IE8 Beta 2 - NTLM 401.1 (Not good for SharePoint developers)
Found a really annoying bug this week after upgrading one of my Windows 2003 SharePoint development Virtual Machines to IE8 Beta 2.
HTTP 401.1 - Unauthorized: Logon Failed
As most people do I make use of the HOSTS file to allow the use of FQDN to remove the need for high port numbers (i.e. http://agile.21apps.dev). First thoughts were this was down to the zone within IE, but changes here had no affect. All of the web sites continued to work in Firefox so there was no issue with SharePoint.
I eventually found the solution here http://support.microsoft.com/kb/956158/en-us which requires you to add a new registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
This problem occurs because Windows includes a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
What the problem does not explain very well is the format of the entries, they need to be without any protocol handler i.e. agile.21apps.dev (see image below).
401.1 error in IE8 Beta 2 for local domains
What this does mean is that if you add any newweb applications to you dev setup you need to edit the registry and also reboot the machine. Not ideal.
Add New Comment
Viewing 1 Comment
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Do you already have an account? Log in and claim this comment.
Add New Comment
Trackbacks
(Trackback URL)
November 18, 2008 at 2:25 pm
[...] the BlogosphereIE8 Beta 2 - NTLM 401.1 (Not Good for SharePoint Developers) (Andrew Woodward)Found a really annoying bug this ...
April 11, 2009 at 4:29 am
[...] IE8 Beta 2 - NTLM 401.1 (Not good for SharePoint developers) [...]