Avoiding Local Authentication Issues with SharePoint Sites using Host Headers

All of my VPCs are children from a base VPC that I happened to name Win2k3R2Base.  At the time, it seemed pretty reasonable because I was building a base VPC for Windows 2003 R2.  But when you’re developing SharePoint web applications, it gets pretty tiring having to continually type a nasty machine name into URLs.  So I figured I would use a host header instead of the machine name to access the SharePoint site. 

After setting up a site to use a host header, however, I ran into an issue authenticating to the site.  It kept prompting me for a login and, although I was typing the correct username and password, authentication always failed, giving me the standard:

HTTP 401.1 – Unauthorized: Logon Failed

I did a bunch of checking to make sure the host headers were setup correctly, the alternative access mappings were pointing to the right place, that the host name would resolve to the right IP address, but no matter what I did, I could not access the site from the local box.  Interestingly enough, I could access the box externally using the host header without any issues (after updating the other box’s host file).  Naturally, this was a bit perturbing. 

I figured there had to be a solution for this somewhere, so I began scouring the web looking for a solution.  After a bit of searching, I found the following Microsoft Knowledge Base (KB) article that outlines the problem:


Basically, there was an update in Windows Server 2003 Service Pack 1 that adds a loopback check to help prevent reflection attacks on your computer.  Fortunately, there is a simple registry edit to avoid the loopback check on certain host names (the recommended approach) or a way to simply disable loopback checking altogether (not quite as a recommended).  Try one, and if it doesn’t work, try the next.