A colleague and I have been working through this issue with Sharepoint for the last few days. The sharepoint website is setup to run under the hostname of the local computer: http://testserver01 A DNS record was created in a seperate dns namespace: testdomain.org . Whenever a client would hit the website: http://testserver01.testdomain.org and attempt to login with NTLM authentication, a box would pop up prompting for credentials. Entering the correct credentials would simply spit the box back up again. We tried all sorts of things with host header values but ended up finding this MSDN article (http://msdn.microsoft.com/en-us/library/cc982052.aspx) Apparently a change was made in .NET 3.5 SP1 with the HTTPWebRequest where the URL request host header is passed along with the authentication request. Since the local name of the active directory domain is actually testdomain.local, not testdomain.org, the NTLM authentication was failing trying to process requests for firstname.lastname@example.org . The article walks you through the steps to create a registry entry of defined host headers. These host headers then are linked to the local loopback address which allow authentication to work properly. Here are the steps to add the registry key:
1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. Type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the host name or the host names for the sites (the host name used in the request URL) that are on the local computer, and then click OK.
7. Quit Registry Editor, and then restart the IISAdmin service and run IISReset.
(Note: Step 7 did not allow the fix to work for us, we needed to actually reboot the server for the fix to take effect)