NTLM Authentication with IIS Host Headers

A colleague and I have been working through this issue with Sharepoint for the last few days. The sharepoint website is setup to run under the hostname of the local computer: http://testserver01 A DNS record was created in a seperate dns namespace: testdomain.org . Whenever a client would hit the website: http://testserver01.testdomain.org and attempt to login with NTLM authentication, a box would pop up prompting for credentials. Entering the correct credentials would simply spit the box back up again. We tried all sorts of things with host header values but ended up finding this MSDN article (http://msdn.microsoft.com/en-us/library/cc982052.aspx) Apparently a change was made in .NET 3.5 SP1 with the HTTPWebRequest where the URL request host header is passed along with the authentication request. Since the local name of the active directory domain is actually testdomain.local, not testdomain.org, the NTLM authentication was failing trying to process requests for username@testdomain.org . The article walks you through the steps to create a registry entry of defined host headers. These host headers then are linked to the local loopback address which allow authentication to work properly. Here are the steps to add the registry key:

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. Type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the host name or the host names for the sites (the host name used in the request URL) that are on the local computer, and then click OK.
7. Quit Registry Editor, and then restart the IISAdmin service and run IISReset.

(Note: Step 7 did not allow the fix to work for us, we needed to actually reboot the server for the fix to take effect)

Advertisements

One response to “NTLM Authentication with IIS Host Headers

  1. Had similar issue with IIS on Win 7 Pro, and your registry mods fixed the issue. Thank you for sharing.

    – Dan R.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s