Mike Shellenberger's blog

Navigating the Digital Frontier: End-User Tech Insights

NTLM Authentication with IIS Host Headers

A colleague and I have been working through this issue with Sharepoint for the last few days. The sharepoint website is setup to run under the hostname of the local computer: http://testserver01 A DNS record was created in a seperate dns namespace: testdomain.org . Whenever a client would hit the website: http://testserver01.testdomain.org and attempt to login with NTLM authentication, a box would pop up prompting for credentials. Entering the correct credentials would simply spit the box back up again. We tried all sorts of things with host header values but ended up finding this MSDN article (http://msdn.microsoft.com/en-us/library/cc982052.aspx) Apparently a change was made in .NET 3.5 SP1 with the HTTPWebRequest where the URL request host header is passed along with the authentication request. Since the local name of the active directory domain is actually testdomain.local, not testdomain.org, the NTLM authentication was failing trying to process requests for username@testdomain.org . The article walks you through the steps to create a registry entry of defined host headers. These host headers then are linked to the local loopback address which allow authentication to work properly. Here are the steps to add the registry key:

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. Type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the host name or the host names for the sites (the host name used in the request URL) that are on the local computer, and then click OK.
7. Quit Registry Editor, and then restart the IISAdmin service and run IISReset.

(Note: Step 7 did not allow the fix to work for us, we needed to actually reboot the server for the fix to take effect)

Published by

Mike Shellenberger
With over 20 years of experience in implementing and supporting technical solutions, I am passionate about leveraging Microsoft technologies and devices to make a tangible impact on end users. My expertise spans a wide range of Microsoft products, including Windows clients, Intune, Microsoft 365, Windows 365, and Configuration Manager. I have a proven track record in designing, deploying, and managing complex IT infrastructures, ensuring seamless integration and optimal performance. I am dedicated to the digital workspace technology community, where I actively contribute and continuously learn to stay at the forefront of industry advancements. My technical skills also encompass identity/authentication technologies, endpoint security, and cloud computing, enabling me to deliver comprehensive solutions that enhance user productivity and satisfaction. Outside of my professional life, I am an avid homebrewer, amateur radio enthusiast, beekeeper and runner. I enjoy balancing my technical pursuits with these hobbies, which keep me grounded and inspired. I reside in the Lancaster, PA area with my wife and two kids, where we cherish our community and the opportunities it provides.

One response to “NTLM Authentication with IIS Host Headers”

  1. Dan R Avatar
    Dan R

    Had similar issue with IIS on Win 7 Pro, and your registry mods fixed the issue. Thank you for sharing.

    – Dan R.

    Reply

Leave a reply to Dan R Cancel reply