Identification and Root Cause Analysis

There are many reasons for this to happen but most of the time it will happen when you change the access mapping to match your domain.

For example, you might have webwfe01 as your web application in your default zone. And if you change that to www.sampleweb.com this may occur for Windows Users.

image

This is because by not having a Fully Qualified Domain name specified it's not matching with the local machine.

For example:

Your local machine can be in a domain myorg.com and the specified mapping is sampleweb.com

This will cause a LoopBack check which is true by design for security reasons.

Resolution

Microsoft specifies two methods to resolve the issue:

  1. Disable Strict Name Checking
  2. Disable Loopback Check

Reference

https://support.microsoft.com/en-us/help/896861/you-receive-error-401.1-when-you-browse-a-web-site-that-uses-integrated-authentication-and-is-hosted-on-iis-5.1-or-a-later-version

You need to do it on all SharePoint servers for safety in the future service deployments. But it is necessary for all Front End servers.

Disable Strict Name Checking in IIS

This is used fully in many scenarios. It’s more useful for disable to keep on prompting credentials in SharePoint 2013 Environment.

In this method, you need to add your domain as an exception list to IIS for not checking the FQDN for loopback.

Open the RegEdit.

image

Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Click on MSV1_0

image

Add a new Multi-String Value

image

Add BackConnectionHostNames

Then you will see that is added to the registry.

image

You can double-click and add your fully qualified domain names (one per line) that will be working as an exception.

image

Then you can save and restart the IIS.

Disable Loopback Check in IIS

This is useful in many scenarios. It’s more useful for disable to keep on prompting credentials in SharePoint 2013 Environment.

In this method, you can simply disable the check by editing the following registry key.

Open the RegEdit.

image

Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

image

Click Lsa Registry and add DisableLoopbackCheck registry key as DWORD value.

image

After adding the registry key you can find the entry as follows.

image

Then double-click the key and Enter 1.

image

Click OK.

Then restart the IIS.