This is known issue with SharePoint 2007 or SharePoint 2010 on
Windows Server 2008 platform and not specific to any sharepoint
application.
Problem: Your windows credential doesn’t work if you try to log in to the web application (http://contosto.company.com) on the server itself although you can access the same site from outside, when you create a SharePoint web application with a host header (contosto.company.com) on SharePoint Server (Server Name: contosto) which is installed on Windows Server 2008. This problem is happening with the recent patches.
If you check the event viewer logs on “Security” category, you will see something like the one below under Audit Failure Keyword
The main reason for this issue is Windows includes a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name as the system blocks the authentication procedure while resolving the host header given to the web application.
To resolve this issue, a modification must be done to the server's registry to specify the host name. To specify the host names that are mapped to the loopback address and that can connect to Web sites on your computer, follow these steps:
The name placeholder is considered a host header. It is an alternative name for the computer on which Reporting Services is installed. You must add the NetBIOS and the Fully Qualified Domain Name (FQDN) for name to the BackConnectionHostNames list that is stored in the Windows registry.
For example, if name is a Windows computer name, such as contoso, the name can likely also be referenced in FQDN form as contoso.domain.com. You must add both representations to the list in BackConnectionHostNames.
So, The above registry modification must be done for all other SharePoint applications which are using Host Header.
Problem: Your windows credential doesn’t work if you try to log in to the web application (http://contosto.company.com) on the server itself although you can access the same site from outside, when you create a SharePoint web application with a host header (contosto.company.com) on SharePoint Server (Server Name: contosto) which is installed on Windows Server 2008. This problem is happening with the recent patches.
If you check the event viewer logs on “Security” category, you will see something like the one below under Audit Failure Keyword
The main reason for this issue is Windows includes a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name as the system blocks the authentication procedure while resolving the host header given to the web application.
To resolve this issue, a modification must be done to the server's registry to specify the host name. To specify the host names that are mapped to the loopback address and that can connect to Web sites on your computer, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Right-click MSV1_0, point to New, and then click Multi-String Value.
- Type BackConnectionHostNames, and then press ENTER.
- Right-click BackConnectionHostNames, and then click Modify.
- In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
- Exit Registry Editor, and then restart the computer.
The name placeholder is considered a host header. It is an alternative name for the computer on which Reporting Services is installed. You must add the NetBIOS and the Fully Qualified Domain Name (FQDN) for name to the BackConnectionHostNames list that is stored in the Windows registry.
For example, if name is a Windows computer name, such as contoso, the name can likely also be referenced in FQDN form as contoso.domain.com. You must add both representations to the list in BackConnectionHostNames.
So, The above registry modification must be done for all other SharePoint applications which are using Host Header.
No comments:
Post a Comment