SharePoint 2013: Disable Loopback Check

You might encounter a very frequent problem when you are using FQDN or Custom Host Headers to access a SharePoint Site locally from the Server where it is hosted that is running on IIS 5.1 or later and get it constantly prompt for the credentials in the pop window.

Though this is very frustrating but a necessary evil that was introduced earlier with Microsoft Windows Server 2003 Service Pack 1 (SP1) and still present. This feature was designed to help prevent reflection attacks on the compute.

Reflection Attack

“In computer security, a reflection attack is a method of attacking a challenge-response authentication system that uses the same protocol in both directions. That is, the same challenge-response protocol is used by each side to authenticate the other side. The essential idea of the attack is to trick the target into providing the answer to its own challenge.

The general attack outline is as follows:
1.The attacker initiates a connection to a target.
2.The target attempts to authenticate the attacker by sending it a challenge.
3.The attacker opens another connection to the target, and sends the target this challenge as its own.
4.The target responds to the challenge.
5.The attacker sends that response back to the target on the original connection”

Source: https://en.wikipedia.org/wiki/Reflection_attack

Steps To fix this issue on Development & Non-Production Environment

Using Registry Editor

Step 1: Use Windows Icon + R to launch a Run menu

Step 2: Type the command “REGEDIT”

1

Step 3: Expand node “Computer -> HKEY_LOCAL_MACHINE -> CurrentControlSet -> Control”

2

Step 4: Locate Key by the name “Lsa” as shown below

3

Step 5: Add a new DWORD Entry

  • Select “Lsa” Key
  • On the Right Hand Side Panel create a new DWORD Entry as shown below

4

  • Enter “DisableLoopbackCheck” in Value Name field
  • Enter “1” in Value Date Field
  • Select “Hexadecimal” radio button

5

  • Click OK to save the DWORD

6

Using PowerShell Script

We can cut short the above steps by creating a DWORD Entry using PowerShell

If we see the Registry Key “Lsa” we found “DisableLoopbackCheck” DWORD is not present

7

Run the following PowerShell Command

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -value “1” -PropertyType dword

8

Once the command executed successfully you can the “DisableLoopbackCheck “ DWORD created successfully.

9

This is a simple fix to quite a frustrating issue we encountered so frequently during web development.

Hope you find it helpful.

SharePoint Online: How to Install SharePoint Online Management Shell

SharePoint Management Shell is a Windows PowerShell Module that allows managing SharePoint Users, Sites & Content in an efficient manner.

In this article we will see the steps to setup the development machines with “SharePoint Online Management Shell”.

First let’s look for the System Requirements to avoid any frustrating compatibility issues that might arise later on:

System Requirement

Supported Operating System
  • Windows 7 Service Pack 1
  • Windows 8
  • Windows Server 2008 R2 SP1
  • Windows Server 2008 Service Pack 2
  • Windows Server 2012
PowerShell
  • PowerShell 3.0

Steps to Install SharePoint Online Management Shell

Step 1: Visit the Url: https://www.microsoft.com/en-in/download/details.aspx?id=35588

Step 2: Click download button

1

Step 3: Select “sharepointonlinemanagementshell_4727-1200_x64_en-us.msi” file and click Next

2

Step 4: Run the “sharepointonlinemanagementshell_4727-1200_x64_en-us.msi” file

Step 5: Accept License Terms & Click Install Button

3

4

5

Step 6: Once the installation is complete, search for “SharePoint Online Management Shell” and launch it

6

This completes the installation of SharePoint Online Management Shell on our machine.

Now let’s try a few of the operations to verify the installation of SharePoint Online PowerShell Module

How to connect to SharePoint Online Services

Get current user credentials to connect to the SharePoint Online Services (assuming the user is having a valid SharePoint Online Account Credentials)

$userCredentials = Get-Credential

7

8

Import “Microsoft.Online.SharePoint.PowerShell” Powershell module to the Management Shell Console

Import-Module Microsoft.Online.SharePoint.PowerShell

9Connect to SharePoint Online Service by supplying Tenant Url and User Credential to the Connect-SPOService command

Connect-SPOService  -Url  https://prashantmbansal-admin.sharepoint.com -Credential $userCredentials

If you notice carefully the URL I have supplied to the Url Parameter in the above command, you will find “-admin” is added in the URL.

Actual URL of the Tenant is https://prashantmbansal.sharepoint.com but it is by convention that we much have to use “-admin” in the Host Header of URL in order to connect to the SharePoint Online Services.

That is why we have to specify the “https://prashantmbansal-admin.sharepoint.com” as Tenant URL.

10

If we forgot to follow this convention we might encounter the following error:

11

How to get the list of all the SharePoint Sites lies under current Tenancy

Once we are successfully able to Connect to SharePoint Online Services we can perform different operations on the site such as getting a list of all the SharePoint Sites available with in current tenancy by using the following command.

Get-SPOSite

12

This is just the first step to Start with PowerShell Development for the SharePoint Online Sites, but the possibilities are limitless, especially when we can combine the SharePoint Client Object Model with PowerShell Scripting Environment.

We will explore the details on CSOM based Solutions driven by PowerShell Scripts in future articles.

Hope you find it helpful.