Server 2008 System Account - 127.0.0.1

Got an interesting one, likely due to a local/domain security policy,  but I need to know how.where this would be set (AD?)?

I am working on a customer provided 2008 server, installing a specific product.  This product reaches out periodically to the vendors license server to ensure the customer is properly licensed.    This communicates over TCP 443 and transfers a simple xml file.

This all of the sudden broke.  I noted, that the license server address is fully accessible via a web browser (it is a HTTPS page, so this is a 'legitimate test' according to the vendor.   So, I began running packet captures and  and all going through logs.  What I found, is that the service was/is utilizing the loopback interface (127.0.01) when reaching out to the server.

So, as a test, I took a local admin (non-domain) account and ahd the licensing service run under that account, as opposed to a local system account. Voila! I can now register, and in my captures and log files I see that we are using the proper interface IP.

So, TL;DR, is there a setting, either via local security or domain policies that could sandbox the service accounts to the localhost/loopback?   I could see this as being useful, and the customer is in a high-security environment, but doesn't have the greatest grasp on their Domain polices.

I will also note that they normally force a web proxy.  The local account I was using was not having that applied (but the same should be said about the local service account)
LVL 1
JamesonJendreasAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Start some browser using the system account using
psexec -s -i chrome.exe
for example (download psexec first). Now see if you have internet access when running as system.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.