SharePoint Authentication prompt

SharePoint Windows Authentication fails on other addresses than localhost

This post describes how to fix Windows Authentication on a SharePoint server failing on other addresses than localhost.

Symptoms

You get the standard Windows/Basic Authentication prompt when accessing your SharePoint site, but the site won’t accept your credentials when your accessing the site using an address like http://website. However, using address like http://localhost works fine (but of course may cause other problems).

You also get event log entries like this (most likely in System -category):

The program w3wp.exe, with the assigned process ID, could not authenticate locally by using the target name HTTP/WEBSITENAME.

Cause: IIS won’t accept Windows Authentication for a local host name

Even though you have an entry in hosts-file for the address, and you have correctly created SharePoint AAM, and even have the correct Site Bindings in IIS, it appears IIS isn’t necessarily willing to authenticate you using a host header that isn’t found from the DNS but rather is local.

Solution

This might rather be a workaround, and I wouldn’t necessarily do this in production (at least you should have your dns set up correctly in production!), but you can bypass this little security feature by making the following registry change:

  1. Go to REGEDIT and open the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  2. Right click MSV1_0 –> New -> Multi-String Value
  3. Type BackConnectionHostNames and click Enter.
  4. Right click on newly created value and select Modify.
  5. Enter the hostname of the site: WEBSITENAME (and on a new line enter the FQDN, WEBSITENAME.domain.com)
  6. Restart IIS

For us the registry entry looked something like this:

d3d641dcb1[1]

Authentication should work now.

The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

2 thoughts on “SharePoint Windows Authentication fails on other addresses than localhost

  1. Hello, interesting post, but on which SharePoint versions does this work on? I didn’t get it to work on my MOSS dev box.

    Thanks,
    -Dave

    1. Hey Dave,

      This tip works on at least SharePoint 2010, but I suppose it should work on others as well. I’ll see if I can test it out on other platforms as well.

      On an unrelated notice, thanks to your comment I realized this blog theme seems to hide all the tags from my posts. I had the post tagged “SharePoint 2010” but it seems hidden – I suppose I’ll need to switch themes soon.

Let me know your thoughts!