Authentication Roadblock for WSS 3.0 Access on the local Server

Ran into a fun little authentication issue with IIS 7 and SharePoint recently. I installed a SharePoint farm on one machine and set up my first site collection with a custom host header. Once the site was created I was unable to access it from the host server where I was working. I received an authentication prompt three times and the browser would report that the page load was “Done” but the result was a blank page. The problem did not occur when I set up the site using the host name and a port number.

A peek in the server event logs showed my account failing the authentication with the following:

Security Log Error: 4625
Keyword: Audit Failure
Failure Reason: An Error occurred during Logon.
Status: 0xc000006d

A little Internet searching and a look at one of my favorite troubleshooting resources, www.eventid.net, resulted in a link to Microsoft KB 896861, which explains an authentication issue with Integrated Authentication and versions of IIS over 5.1.

The fix that worked for me was to disable the loopback checking, a security feature designed to prevent reflection attacks. Make the following change to the registry and everything will be right in your SharePoint world.

  1. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  2. Right-click Lsa, point to New, and then click DWORD Value.
  3. Type DisableLoopbackCheck, and then press ENTER.
  4. Right-click DisableLoopbackCheck, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Quit Registry Editor, and then restart your computer.
Advertisements

Installing IIS for SQL 2005 and SharePoint

I’ve started planning out an installation of SharePoint at work and have found myself installing some of the necessary WSS 3.0 components in the lab. I want to set up SharePoint as a small server farm on one server, which requires SQL to be pre-installed. Both SQL 2005 (if you want all the services) and WSS 3.0 require IIS, but the default installation of IIS on Windows Server 2008 does not include all the necessary components for either one.

First to support WSS 3.o, you’ll need to make sure all the components in this list are selected. But if you go with the just components on that list, you’ll still get a warning about “IIS Feature Requirement” when installing SQL 2005. Most of the necessary components overlap with WSS 3.0 except for one – HTTP Redirection – so be sure to select that one as well.

Finally, if you are looking around for some WSS 3.0 installation guides, here is a link to some of the downloadable documentation. Perfect if you are looking for some fresh reading on your Kindle.

Handy ASP.NET 2.0 Tidbit

I’ve been familiarizing myself with WSS 3.0 this week and as part of that process I’ve been doing several installation in the lab. I ran into an issue on Windows 2003 Server with the installation of .NET 3.0 Framework and ASP.NET 2.0, which are required for the installation of Windows SharePoint Services.

While I had all the components installed, the ASP.NET 2.0 appeared to be missing from IIS. Our DBA has some experience with IIS and had run into a similar problem in the past, so he had the answer for me. ASP.NET 2.0 isn’t automatically registered with IIS and that problem is easily solved by running this command:

c:\windows\microsoft.net\framework\v2.0.50727\aspnet_regiis -iru -enable

I want to keep this fix handy, since my co-worker certainly saved me some time. Figured I might as well pay it forward and share it with others who may run into the same issue.

Restoring IIS 6.0

I love the Internet. I use it every day. But when it comes to making websites work, it’s just not one of my strong areas. I’ve gone through a good portion of last decade working for smaller companies where being the “network administrator” meant being a bit of a jack-of-all-trades. While I don’t mind having to search for solutions to issues with software that I don’t use often, I’ve also learn which bits of the tech realm I’d rather leave to someone else. One of those is IIS.

However, this isn’t all about me hating on Internet Information Services. Last week, I actually had a experience restoring IIS 6.0 that was remarkably smooth and successful – restoring our company intranet to a different machine.

In order for this to be successful, I needed to have a portable backup of the metabase, my web folders and ASP 2.0 (which we needed for some small web-based applications). I was missing the ASP 2.0 on the base installation of IIS on the new server, but that was easy enough to correct. The web folders were getting backed up nightly, but I was missing the metabase, which was key to making this all go well.

Microsoft Technet had a rundown of how to backup and restore the metabase and this post from IT Solutions KB even includes screenshots of the process. All in all, the whole process took less than 10 steps, including making the initial backup. I was pleasantly surprised, since I expected IIS to be far more complex. I understand that IIS 7.0 is even easier, but I doubt it’ll make me what to deal with IIS regularly!