Thursday, 29 August 2013

Prompt for Credentials When Accessing FQDN SharePoint Sites

After setting up NLB in SharePoint 2013,  When I access a SharePoint site with a NLB Full Internet name (Added in DNS) such as http://sharepoint.test.net, I get repeatedly prompted for credentials accept on the server where Central Admin resides.

I know the work around for the same using microsoft link.
We need to apply Disable Loop Back Check. Previously I have done for Standalone FARM server.

I have written this post to resolve few queries (Sure others also have):
1- On which servers I need to apply Disable LoopBack Check or at Back Connection Host Names.
   Because In my scenario, I have
  - One Database server (No points to think about this for loop back).
  - One Application server. AND
  - Two WFEs (Web Front End Server).
After  reviewing and surfing, I came at conclusion that we need to apply it on WFEs.
But it will be better to apply it to all servers (except database server). Sometimes you need to direct site to application server also.

Cool.
Now again one query:
I need to apply Disable Loop Back check or to use Back Conncetion Host Name.
After surfing, I found the answer at  Harber.Net site.

1- For Standalone just go with Disable LoopBack Check.
2- For Production server(Where we follow minimum 3 tier Architecture). We should not apply the above         one. Because we are unpicking a serious security check of the OS. For detail you can follow Harber.Net       excellent post.
   So here it will be better to use Back Conncetion Host Names.

Now, How can we do this. For manual setup you can use the microsoft link.
But I use PowerShell script as follows:

Open PowerShell editor and apply as follows:
1- Applying BackConncetionHostName

Get-Item -path "HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0" | new-Itemproperty -Name "BackConnectionHostNames" -Value ("sharepoint.test.net") -PropertyType "MultiString"

Change sharepoint.test.net with your FQDN.

2- Applying DisableLoopbackCheck

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword



1 comment :

  1. Wow that was strange. I just wrote an extremely
    long comment but after I clicked submit my comment didn't appear.
    Grrrr... well I'm not writing all that over again. Anyways,
    just wanted to say excellent blog!

    Also visit my page - cigarette electronique

    ReplyDelete