Unable to authenticate to websites hosted on the IIS server itself but auth ok on any other computer

My DC is a SBS2003, my IIS is a Win Server 08 Std. I am hosting a website on the IIS 7 server which uses integrated AD logon for auth. When I started hosting the site I added the correct local DNS entries (pointing the site to the local IP rather than it going out to find the pub IP). Tested with nslookup, does bring up the correct IP.

When I hit the website from any computer on the LAN it brings up the logon box (which is what I want to happen) and once I enter any user/pass from AD it successfully passes the logon info and the site appears (works perfectly, from any computer, including the DC, all Win XP comp, all Win Vista/7 comp).

However when browsing to the same exact site on the IIS server itself, it brings up the same logon box, but then when user/pass credentials are entered and click ok, the logon box immediately comes back up and the site does not appear. After clicking ok (with good, valid, not-locked out) credentials entered, it brings up a "HTTP Error 401.1 - Unauthorized".

The HTTP error 401 page lists the following "most likely causes:"
"•The username supplied to IIS is invalid.
•The password supplied to IIS was not typed correctly.
•Incorrect credentials were cached by the browser.
•IIS could not verify the identity of the username and password provided.
•The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
•The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
•Invalid Kerberos configuration may be the cause if all of the following are true:
¿Integrated authentication was used.
¿the application pool identity is a custom account.
¿the server is a member of a domain.
of which the only reason I could possibly see as being true is the last one "invalid kerberos configuration". Has anyone noticed / run into this before?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hey there.  This is a known security "feature" that was implemented back on 2003 SP1.  I actually wrote a blog about it here that you can read about which includes the registry fix: http://www.experts-exchange.com/articles/Software/Server_Software/Web_Servers/Microsoft_IIS/Fix-401-1-Error-when-browsing-a-website-using-integrated-authentication-directly-from-the-server.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ZachToubaAuthor Commented:
... That IS the solution all right. Great article, very clear and well written. I don't know how I didn't find it when I searched for it, (I always search for a while and try different keywords before asking a new question), hopefully if someone does search they'll at least find this post with a link to your article. Thanks again!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.