Disable the Loopback Check for Specific Host Names on all SharePoint Web and Application Servers

Microsoft has introduced new feature – Loopback Security Check in Windows Server 2003 SP1 to prevent access to a web application using a fully qualified domain name (FQDN) if an attempt to access it takes place from a machine that hosts that application. The end result is a 401.1 Access Denied from the web server and a log on failure in the event log.

To ensure all the calls initiated from the server itself does not result into any HTTP 401 errors in IIS logs, Microsoft has suggested to either disable loop back check security feature entirely on the SharePoint servers or configure list of URLs you want to access from server itself in 896861 KB Article – http://support.microsoft.com/kb/896861

Reference:

Production and Staging Environments

For the staging and production environment, it is recommended to configure list of URLs and web site addresses you want to exclude. Plan to disable the loopback check feature initially to ensure SharePoint sites are accessed from servers using host headers (see next step – Development and Test environments) during installation and configuration of servers and later configure list of addresses you want to exclude once SharePoint web applications are configured before go-live.

http://blogs.technet.com/b/sharepoint_foxhole/archive/2010/06/21/disableloopbackcheck-lets-do-it-the-right-way.aspx

Development and Test Environments

For the development and test environment, plan to disable the loopback check completely to enable debugging and testing locally from the server. Plan to add a DisableLoopbackCheck value to the registry under the assumption that a host header will be used. Please note DisableLoopbackCheck is not needed if you are using ServerName to refer your SharePoint URLs.

http://www.jeremytaylor.net/2010/05/24/sharepoint-disable-loopback-check-disableloopbackcheck-dword-in-registry/

  • From the Start menu, click Run and enter “regedit” to launch the Registry Editor.

DisableLoopback-1

  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa, create a DWORD for DisableLoopbackCheck and enter a value of “1” (hexadecimal).

DisableLoopback-2

DisableLoopback-3

After you enter the value, click OK to finish editing.

Advertisements
This entry was posted in SP2010 Admin, SP2013 Admin. Bookmark the permalink.

One Response to Disable the Loopback Check for Specific Host Names on all SharePoint Web and Application Servers

  1. kiquenet says:

    Any **full source code** sample script in powershell for:

    1) disable the loopback check
    2) get if the loopback check is disabled o enabled ?

    _IMHO, better samples for minimize learning curve are real applications with full source code and good patterns_

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s