Thursday, 30 April 2009

Can't Crawl Sites, Can't Access Sites on Server 401.1 Access Denied

I hit this nasty problem recently.

I could access central admin fine on http://servername:port but when trying to crawl sites locally, the crawler failed on sites with a custom host header, returning access denied messages. That's strange I thought, so launched up IE on the server and tried to access the sites, get prompted to login 3 times then boom access denied 401.1. These same sites work just fine when accessed on other client machines in the network.

Something definetly aint right here!!!

Luckily Todd Klindt saved the day for me, he blogs this issue nicely here. Further to that Ishai Sagi also has a blog post on it. So have a read of those awesome blog posts and then check out http://support.microsoft.com/kb/896861 for a resolution, the cause is stated in the hotfix as:

"A loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name."

The resolution involes a little bit of regedit.

Phew disaster averted!

1 comment:

Michael Hanes said...

I experienced and documented (http://blog.mediawhole.com/2009/06/access-is-denied-check-that-default.html) exactly the same problem the other day! I'd read your post previously but you know that niggling feeling when you've "seen this somewhere before but can't remember where!!!"

I'm putting this down to an W2k3 SP1 change.