SharePoint Diary » SharePoint » DisableLoopbackCheck – 401 Unauthorized / Repeated Login Prompts and Resulted Blank Page – Host Header Issue

DisableLoopbackCheck – 401 Unauthorized / Repeated Login Prompts and Resulted Blank Page – Host Header Issue

June 12, 2021 Salaudeen Rajack 0 Comments 401 unauthorized error in sharepoint 2016, sharepoint 2013 repeated login prompt, sharepoint disable loopback check powershell, sharepoint disableloopbackcheck registry key

Problem: Couldn’t Access a local SharePoint site from the server!

Today, I setup my new SharePoint 2010 development box. I made the machine as a domain controller: “Crescent.com”. Machine name was: SharePoint. After I installed SharePoint in port 80 I was accessing the SharePoint site at URL: https://sharepoint. Then I wanted to access SharePoint as: https://teamsites.crescent.com. So I created a Host record in DNS.

Once I get the URL in the browser, it was asking me the password again and again. Finally it gave the 401 unauthorized error. (In an another case, SharePoint prompted for login credentials for three times and gave blank page!) hmm.. what’s wrong with SharePoint?

Also found, SharePoint sites are not opening when you login to SharePoint server(WFE, typically) but opening elsewhere!

Solution:

Here the problem was: we need to disable the LoopBackCheck. Here is what I did.

To set the DisableLoopbackCheck registry key, follow these steps:

Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Right-click Lsa, point to New, and then click DWORD Value.
Type DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
Quit Registry Editor, and then restart IIS.

DisableLoopbackCheck with PowerShell
Why not PowerShell? Lets use PowerShell to Disable Loopback Check, so that it can be faster. Fire PowerShell console and enter:

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword

Or the secured way:

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters' -Name DisableStrictNameChecking -Value 1 -PropertyType "DWord"
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0' -Name BackConnectionHostNames -PropertyType MultiString
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0' -Name BackConnectionHostNames -Value "intranet.crescent.com"

KB: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/accessing-server-locally-with-fqdn-cname-alias-denied

This fix applies for Host headers with Local SharePoint instances. In an another case, this was due to browser setting: “Enable Integrated Windows Authentication”

BTW, If your account has been locked out in AD or you supplied wrong User ID/Password, Your Password Expired or your Account is locked out, You will face the similar issue!

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

Solution:

Related Posts

Salaudeen Rajack

Leave a Reply Cancel reply