Tuesday, October 2, 2012

Unable to Browse SharePoint Web Site from within the Server

I came across this scenario where I cannot browse my SharePoint web application; it asks for my credentials 3 times but doesn't render the site and also doesn't show any errors. Basically I had 3 web applications in the same server; setup using host names to run on port 80. The host file (C:\Windows\System32\drivers\etc\hosts) is modified to map my web application URLs to the local loopback address.

Host file
127.0.0.1       website1.myserver.com
127.0.0.1       website2.myserver.com
127.0.0.1       website2.myserver.com

When I check the Event Viewer of the SharePoint server, I found set of Audit Failure logs which seems to be relevant to this scenario.

General
Log Name:      Security
Source:          Microsoft-Windows-Security-Auditing
Date:             9/27/2012 11:39:15 PM
Event ID:        4625
Task Category: Logon
Level:            Information
Keywords:      Audit Failure
User:             N/A
Computer:      DERDEV02.domainx.local
Description:    An account failed to log on.

Subject:
          Security ID:             NULL SID
          Account Name:         -
          Account Domain:       -
          Logon ID:                0x0

Logon Type:                      3

Account For Which Logon Failed:
          Security ID:                      NULL SID
          Account Name:                  prasadw
          Account Domain:                DOMAINX

Failure Information:
          Failure Reason:         An Error occured during Logon.
          Status:                   0xc000006d
          Sub Status:             0x0

EventData
  SubjectUserSid S-1-0-0
  SubjectUserName -
  SubjectDomainName -
  SubjectLogonId 0x0
  TargetUserSid S-1-0-0
  TargetUserName prasadw
  TargetDomainName DOMAINX
  Status 0xc000006d
  FailureReason %%2304
  SubStatus 0x0
  LogonType 3
  LogonProcessName 
  AuthenticationPackageName NTLM
  WorkstationName DERDEV02
  TransmittedServices -
  LmPackageName -
  KeyLength 0
  ProcessId 0x0
  ProcessName -
  IpAddress 127.0.0.1
  IpPort 62970

Then I found that when we use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer that is running Microsoft Internet Information Services (IIS) 5.1 or a later version, we may receive this error. It says that this issue occurs when the Web site uses Integrated Authentication and has a name that is mapped to the local loopback address. Also if we browse the Web site from a client computer, we will receive this error message.

There are 2 workarounds proposed for this error in the Microsoft Support Article ID:896861 (http://support.microsoft.com/kb/896861)
Method 1: Specify host names
  1. Set the DisableStrictNameChecking registry entry to 1.
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  4. Right-click MSV1_0, point to New, and then click Multi-String Value.
  5. Type BackConnectionHostNames, and then press ENTER.
  6. Right-click BackConnectionHostNames, and then click Modify.
  7. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  8. Quit Registry Editor, and then restart the IISAdmin service.

Method 2: Disable the loopback check
  1. Set the DisableStrictNameChecking registry entry to 1.
  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  4. Right-click Lsa, point to New, and then click DWORD Value.
  5. Type DisableLoopbackCheck, and then press ENTER.
  6. Right-click DisableLoopbackCheck, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Quit Registry Editor, and then restart your computer.

6 comments:

Arthur Wood said...

putting the essential idea first is natural for SharePoint Developer, suited to its complexity and work.

Anonymous said...

Hi amigo! You cool man, that information help me!

Unknown said...

hi,

how to make it work for all users at once?

Vitoc said...

Thank you for sharing this! Worked like a charm.

Anonymous said...

great...worked perfect.

Anonymous said...

Working 1 Method to problem NULL SID Code 0xc000005e