a·gen·tic a·gil·i·ty

Why Integrated Authentication does not work with host headers!

TL;DR; Explains why Integrated Authentication fails with custom host headers on IIS, causing 401.1 errors, due to Windows loopback security checks and how to resolve it.

Published on
2 minute read
Image
https://nkdagility.com/resources/WqcZtyTF5t3
Subscribe

You receive error 401.1 when you browse a TFS Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6

This little problem occurs when you have Windows 2003 SP1 or later installed and you try to change your Team Foundation Server to a friendly name, like say tfs01.[intranet].[company].com.

What I found was that when you tried to view tfs01.[intranet].[company].com on the local server, it popped up an authentication dialog and would not allow you in. Eventually giving you a 401 error.

I consulted with one of Aggreko’s Infrastructure Team guys, Gary Hay (no blog! Gary…Get a blog) , who when I pointed out the problem said, in way more polite terms, “WTF”!

After a surprisingly short time, he sent me a link and told me it was fixed: http://support.microsoft.com/kb/896861

This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

First, why would you want your server called the same as your website, and second, why would you NOT be hosting multiple sites under multiple host headers on the same server. I can only think of a couple of servers I have setup that have only one site, and it is NEVER called the same thing as the server…

After some testing I found that it was indeed fixed. Now, I had this exact same problem at Merrill Lynch and even with their hundreds, if not thousands of technical folk, no one could solve the problem. Just goes to show…just coz you are big and have masses of people, does not mean you have the right people…

Why Integrated Authentication does not work with host headers!  Thanks Gary…

Technorati Tags: ALM   TFS

Smart Classifications

Each classification [Concepts, Categories, & Tags] was assigned using AI-powered semantic analysis and scored across relevance, depth, and alignment. Final decisions? Still human. Always traceable. Hover to see how it applies.

Subscribe

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Alignment Healthcare Logo

Alignment Healthcare

Qualco Logo

Qualco

Slaughter and May Logo

Slaughter and May

Genus Breeding Ltd Logo

Genus Breeding Ltd

Schlumberger Logo

Schlumberger

Jack Links Logo

Jack Links

Deliotte Logo

Deliotte

ProgramUtvikling Logo

ProgramUtvikling

Lockheed Martin Logo

Lockheed Martin

Cognizant Microsoft Business Group (MBG) Logo

Cognizant Microsoft Business Group (MBG)

Emerson Process Management Logo

Emerson Process Management

Milliman Logo

Milliman

Brandes Investment Partners L.P. Logo

Brandes Investment Partners L.P.

Xceptor - Process and Data Automation Logo

Xceptor - Process and Data Automation

Kongsberg Maritime Logo

Kongsberg Maritime

Hubtel Ghana Logo

Hubtel Ghana

New Signature Logo

New Signature

Flowmaster (a Mentor Graphics Company) Logo

Flowmaster (a Mentor Graphics Company)

New Hampshire Supreme Court Logo

New Hampshire Supreme Court

Royal Air Force Logo

Royal Air Force

Department of Work and Pensions (UK) Logo

Department of Work and Pensions (UK)

Ghana Police Service Logo

Ghana Police Service

Washington Department of Enterprise Services Logo

Washington Department of Enterprise Services

Washington Department of Transport Logo

Washington Department of Transport

Philips Logo

Philips

New Signature Logo

New Signature

CR2

Boxit Document Solutions Logo

Boxit Document Solutions

MacDonald Humfrey (Automation) Ltd. Logo

MacDonald Humfrey (Automation) Ltd.

Genus Breeding Ltd Logo

Genus Breeding Ltd