SharePoint 2013: Disable Loopback Check

You might encounter a very frequent problem when you are using FQDN or Custom Host Headers to access a SharePoint Site locally from the Server where it is hosted that is running on IIS 5.1 or later and get it constantly prompt for the credentials in the pop window.

Though this is very frustrating but a necessary evil that was introduced earlier with Microsoft Windows Server 2003 Service Pack 1 (SP1) and still present. This feature was designed to help prevent reflection attacks on the compute.

Reflection Attack

“In computer security, a reflection attack is a method of attacking a challenge-response authentication system that uses the same protocol in both directions. That is, the same challenge-response protocol is used by each side to authenticate the other side. The essential idea of the attack is to trick the target into providing the answer to its own challenge.

The general attack outline is as follows:
1.The attacker initiates a connection to a target.
2.The target attempts to authenticate the attacker by sending it a challenge.
3.The attacker opens another connection to the target, and sends the target this challenge as its own.
4.The target responds to the challenge.
5.The attacker sends that response back to the target on the original connection”

Source: https://en.wikipedia.org/wiki/Reflection_attack

Steps To fix this issue on Development & Non-Production Environment

Using Registry Editor

Step 1: Use Windows Icon + R to launch a Run menu

Step 2: Type the command “REGEDIT”

1

Step 3: Expand node “Computer -> HKEY_LOCAL_MACHINE -> CurrentControlSet -> Control”

2

Step 4: Locate Key by the name “Lsa” as shown below

3

Step 5: Add a new DWORD Entry

  • Select “Lsa” Key
  • On the Right Hand Side Panel create a new DWORD Entry as shown below

4

  • Enter “DisableLoopbackCheck” in Value Name field
  • Enter “1” in Value Date Field
  • Select “Hexadecimal” radio button

5

  • Click OK to save the DWORD

6

Using PowerShell Script

We can cut short the above steps by creating a DWORD Entry using PowerShell

If we see the Registry Key “Lsa” we found “DisableLoopbackCheck” DWORD is not present

7

Run the following PowerShell Command

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -value “1” -PropertyType dword

8

Once the command executed successfully you can the “DisableLoopbackCheck “ DWORD created successfully.

9

This is a simple fix to quite a frustrating issue we encountered so frequently during web development.

Hope you find it helpful.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s