCheck) altogether. This puts your server in a security risk. http://support.microsoft.com/kb/896861
 - Open regedit.exe
 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
 - Create a new d-word (32-bit) and name it "DisableLoopbackCheck"
 - Edit the d-word and give it a value of 1
 - Click OK and close regedit
 - You should no longer get the 401.1 Access Denied message (you may also need to restart the IISAdmin service)

Additional info:

The event view might also give the following error.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number
Labels:

Comments

Post a Comment

Popular posts from this blog

Azure DevOps - Gantt Chart

It's been a while since my last post - in the past couple of weeks I have played around with some videos of topics I find interesting. One of these topics are a very cool way of displaying a Gantt Chart upon your Azure DevOps board's. Check it out here!
18 comments
Read more

How to integrate MS Planner in MS Roadmap (Gantt chart)

Hi, It is no secret i am exited about the new Roadmap service from Microsoft. Even though only limited features have been released I beleive Roadmap and the new Project home have great potential. Anyway, check out my video on how to connect Planner into Roadmap with Microsoft Flow.
10 comments
Read more

Project Server - Change field name on PDP for standard fields (like the Owner field)

Project Server - Change owner field name on PDP The field names on the PDPs (Project Detail Pages) has been preselected on the standard fields for a project. If you want to change the Owner to something else it is quite difficult. In the following i will explain how we can change this field through the Content Editor webpart. To change the owner field add a Content Editor webpart to the PDP page where the field is inserted. Select the webpart and from the ribbon select HTML->Edit HTML Source. Copy/Paste the following code into the Content Editor webpart. < script type ="text/javascript">     var old_name = "Owner" ;     var new_name = "Ansvarlig" ;     var ttnA = document.getElementsByTagName( "div" );     for ( var j = 0; j < ttnA.length; j++) {         var orig = ttnA[j].innerHTML;      ...
3 comments
Read more