Bookmark and Share Subscribe Bookmark and Share

Categories

Advertisement



You receive an HTTP Error 401.1 error when accessing a SharePoint 2007 or SharePoint 2010 site on a web front end

Jun
04

 « »    

When attempting to view a MOSS (SharePoint) 2007 or SharePoint 2010 site locally from a Web Front End (WFE) you get an error stating: “HTTP Error 401.1 – Unauthorized: Access is denied due to invalid credentials.”

I have noticed that this happens on Windows 2003/2008 Server SP1/SP2/R2 when using Host Headers and Alternate Access Mappings on a web application in MOSS 2007. If you can access the site from remote machines and cannot access the site from the server itself, then this might be your issue.

For all my newer farm installs this includes SharePoint 2007 (MOSS) and SharePoint 2010. I use method number 2 on all SharePoint and SQL Servers in the farm.

If you cannot access the web site locally or remotely from other machines then there is an issue with security on the site and/or possibly a Kerberos related security issue

I implemented fix #2 listed in the following Microsoft KB Article. I implemented this fix on all servers in the MOSS 2007 Farm (WFE’s and Indexing/Search Server).

If using method 1, you would add all Host Headers and Alternate Access Mappings for all web applications to the BackConnectionHostNames value, then you will be able to access the sites locally from the WFE’s.

Microsoft KB Link: http://support.microsoft.com/kb/896861

Method 1: Specify host names

Note We recommend that you use this method.

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  7. Quit Registry Editor, and then restart the IISAdmin service.

 

Method 2: Disable the loopback check

Follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.

 

 




    Did I save you time and headaches? Buy me a cup of coffee.
    The more coffee I drink the more articles I can write.




9 Comments so far

  1. Awesome! Excellent article.

    • Frustrated By ShareP said:
    • Posted on September 24th, 2010 at 5:47 am
    • Reply
    • Permalink

    Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You! Thank You!

  2. indeed MOSS 2007 is a very powerful tool with all the features and functions but one thing i really hate about it is that most of the times it's asking for too much… just right during the installation there are lots of errors, error this, error that, error, error and error! and then after so many errors there you are with your MOSS 2007 and then you try to use some of its features and again there's the never ending error again… I don't know what with the Microsoft Corporation… even when passing documents again errors! i hate it!

  3. Actually on my W7 64bit / MOSS 2007 development WS works only with the second method. On W2K8 (R2) server shows the same situation. I would only recommend this on development machines.

  4. No need to reboot after setting DisableLoopbackCheck – the effect of setting that value in the registry is immediate – or at least appears to be on the 20 or so machines I've had to do that on so far…

  5. Hi, I meant to write to you before about this, but thanks for posting it. This is exactly how I fixed my issue. I actually used the 2nd method.

Leave a comment

Trackbacks on this post