SharePoint Troubleshooting: web site keeps prompting for credentials
Identification and Root Cause Analysis
There are many reasons for this to happen but most of the time it will happen when you change the access mapping to match your domain.
For example, you might have webwfe01 as your web application in your default zone. And if you change that to www.sampleweb.com this may occur for Windows Users.
https://lh3.googleusercontent.com/-k3ownzbC74g/WLgGuUKZbgI/AAAAAAAAPkM/WZM79a3DRng/image_thumb%25255B13%25255D.png?imgmax=800
This is because by not having a Fully Qualified Domain name specified it's not matching with the local machine.
For example:
Your local machine can be in a domain **myorg.com **and the specified mapping is sampleweb.com
This will cause a LoopBack check which is true by design for security reasons.
Resolution
Microsoft specifies two methods to resolve the issue:
- Disable Strict Name Checking
- Disable Loopback Check
Reference
You need to do it on all SharePoint servers for safety in the future service deployments. But it is necessary for all Front End servers.
Disable Strict Name Checking in IIS
This is used fully in many scenarios. It’s more useful for disable to keep on prompting credentials in SharePoint 2013 Environment.
In this method, you need to add your domain as an exception list to IIS for not checking the FQDN for loopback.
Open the RegEdit.
https://lh3.googleusercontent.com/-l5IlUzOVCIo/WLgGvoNUB3I/AAAAAAAAPkU/8NvNRHgOKtU/image_thumb%25255B15%25255D.png?imgmax=800
Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Click on MSV1_0
https://lh3.googleusercontent.com/-zLRAlKd_i3Q/WLgGxECCibI/AAAAAAAAPkc/nXk1g-J69es/image_thumb%25255B17%25255D.png?imgmax=800
Add a new Multi-String Value
https://lh3.googleusercontent.com/-s8Cshb0qQ0o/WLgGyr96gyI/AAAAAAAAPkk/DgNmJtXaBNo/image_thumb%25255B19%25255D.png?imgmax=800
Add BackConnectionHostNames
Then you will see that is added to the registry.
https://lh3.googleusercontent.com/-9m1U3dyU8FQ/WLgG0P7BSnI/AAAAAAAAPks/upuiFRcE6FE/image_thumb%25255B21%25255D.png?imgmax=800
You can double-click and add your fully qualified domain names (one per line) that will be working as an exception.
https://lh3.googleusercontent.com/-SIUBdYzsM0w/WLgG1TylgQI/AAAAAAAAPk0/oPWo8XBk3Ss/image_thumb%25255B5%25255D.png?imgmax=800
Then you can save and restart the IIS.
Disable Loopback Check in IIS
This is useful in many scenarios. It’s more useful for disable to keep on prompting credentials in SharePoint 2013 Environment.
In this method, you can simply disable the check by editing the following registry key.
Open the RegEdit.
https://lh3.googleusercontent.com/-wI7bnXtind8/WLgG2wTRrHI/AAAAAAAAPk8/n3MJ_ZwQhws/image_thumb%25255B23%25255D.png?imgmax=800
Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
https://lh3.googleusercontent.com/-Sh_lIRCTSis/WLgG4Yhvy0I/AAAAAAAAPlE/eWE-pY86Oho/image_thumb%25255B25%25255D.png?imgmax=800
Click Lsa Registry and add DisableLoopbackCheck registry key as DWORD value.
https://lh3.googleusercontent.com/-OL1mqzZwibs/WLgG5pWwqjI/AAAAAAAAPlM/vF7e1Fr9DFk/image_thumb%25255B27%25255D.png?imgmax=800
After adding the registry key you can find the entry as follows.
https://lh3.googleusercontent.com/-0ow7NPIu3yI/WLgG7G75b9I/AAAAAAAAPlU/-revrJvlai4/image_thumb%25255B29%25255D.png?imgmax=800
Then double-click the key and Enter 1.
https://lh3.googleusercontent.com/-yZwQq2NQkrA/WLgG857HQAI/AAAAAAAAPlc/M0dxnWp1GMg/image_thumb%25255B31%25255D.png?imgmax=800
Click OK.
Then restart the IIS.