Authentication Roadblock for WSS 3.0 Access on the local Server

Ran into a fun little authentication issue with IIS 7 and SharePoint recently. I installed a SharePoint farm on one machine and set up my first site collection with a custom host header. Once the site was created I was unable to access it from the host server where I was working. I received an authentication prompt three times and the browser would report that the page load was “Done” but the result was a blank page. The problem did not occur when I set up the site using the host name and a port number.

A peek in the server event logs showed my account failing the authentication with the following:

Security Log Error: 4625
Keyword: Audit Failure
Failure Reason: An Error occurred during Logon.
Status: 0xc000006d

A little Internet searching and a look at one of my favorite troubleshooting resources, www.eventid.net, resulted in a link to Microsoft KB 896861, which explains an authentication issue with Integrated Authentication and versions of IIS over 5.1.

The fix that worked for me was to disable the loopback checking, a security feature designed to prevent reflection attacks. Make the following change to the registry and everything will be right in your SharePoint world.

  1. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  2. Right-click Lsa, point to New, and then click DWORD Value.
  3. Type DisableLoopbackCheck, and then press ENTER.
  4. Right-click DisableLoopbackCheck, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Quit Registry Editor, and then restart your computer.
Advertisements

2 thoughts on “Authentication Roadblock for WSS 3.0 Access on the local Server

  1. Jennelle, you're a lifesaver.

    This was what has been killing my TFS2010 deployment – the WSS 3.0 under host header mode wasn't accessible from the server it was installed on.

    Your suggestion fixed this.

    Thanks a million!

    Regards,

    Ziga

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s