MS IIS7 - loopback on Authentication of Virtual Directory

I have some site "site1" and Virtual Directory under it "VD1".
I set Anonymous authentication on "site1" and Windows Integrated on "VD1".
Despite I put correct user and password, it seems forever loop of such user/pass prompt is happening.

Why? How to disable it?

LVL 1
longjumpsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brad HoweDevOps ManagerCommented:
You settings should be fine.

SITE can be anon with windows disabled
VD1 can be anon disabled with windows

In this case only VD1 should prompt for authentication.

How are you accessing the application?  http://server.ip.addr/VD1/page.aspx, http://servername/VD1/page.aspx?

Have you tried adding the Web site to the list of trusted intranet sites?

If you attempt it from the server itself using a local account does it authenticate?

let us know,
Hades666
0
longjumpsAuthor Commented:
Yes I get Authentication of VD1, only (I guess...)

I browse application as http://site1/VD1/  or http://site1/VD1/mypage.html

I added to trusted sites, but didn't help.

I succeed to browse this only from outside of the server.
However once I am inside of this server never ended loop of Authentication is going ...

Please advice.
 
0
Brad HoweDevOps ManagerCommented:
It is Microsofts Loopback authentication. Happens frequently with Sharepoint.

So if it works even when you try from a host that is not the server itself. If this is a Production server then option 1 is preferred where you add the .

http://support.microsoft.com/kb/896861

Else you can disable the loopback check.

Option 2: Add this registry entry manually
 
1. Click Start, click Run, type regedit, and then click OK

2. In Registry Editor, locate the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

3. Right-click Lsa, point to New, and then click DWORD Value. (In Win 2008, its DWORD 32bit)
       Type DisableLoopbackCheck, and then press ENTER.

4. Right-click DisableLoopbackCheck, and then click Modify.
       In the Value data box, type 1 and then click OK.

5. Quit Registry Editor.

6. You may need to restart your server.

Cheers,
Hades666
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

FastFngrzCommented:
As long as the server isn't internet exposed, DisableLoopbackCheck is cool, but is a risk.  You might want to consider only 'opening' up the DNS name of the site, rather than disabling it all.  
0
longjumpsAuthor Commented:
Great!

Just 2 words what is "Microsofts Loopback authentication" and why it may be required?
0
FastFngrzCommented:
It's a fix that MS put in several years ago to prevent a hacker from using an IIS page to authenticate against the server itself (locally) and gain access to additional resources.  NTLM authentication is disabled for any name except the NETBIOS name of the server.  Most webservers use an alternate name "http://intranet" as opposed to "http://spwfe01".  

Everything works fine from a client machine using the DNS name, but the server itself cannot use that alternate name unless you specifically allow it or disable the check.

It often hoses SharePoint seach too!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.