a·gen·tic a·gil·i·ty

Why Integrated Authentication does not work with host headers!

Explains why Integrated Authentication fails with custom host headers on IIS, causing 401.1 errors, due to Windows loopback security checks and how to resolve it.

Published on
2 minute read
Image
https://nkdagility.com/resources/WqcZtyTF5t3
Subscribe

You receive error 401.1 when you browse a TFS Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6

This little problem occurs when you have Windows 2003 SP1 or later installed and you try to change your Team Foundation Server to a friendly name, like say tfs01.[intranet].[company].com.

What I found was that when you tried to view tfs01.[intranet].[company].com on the local server, it popped up an authentication dialog and would not allow you in. Eventually giving you a 401 error.

I consulted with one of Aggreko’s Infrastructure Team guys, Gary Hay (no blog! Gary…Get a blog) , who when I pointed out the problem said, in way more polite terms, “WTF”!

After a surprisingly short time, he sent me a link and told me it was fixed: http://support.microsoft.com/kb/896861

This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

First, why would you want your server called the same as your website, and second, why would you NOT be hosting multiple sites under multiple host headers on the same server. I can only think of a couple of servers I have setup that have only one site, and it is NEVER called the same thing as the server…

After some testing I found that it was indeed fixed. Now, I had this exact same problem at Merrill Lynch and even with their hundreds, if not thousands of technical folk, no one could solve the problem. Just goes to show…just coz you are big and have masses of people, does not mean you have the right people…

Why Integrated Authentication does not work with host headers!  Thanks Gary…

Technorati Tags: ALM   TFS

Windows Troubleshooting
Subscribe

Related Blog

No related videos found.

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

ALS Life Sciences Logo

ALS Life Sciences

Teleplan Logo

Teleplan

YearUp.org Logo

YearUp.org

Brandes Investment Partners L.P. Logo

Brandes Investment Partners L.P.

Alignment Healthcare Logo

Alignment Healthcare

Milliman Logo

Milliman

Freadom Logo

Freadom

DFDS Logo

DFDS

Bistech Logo

Bistech

Hubtel Ghana Logo

Hubtel Ghana

Boeing Logo

Boeing

Graham & Brown Logo

Graham & Brown

Ericson Logo

Ericson

Emerson Process Management Logo

Emerson Process Management

NIT A/S

Kongsberg Maritime Logo

Kongsberg Maritime

SuperControl Logo

SuperControl

Philips Logo

Philips

Washington Department of Enterprise Services Logo

Washington Department of Enterprise Services

Nottingham County Council Logo

Nottingham County Council

Department of Work and Pensions (UK) Logo

Department of Work and Pensions (UK)

New Hampshire Supreme Court Logo

New Hampshire Supreme Court

Washington Department of Transport Logo

Washington Department of Transport

Ghana Police Service Logo

Ghana Police Service

Brandes Investment Partners L.P. Logo

Brandes Investment Partners L.P.

Big Data for Humans Logo

Big Data for Humans

Graham & Brown Logo

Graham & Brown

Genus Breeding Ltd Logo

Genus Breeding Ltd

Flowmaster (a Mentor Graphics Company) Logo

Flowmaster (a Mentor Graphics Company)

Schlumberger Logo

Schlumberger