Loopback Check and 401.1 Error

SharePoint Short #18

If you’re developing a web service for SharePoint, or trying to access one of the SharePoint web services, through server code and get a 401.1 Unauthorized exception, it’s worth checking if the status of the loopback check, especially if you’re using a host name for the site.

Since Windows 2003 (SP1) a loopback security check was added. The purpose of this check is to prevent access to the web application if there is an attempt to access it from the same server hosting the site, using a fully qualified domain name or host name.

If you’re getting this exception on a dev\test environment, the simplest solution is to disable the loopback check. Do this by opening the registry editor and navigate to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

From there, right click the LSA folder and add a new DWORD value called DisableLoopbackCheck. Set the value to 1 and then reboot the server. Do this for all Web Front Ends in the farm.

If, on the other hand, this is happening on a production environment, do not disable the loopback check as this will remove a security check that may compromise your environment. Instead, add the host names that should bypass this check by adding another key to the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

Right click the MSV1_0 folder and add a new Multi-String value called BackConnectionHostNames. Set the value to the host name you want to exclude. If there are more than one, add them on separate lines and do not include the protocol, just the host name. Reboot the server and apply this to all Web Front Ends in the farm.

For the last configuration, you could define a group policy to apply this across multiple servers, but I’ll leave that for another day!

This entry was posted in Configuration, SharePoint Shorts and tagged . Bookmark the permalink.
0 0 votes
Article Rating
Subscribe
Notify of
guest

Solve the maths problem shown below before posting: *

1 Comment
Inline Feedbacks
View all comments
anon

This is great and solved my problem (a decade later!). Thank you for posting.