This post describes how to fix Windows Authentication on a SharePoint server failing on other addresses than localhost.
You get the standard Windows/Basic Authentication prompt when accessing your SharePoint site, but the site won’t accept your credentials when your accessing the site using an address like http://website. However, using address like http://localhost works fine (but of course may cause other problems).
You also get event log entries like this (most likely in System -category):
The program w3wp.exe, with the assigned process ID, could not authenticate locally by using the target name HTTP/WEBSITENAME.
Cause: IIS won’t accept Windows Authentication for a local host name
Even though you have an entry in hosts-file for the address, and you have correctly created SharePoint AAM, and even have the correct Site Bindings in IIS, it appears IIS isn’t necessarily willing to authenticate you using a host header that isn’t found from the DNS but rather is local.
This might rather be a workaround, and I wouldn’t necessarily do this in production (at least you should have your dns set up correctly in production!), but you can bypass this little security feature by making the following registry change:
- Go to REGEDIT and open the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Right click MSV1_0 –> New -> Multi-String Value
- Type BackConnectionHostNames and click Enter.
- Right click on newly created value and select Modify.
- Enter the hostname of the site: WEBSITENAME (and on a new line enter the FQDN, WEBSITENAME.domain.com)
- Restart IIS
For us the registry entry looked something like this:
Authentication should work now.
Latest posts by Antti K. Koskela (see all)
- How to fix an Office Group with no Owners - November 14, 2018
- Help! My “Content and Structure” page in SharePoint Online is gone! - November 7, 2018
- Thanks for coming to my session at SPS New England 10/20 ! - October 20, 2018
- Speaking at SPS New England on 10/20! - October 17, 2018