tech·nic·al·ly agile

Why Integrated Authentication does not work with host headers!

Discover why Integrated Authentication fails with host headers in TFS and learn how to resolve the 401.1 error for smoother access. Get insights now!

Published on
2 minute read
Image
https://nkdagility.com/resources/WqcZtyTF5t3

You receive error 401.1 when you browse a TFS  Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6

This little problem occurs when you have Windows 2003 SP1 or later installed and you try to change your Team Foundation Server to a friendly name, like say tfs01.[intranet].[company].com.

What I found was that when you tried to view tfs01.[intranet].[company].com on the local server, it popped up an authentication dialog and would not allow you in. Eventually giving you a 401 error.

I consulted with one of Aggreko’s Infrastructure Team guys, Gary Hay (no blog! Gary…Get a blog) , who when I pointed out the problem said, in way more polite terms, “WTF”!

After a surprisingly short time, he sent me a link and told me it was fixed: http://support.microsoft.com/kb/896861 

This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

First, why would you want your server called the same as your website, and second, why would you NOT be hosting multiple sites under multiple host headers on the same server. I can only think of a couple of servers I have setup that have only one site, and it is NEVER called the same thing as the server…

After some testing I found that it was indeed fixed. Now, I had this exact same problem at Merrill Lynch and even with their hundreds, if not thousands of technical folk, no one could solve the problem. Just goes to show…just coz you are big and have masses of people, does not mean you have the right people…

Why Integrated Authentication does not work with host headers!  Thanks Gary…

Technorati Tags: ALM    TFS 

Windows Troubleshooting
Comments

Related blog posts

No related videos found.

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Alignment Healthcare Logo
Epic Games Logo
Higher Education Statistics Agency Logo
Boeing Logo
YearUp.org Logo
Emerson Process Management Logo

CR2

MacDonald Humfrey (Automation) Ltd. Logo
Milliman Logo
Philips Logo
Deliotte Logo
Trayport Logo
Bistech Logo
Teleplan Logo
Capita Secure Information Solutions Ltd Logo
Kongsberg Maritime Logo
Microsoft Logo
Genus Breeding Ltd Logo
Royal Air Force Logo
Department of Work and Pensions (UK) Logo
New Hampshire Supreme Court Logo
Washington Department of Enterprise Services Logo
Washington Department of Transport Logo
Nottingham County Council Logo
Illumina Logo

CR2

YearUp.org Logo
DFDS Logo
Graham & Brown Logo
Trayport Logo