DisableLoopbackCheck – 401 Unauthorized / Repeated Login Prompts and Resulted Blank Page – Host Header Issue
Problem: Couldn’t Access a local SharePoint site from the server!
Today, I setup my new SharePoint 2010 development box. I made the machine as a domain controller: “Crescent.com”. Machine name was: SharePoint. After I installed SharePoint in port 80 I was accessing the SharePoint site at URL: https://sharepoint. Then I wanted to access SharePoint as: https://teamsites.crescent.com. So I created a Host record in DNS.
Once I get the URL in the browser, it was asking me the password again and again. Finally it gave the 401 unauthorized error. (In an another case, SharePoint prompted for login credentials for three times and gave blank page!) hmm.. what’s wrong with SharePoint?
Also found, SharePoint sites are not opening when you login to SharePoint server(WFE, typically) but opening elsewhere!
Solution:
Here the problem was: we need to disable the LoopBackCheck. Here is what I did.
To set the DisableLoopbackCheck registry key, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Quit Registry Editor, and then restart IIS.
DisableLoopbackCheck with PowerShell
Why not PowerShell? Lets use PowerShell to Disable Loopback Check, so that it can be faster. Fire PowerShell console and enter:
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword​
Or the secured way:
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters' -Name DisableStrictNameChecking -Value 1 -PropertyType "DWord"
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0' -Name BackConnectionHostNames -PropertyType MultiString
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0' -Name BackConnectionHostNames -Value "intranet.crescent.com"
This fix applies for Host headers with Local SharePoint instances. In an another case, this was due to browser setting: “Enable Integrated Windows Authentication”
BTW, If your account has been locked out in AD or you supplied wrong User ID/Password, Your Password Expired or your Account is locked out, You will face the similar issue!