This is a very common issue which every sharepoint administrator faces. If the admins are trying to access the SharePoint site from the server itself, they are never able to do so because of the security set up that has been provided by Microsoft. Usually the sharepoint admins use this technique to understand which WFE is causing the issue during routine troubleshooting, if the Host file entry on the servers is made in this format.
127.0.0.1 xxx.sharepoint.com
Once they hit the SharePoint site on that server, it implies that the request is hitting to that server itself. I would suggest the below steps to be followed for the dev, test and staging environment, but wouldn't suggest to do so on production, as this would come under security audit.
Method 1 (recommended): Create the Local Security Authority host names that can be referenced in an NTLM authentication request
To do this, follow these steps for all the nodes on the server: -
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. In the Name column, type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the CNAME or the DNS alias or the Host header URL, and then click OK.
Note - Type each host name on a separate line.
Note - If the BackConnectionHostNames registry entry exists as a REG_DWORD type, need to delete the BackConnectionHostNames registry entry.
7. Exit Registry Editor, and then restart the computer.
Method 2: Disable the authentication loopback check
To set the DisableLoopbackCheck registry entry to 1, need to follow the steps on the server: -
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Exit Registry Editor.
8. Restart the computer.
127.0.0.1 xxx.sharepoint.com
Once they hit the SharePoint site on that server, it implies that the request is hitting to that server itself. I would suggest the below steps to be followed for the dev, test and staging environment, but wouldn't suggest to do so on production, as this would come under security audit.
Method 1 (recommended): Create the Local Security Authority host names that can be referenced in an NTLM authentication request
To do this, follow these steps for all the nodes on the server: -
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. In the Name column, type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the CNAME or the DNS alias or the Host header URL, and then click OK.
Note - Type each host name on a separate line.
Note - If the BackConnectionHostNames registry entry exists as a REG_DWORD type, need to delete the BackConnectionHostNames registry entry.
7. Exit Registry Editor, and then restart the computer.
Method 2: Disable the authentication loopback check
To set the DisableLoopbackCheck registry entry to 1, need to follow the steps on the server: -
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Exit Registry Editor.
8. Restart the computer.
