Thursday, March 2, 2017

SharePoint Web site Keep on Prompting for credentials– Full Article.

This article breaks into three sections.

  • Identify and Cause

  • Add Exception to Strict Name Checking

  • Disable Loopback

Identify and Cause

There are many reasons to happen this but most of the time it will happen when you change the Access mapping to match your domain.

For an example you might have webwfe01 as your web application in your default zone. And if you change that to www.sampleweb.com this may be occurred for Windows Users.

image

This is because by not having Fully Qualified Domain name specified is not matching with the local machine.

For an Example,

Your local machine can be in a domain myorg.com and the specified Mapping is sampleweb.com

Thus this will cause LoopBack check which it true by design for security reasons.

Microsoft specifies two methods to resolve the issue.

  1. Disable Strict Name Checking

  2. Disable Loopback Check

REF: https://support.microsoft.com/en-us/help/896861/you-receive-error-401.1-when-you-browse-a-web-site-that-uses-integrated-authentication-and-is-hosted-on-iis-5.1-or-a-later-version

You need to do it all SharePoint servers for safe side in the future service deployment. But it is necessary for all Front End servers.

Disable Strict Name Checking in IIS

This is use full in many scenarios. For me it’s more use full for disable keep on prompting credentials in SharePoint 2013 Environment.

In this method you need to add your domain as an exception list to IIS for not checking the FQDN for loopback.

Open the RegEdit.

image

And navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

and click on MSV1_0

image

Then add new Multi Connection String

image

And add BackConnectionHostNames

Then you will see that is added to the registry.

image

You can double click and add your fully qualified domain names (One per line) that will be working as an exception.

image

Then you can save and restart the IIS.

Disable Loopback Check in IIS

This is use full in many scenarios. For me it’s more use full for disable keep on prompting credentials in SharePoint 2013 Environment.

In this method you can simply disable the check by editing the following registry key.

Open the RegEdit.

image

And navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

image

Click on Lsa Registry and add DisableLoopbackCheck registry key as DWORD value.

image

After adding the registry key you can find the entry as follows.

image

Then double click the key and Enter 1.

image

And click OK.

Then restart the IIS.

Post a Comment