Friday, October 07, 2011

Viewing Sharepoint sites on the Sharepoint server (disabling server loopback checks)

Its been a problem since Win2003 SP1 that you couldn’t browse to a web site hosted on Sharepoint on that server.
Ive now found this is security restriction called loopback check, where the server stops any access back to itself unless you use the server’s name in the URL.

There are two alternatives to stop this behaviour.

Option 1 - is to disable the loopback check for all sites – which should only be used on a development machine.

· In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
· Right-click Lsa, point to New, and then click DWORD Value. (In Win 2008, its DWORD 32bit)
· Type DisableLoopbackCheck, and then press ENTER.
· Right-click DisableLoopbackCheck, and then click Modify.
· In the Value data box, type 1 and then click OK.
· Quit Registry Editor.
· You may need to restart your server.

Option 2 - is to disable the loopback check for each site individually – which should be used on production machines.
· Click Start, click Run, type regedit, and then click OK.
· In Registry Editor, locate and then click the following registry key:
· HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa4.Right-click Lsa, point to New, and then click DWORD Value.
· Type DisableLoopbackCheck, and then press ENTER.
· Right-click DisableLoopbackCheck, and then click Modify.
· In the Value data box, type 1, and then click OK.
· Quit Registry Editor, and then restart your computer.


Ps I also found a related issue with respect to CNAME sharing restrictions (see this link)
HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters [DisableStrictNameChecking (DWORD) = 0x01]



Blog references
http://support.microsoft.com/kb/896861
http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx
http://platinumdogs.wordpress.com/2009/08/26/sharepoint-host-headers-and-loopback-checking/