Monday, March 31, 2014

SharePoint 2013 LoopBack Check keeps prompting your for authentication

If you remotely manage your SharePoint farm you probably (see below) don't need to worry about the following, but if you remote desktop to the farm and run tests, you will find that the server keeps prompting you for additional authentication or giving you a Server 500 internal error. This is because of a "loopback" security check that recognizes that you are viewing a local website.
1.      Granularly add each SharePoint hostname or hostheader URL that you might access in a loopback fashion (in the registry)
2.      Disable the Loopback check entirely (in the registry)
 
METHOD 1:
1.      Open Regedit.exe and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
2.    Right-click MSV1_0, point to New, and then click Multi-String Value and create “BackConnectionHostNames”
3.      Right-click BackConnectionHostNames, and then click Modify and in the Value data box, type: <URL> and then press Enter.
4.      Repeat the last step for all URLs that SharePoint hosts locally
5.      IISReset /noforce on your servers will be necessary (or possibly a reboot)
 

METHOD 2:
1.      Open Regedit.exe and manually configure HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa in registry and create the dword32 for DisableLoopbackCheck, modify the value to 1
2.      OR: Use a PowerShell script (nice since you’ll probably want to do this on each Web Front End)
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword
3.      IISReset /noforce on your servers will be necessary (or possibly a reboot)
 
 Oh... and what was that probably all about earlier? Well sometimes there may be web apps that perform authenticated local referencing that need this same trick to function correctly!

No comments: