Loopback DNS entries in hosts file causing print spooler problems

jrmcanada2
jrmcanada2 used Ask the Experts™
on
I've added this line to my hosts file to allow me to simulate being on a client's network:

127.0.0.1  abc-server

But when I try to open \\abc-server, Windows asks me for credentials and rejects my account credentials.

After some research, I added HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck to the registry with value 1. This resolved my problem but created another one.

My print spooler keeps locking up. And then any program that is attempting to access a printer also freezes up. If I stop the print spooler service, the programs come back to life but, of course, I can't print.

The print spooler problem goes away when I remove the above registry entry but then the credentials problem returns.

Any help would be greatly appreciated.

I'm using Windows 10.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Peter HutchisonSenior Network Systems Specialist

Commented:
127.0.0.1 should only be used for 'localhost' only (which is your PC)  and should not be redirected. You should use an actual valid public / private ip address with the server name.
e.g.
192.168.0.10 abc-server
Distinguished Expert 2017

Commented:
on which system did you add the hosts entry?
Which OS is running on the server?
You are saying, you had a problem, and you used step 1 to address it.
You then have issue two, and you made a change.

Including the scenario of your setup, and issues you ran into might help understand your situation.
Without this it is not clear what issue you are trying to solve.
Reversing back from your solution attempts back to the problem is not possible for me.

Author

Commented:
I'll try to give a clearer explanation.

There is only one computer involved in this scenario: my personal notebook.

I'm attempting to simulate accessing a client's server. The server's name is \\abc-server. But since I'm not on their network, I want to simulate accessing it by pointing \\abc-server to my notebook.

To do that, I added 127.0.0.1 abc-server to my hosts file.

Now in Windows (on my notebook) I try to open \\abc-server and I get a dialog box saying "Windows security. Enter network credentials." But it rejects my credentials.

I found an online article saying Microsoft had tightened up security and now rejects these kinds of loopbacks by default but that we can re-enable them by making the registry entry I noted above. So I made that registry entry and then I could access \\abc-server (it would point to my notebook as desired).

However, once that was done, the print spooler kept locking up. So I removed the registry entry and the print spooler problem went away but the credentials problem returned.

So at the moment I can resolve either problem but not both. Creating the registry entry fixes the credentials problem but causes the print spooler problem. Removing the registry entry fixes the print spooler problem but then the credentials problem comes back.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Distinguished Expert 2017

Commented:
Unfortunately, you are not making it clear as to what you are trying to do.

You can setup a virtual server by downloading an eval version of Windows server..

What is the issue that you are looking to resolve in the real environment?
What is the issue at hand?

I.e. The client is trying X but fails.
I got that you are trying to use your own notebook to mimic the behavior in order to determine the solution.

What is the environment you are trying to mimic?
Is this an AD setup?
If not, are there changes in the environment I.e. A new set of computers, etc.

Author

Commented:
I will explain why I'm trying to do this.

I'm developing software that links to files on the server. The software is being used live on the client's network and the files it points to are in a variety of folders. For example \\abc-server\invoices

But I'm doing the development on my laptop and I'm usually not at the client's site. And so when the software looks for \\abc-server\invoices it doesn't find it.

So I added 127.0.0.1 abc-server to my notebooks hosts file so that when the software goes to \\abc-server\invoices, it DOES find the folder. This way when I'm doing development on my laptop, the software works (and finds the test files on my notebook) and when I install it at the client, it also works for all their users because then it sees the actual \\abc-server.

Until recently, you could add lines like that to your hosts file without any problems. But now it creates that credentials problem.

I realize I could devise an entirely new approach to the situation and I might end up having to do that.

But if this credentials issue can be resolved, that would provide me with a very simple way to deal with the problem. Also, I have this exact problem with multiple clients and multiple developers so that is one of the reasons I like the hosts file approach so much - it would allow us all to resolve this problem for all the clients and all the developers relatively simply. I can think of entirely new approaches that would work (and I might have to resort to one of them) but they would be a lot more work. So I'm hoping there's a relatively simple fix for this credentials problem.
Distinguished Expert 2017

Commented:
The option you undertook works for a web based application.
Your setup seems to manage files, using a VM with equivalent server/share setup will provide a more realistic reflection of the environment.

Point being changes you make to accommodate your current circumstance might manifest adversely when deployed in the environment.
Thanks for your time. I've located an online article that outlines the three registry entries required to eliminate this problem. I've tested it and everything is working fine for me.

If you're interested, you can find the solution at:

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02967981

Author

Commented:
But thanks again for your time. I really appreciate it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial