SharePoint server 401 Unauthorized from the local machine - sharepoint

I have installed a SharePoint 2013 in my Windows server 2012 development environment. I have configured everything and it worked fine. The problem is that from the machine where the SharePoint is hosted, it asks me for the credentials in a loop, it always responds with 401. If I access from another PC it works. I am using the same DNS to access from both sides. My authorization is with windows.
The above does not matter to me, my problem is that I have an asp.net API on the same server that makes use of ClientContext to connect to this SharePoint. When the API is hosted on the server and makes a request using the ClientContext, it returns a 401. If my API is on my computer launched from visual studio there is no problem. In addition, I have also tried to deploy the API in another environment but pointing to my development environment and everything works fine.
The problem is when I try to access from the same machine where SharePoint is hosted. (The central administration works without problems).

I answer my question.
The problem is related to Loopback Check. It must be disabled for calls from the SharePoint server itself to work.
To disable it go to the registry Ctrl+R and type regedit.
Enter: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and
add DWORD (32-bit) Value.
The name is as follows: DisableLoopbackCheck.
The value in hexadecimal is: 1
I add the post where I found the solution.
After this it works correctly!

Related

NTLM on IIS 8.5 on Server 2012, second web site failing

Maybe you'll be able to help me out.
My situation is this:
We are migrating to from Win2003 to Win2012. We've got multiple web sites configured on the 2003 box and we can browse to each of the different names no problem at all, using Windows Integrated.
Well, we just fired up a Windows 2012 and started migrating to it but running into an ntlm 401 issue (log says specifically 401.2.5).
Changing the names to protect the innocent here:
Server Name: Server
going to http://server/apps/asmx/servivce.asmx works fine.
We have a second IP assigned to a new the same box, on port 80, but configured so we can go to http://conapps/apps/asmx/service.asmx. That should work, and return a simple wsdl, but it doesn't.
if we go to http://conapps/apps/anonymous/asmx/service.asmx, it works fine.
I've gone into the authentication tab, and have windows Integrated (and NTLM bubbled up to the top) but I keep getting the 401 errors. Ironcially, if I set anonymous on, it works as expected.
As I said, if I take the default web site, and configure it to point to the same physical files on the disk, it works fine. It's only when I try to go to the secondary name do I have problems.
So, anybody have any ideas what I might be missing?

Unable to access IIS Metabase

I have Visual Studio 2013 and a pretty basic MVC web application.
When I am connected to my work network (hard wire or VPN) I can open up VS without issue. However when not connected to my work network I get the following error:
---------------------------
Microsoft Visual Studio
---------------------------
Creation of the virtual directory http://localhost:54156/ failed with the error: Unable to access the IIS metabase. You do not have sufficient privilege to access IIS web sites on your machine.
---------------------------
OK
---------------------------
I've tried granting my user rights to IIS via the aspnet_regiis -ga mydomain\myuser and that did not help.
I am certainly running VS as an administrator. It works just fine when connected to the network. Our security and server teams do not seem to understand why this would behave this way.
Is this IIS Express? I (and those I work with) often get a similar error due to the domain login script encrypting My Documents. It's fixed by simply decrypting
Documents\IISExpress\config\applicationhost.config
Not sure if that's the issue here though;
Ultimately I believe this to be an issue between our network policies and the IIS and .NET installs.
When I was off network it could not access the cached user folders. Switching from having the home drives on network to having them local did not fix the issue (assuming some files were still referencing the network location).
I had my system refreshed and started with my user folders as local and have not had the issue since.
I know it's an old question, but at my location the user profile is stored on the network. When I checked to see if the IISExpress application was encrypted as Chad Schouggins suggested, I didn't even have a documents folder. Ultimately, the answer was really simple:
turn the machine off and back on again.

Azure Mobile Services on Local IIS rather than IIS Express

OK, I've created an Azure Mobile Services project in Visual Studio 2013.
I run it up as-is, then in the browser I test it by adding a todo item via the simple browser app that seems to get baked into these service projects. It gives me a '201 success' message - brilliant.
I then convert the project from IIS Express to Local IIS as the web host, recompile and try again, and although I get the same smiley face app telling me that everything is OK, when I try and add a todo item I get a 404 error. This is contrary to the Microsoft article that gives these instructions, which clearly says I am able to choose either IIS Express or Local IIS when setting up the project.
My guess is that web.config is missing something when this project runs on the local IIS server.
I'm hoping someone already has a solution before I spend hours trying to work out how to configure IIS for this type of project.
I've already wasted a load of time working through loads of bugs and gotchas with Azure Mobile, and I'm starting to run out of steam - so I'm hoping someone can help me before I go and grab an account at Parse.com
Many thanks in anticipation.
Dean
The easiest approach for your situation might be to just deploy to the cloud, and use that service for your testing. Visual Studio 2013 Update 2 makes it easy to deploy your app and connect to it for remote debugging. It is a little slower than using a local instance, but you are also assured that there will be no surprises when you eventually go live (since you are live the whole time).
That said, we will investigate the issue you are seeing with using IIS directly. Some things you might want to try on your own:
Verify that you can view the web side from your Mac's browser, to make sure that the firewall is letting the requests through.
Try using the "Getting Starting" link from the smiley-face page, to see if the REST endpoints are behaving correctly.

OAuth callback URI changes port number in Azure emulator

I've developed a working solution using Azure SDK October 2012. It connects to another service that uses OAuth. When I move my solution to a machine using Azure SDK 2.1, the OAuth callback fails because the port number has changed.
For example, when I debug the solution it opens a browser at 127.0.0.2:82. Then I connect to the other service, and the callback comes to 127.0.0.2:83, which the browser can't find. Prior to being redirected to the other service, I can see that the controller is looking at the Request object and getting the invalid port # (83) from that.
I'm not a MVC or Azure whiz, but this solution works perfectly under the older version of the SDK. Did something change? btw I've tested this with IE10 and Chrome, so it's not a browser issue.
Just to be clear - I have the exact same solution running on 2 machines. One works, and the other doesn't. So it's not a problem with my code, unless there's something that explicitly needs to change for Azure SDK after October 2012.
The Oauth2 app has been configured to redirect on specific site + port, so either you need to reconfigure the Oauth2 configuration in the OAuthProvider
or else see why the emulator locally is binding to a different port. Maybe the other port is being used by some other site running in the emulator. Sometimes just restarting the emulator does the trick.
See this to understand how the local emulator works.
I was missing the [Authorize] attribute on the controller method that was looking at the Request object. When I added that, the port number problem went away.
Still not sure why it worked on one dev machine and not the other (or with one version of Azure SDK and not the other), but now it works on both, so there you have it.

IIS7 Authentication problem

I have deployed a web site to a Win 2008 Web server with IIS7. The site works fine on a Win 2003 Standard server with IIS6. On the 2008 box, whenever I request a page (htm or aspx) from a folder named Reports, I get challenged with the Windows Authentication dialog box.
I have Anonymous Authentication and Forms Authentication enabled on the site. I applied Full Control permissions to the root of the site for both NETWORK SERVICE and IIS_IUSRS, but that hasn't make a difference.
Like a previous post already mentioned, here are the detailed steps to fix this:)
If there is a folder in the application named "Reports" and SQL Server Reporting Services are installedon the server, then Reporting Services Virtual Directory folder that is also named "Reports" will be in conflict with the application "Reports" folder.
To fix this open Reporting Services Configuration Manager (Start->All Programs->MS SQL Server->Configuraton Tools) and change the Virtual Directory under the "Report Manager URL" in the menu on the left.
Did you install MSSQL Reporting Services on your new machine? It'll use the Reports folder for the reporting toolkit (default setting) and under MSSQL 2008 you can't enable anonymous Access out of the box.
whats is the authentication mode in your web.config, verify that is not in Windows
<authentication mode="Windows" />
also be sure to disable integrated windows authentication in iis
You could try running FileMon from SysInternals to see if it is the file system that is sending back the "access denied".
Quote from another forum that solved this issue for me:
"SQL Server Reporting Services creates a folder called Reports by default if you install it on IIS. If you install SQL 2008 then Reporting Services doesn't need to use IIS and instead will try to reserve the URL with the HTTP.Sys service.
I believe this is the cause of the conflict you are seeing. What you could try is changing the URL that Reporting Services uses via the SQL Server Reporting Services Configuration Manager."
Well speaking on the same subject here, yesterday I was deploying my application on Windows Server 2008 running IIS7 w/MSSQL 2008 on there too. In my website's tree structure I had a folder named Reports that had a subfolder in it, and then the actual pages. It looked like this "Reports/SalaryReports/SalaryReport.aspx" The interesting thing was that when I clicked on a hyperlink to go to "Reports/SalaryReports/SalaryReport.aspx" I got a username/password prompt from my server. This did not happen on the VS development server when I ran the application on the development machine. So I was like hmm? I looked at the code-behind in SalaryReport.aspx and did not find anything unusual. So then I put a Default.aspx directly in the Reports folder (thinking maybe it was something wrong with the authentication going two nodes down from the root to get to SalaryReport.aspx) but the server still requested username/password even though there was no security settings applied to this new Default.aspx. So I figured it must be that the folder is named "Reports", so I renamed it to "Reports1" and bigno! Everything worked!....I will still look further in this issue today, but it seems that either an IIS 7 HttpModule (not one of mine) is trying to "reserve" the folder that is named "Reports" for itself or something else...I'll look into the SQL Server Reporting services as the above post mentioned...
Anyways, just wanted to share:)
I'm supposing you don't have a SQL Reporting Services running on the same server:
1 - Give rights to user "IUSR" and the user that's running your application pool.
2 - Overwrite child folder permissions and ownership.
2 - Check if there's a web.config file on that folder setting different access rules.

Resources