Resolving
SharePoint Application Authentication Error: Login Failed
Problem
If you
try to log in to the SharePoint web application (http://site.company.com) using
host header on the server itself, your windows credential doesn’t work but you
can access the same site from outside. The problem happens when you create a
SharePoint web application with a host header (site.company.com) on the
SharePoint Server (Server Name: company.com) which is installed on Windows
Server 2008. This is a known issue with SharePoint 2007 or SharePoint 2010 on
the Windows Server 2008 platform and this problem is happening even with the
recent patches.
Solution
I had the
same problem before when I put the host header in for my production site and I
was unable to login from production server itself. The main reason for this
issue is that Windows includes a loopback security check feature that helps
prevent reflection attacks on your computer. Therefore, authentication fails if
the FQDN or the custom host header that you use does not match the local
computer name, as the system blocks the authentication procedure while
resolving the host header given to the web application. Additionally, you
always get the following prompt even though you put correct username and
password.
To proof
the previous statement, you have to go to the event viewer. If you check the
event viewer logs on the “Security” category, you will see something
like the one below under the Audit Failure Keyword
Check event
viewer log
- Click Start,
click Run, type eventvwr, and then click OK.
- Click on Security
under Windows Log
Do the following steps to resolve
this error by modifying the server’s registry to specify the host name. To
specify the host names that are mapped to the loopback address and that can
connect to Web sites on your computer, follow these steps:
·
Click Start, click Run,
type regedit, and then click OK.
·
In the Registry Editor, locate and then
click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0.
·
Right-click MSV1_0, point to New,
and then click Multi-String Value.
·
Type BackConnectionHostNames, and
then press ENTER.
·
Right-click BackConnectionHostNames,
and then click Modify.
·
In the Value data box, type the
host name or the host names for the sites that are on the local computer, and
then click OK.
·
Exit Registry Editor, and then restart
the computer.
The name placeholder is
considered a host header. It is an alternative name for the computer on which
Reporting Services is installed. You must add the NetBIOS and the Fully
Qualified Domain Name (FQDN) for name to the BackConnectionHostNames list that
is stored in the Windows registry.
For example, if the name is a
Windows computer name, such as contoso, the name can likely also be referenced
in FQDN form as contoso.domain.com. You must add both representations to the
list in BackConnectionHostNames.
So, the above registry
modification must be done for all other SharePoint applications which are using
Host Header.
No comments:
Post a Comment