FYI -

----

That did it! thanks rick. I didn't even have to restart the machine, only
recycle the MSsharepoint app.

EB



----------------------------------------------------------------------------
----

Subject: RE: [iis6] 401.1 When accessing fpadmdll.dll


Ed,

Go ahead and forward this to the listserve should the following information
help you slove your issue.  This may not be the solution. THANKS - RICK

Possible FIX from KB 896861: This issue occurs if you install Microsoft
Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pac
k
1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check
security feature that is designed to help prevent reflection attacks on your
computer. Therefore, authentication fails if the FQDN that you use does not
match the local computer name.

There is a known "issue" with authentication when using 2003 server with
IIS6 and 2002 extensions that shipped with 2003 server after the application
of 2003 server SP1. The issue occurs from additional security lock downs tha
t
sp1 applied. People have been affected by this either by installing SP1 afte
r
FP extensions were installed as well as fresh installations of 2003 server,
IIS6, 2002 extensions and with SP1.

People are doing the following:

Turn on basic authentication and use SSL for logins in IIS or

Method 1: Disable the loopback check
Follow these steps: 1. Click Start, click Run, type regedit, and then click
OK.
2. In Registry Editor, locate and then click the following registry key:
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.




------

Here is more information on this item



Here is a news group to check out.


http://support.microsoft.com/newsgr...wsnt&sloc=en-us





Here is another link to a search in that listserve to read:

http://support.microsoft.com/newsgr...r />
40b0-a226
-8b9cf33299a5&dglist=&ptlist=&exp=&sloc=en-us

In the results go and read the result named, "An error occurred accessing
your Windows SharePoint Services site files"



You will see the following posting froma user named Michael Middleton
referencing knowledge base article 896861 in regards to Integrated
Authentication:

I may have posted my fix in the wrong thread.

You don't need to uninstall SP1.

You do need to stop checking the loopback connector so that Kerberos
doesn't break for virtual domains.

http://support.microsoft.com/defaul...kb;en-us;896861

At least that, and a good sanity check of permissions fixed it for me.
See my previous post under "Win 2003 SP1 FrontPage Problem".

It has been several days now, two servers were having this issue..
hundreds of domains... and zero complaints after we made this change.

Mike Middleton
http://www.m13.net


> Brian,
> I strongly recommend following Thomas Rowe's suggestion [uninstall win
 2k3
> sp1].
> If you encounter additional errors, please post back here.
> Uninstalling Win 2003 sp1 resolved the main problems - especially the post
ed
> specific error message.
> We encountered some residual issues, mostly due to the application of
> recommended fixes appropriate to the error message.
> Those are now cleaned up as well, thanks again to the Thomas and the other
> MVPs on this forum.
>

Here is the Knowledge base article:

You receive error 401.1 when you browse a Web site that uses Integrated
Authentication and is hosted on IIS 5.1 or IIS 6
View products that this article applies to.
Article ID : 896861
Last Review : May 20, 2005
Revision : 1.2

Notice
Important This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that
you understand how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the registry, click the
following article number to view the article in the Microsoft Knowledge Base
:
256986 (http://support.microsoft.com/kb/256986/) Description of the
Microsoft Windows Registry
On This Page
SYMPTOMS
CAUSE
WORKAROUND
Method 1: Disable the loopback check
Method 2: Specify host names
STATUS
APPLIES TO

SYMPTOMS
When you use the fully qualified domain name (FQDN) to browse a local Web
site that is hosted on a computer that is running Microsoft Internet
Information Services (IIS) 5.1 or IIS 6, you may receive an error message
that is similar to the following:
HTTP 401.1 - Unauthorized: Logon Failed
This issue occurs when the Web site uses Integrated Authentication and has a
name that is mapped to the local loopback address.

You may also receive an error message that is similar to the following when
you try to debug a Microsoft ASP.NET project in Microsoft Visual Studio 2003
:
Error while trying to run project: Unable to start debugging on the web
server. You do not have permissions to debug the server.

Verify that you are a member of the 'Debugger Users' group on the server.
Note The word "Web" is incorrectly capitalized in this error message.
Back to the top

CAUSE
This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2)
or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and
Windows Server 2003 SP1 include a loopback check security feature that is
designed to help prevent reflection attacks on your computer. Therefore,
authentication fails if the FQDN that you use does not match the local
computer name.
Back to the top

WORKAROUND
Warning If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own risk.

To work around this issue, use one of the following methods:
Back to the top

Method 1: Disable the loopback check
Follow these steps: 1. Click Start, click Run, type regedit, and then click
OK.
2. In Registry Editor, locate and then click the following registry key:
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.

Back to the top

Method 2: Specify host names
To specify the host names that are mapped to the loopback address and can
connect to Web sites on your computer, follow these steps: 1. Click Start,
click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Control\Lsa\MSV1_0
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. Type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
6. In the Value data box, type the host name or the host names for the sites
that are on the local computer, and then click OK.
7. Quit Registry Editor, and then restart your computer.

Back to the top

STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that
are listed in the "Applies to" section.
Back to the top


----------------------------------------------------------------------------
----

APPLIES TO
• Microsoft Internet Information Services 6.0, when used with:
Microsoft Windows Server 2003 Service Pack 1

• Microsoft Internet Information Services 5.1, when used with:
Microsoft Windows XP Service Pack 2

• Microsoft Visual Studio .NET 2003 Enterprise Architect
• Microsoft Visual Studio .NET 2003 Enterprise Developer

[ Post a follow-up to this message ]

This also fixed many debugging issues with Visual Studio 2003 on Windows
Server 2003 with Service Pack 1.

Thanks
"R" wrote:

> FYI -
>
> ----
>
> That did it! thanks rick. I didn't even have to restart the machine, only
> recycle the MSsharepoint app.
>
> EB
>
>
>
> --------------------------------------------------------------------------
------
>
> Subject: RE: [iis6] 401.1 When accessing fpadmdll.dll
>
>
> Ed,
>
> Go ahead and forward this to the listserve should the following informatio
n
> help you slove your issue.  This may not be the solution. THANKS - RICK
>
> Possible FIX from KB 896861: This issue occurs if you install Microsoft
> Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service P
ack
> 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback che
ck
> security feature that is designed to help prevent reflection attacks on yo
ur
> computer. Therefore, authentication fails if the FQDN that you use does no
t
> match the local computer name.
>
> There is a known "issue" with authentication when using 2003 server with
> IIS6 and 2002 extensions that shipped with 2003 server after the applicati
on
> of 2003 server SP1. The issue occurs from additional security lock downs t
hat
> sp1 applied. People have been affected by this either by installing SP1 af
ter
> FP extensions were installed as well as fresh installations of 2003 server
,
> IIS6, 2002 extensions and with SP1.
>
> People are doing the following:
>
> Turn on basic authentication and use SSL for logins in IIS or
>
> Method 1: Disable the loopback check
> Follow these steps: 1. Click Start, click Run, type regedit, and then clic
k
> OK.
> 2. In Registry Editor, locate and then click the following registry key:
>  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Control\Lsa
> 3. Right-click Lsa, point to New, and then click DWORD Value.
> 4. Type DisableLoopbackCheck, and then press ENTER.
> 5. Right-click DisableLoopbackCheck, and then click Modify.
> 6. In the Value data box, type 1, and then click OK.
> 7. Quit Registry Editor, and then restart your computer.
>
>
>
>
> ------
>
> Here is more information on this item
>
>
>
> Here is a news group to check out.
>
>
> http://support.microsoft.com/newsgr...wsnt&sloc=en-us
>
>
>
>
>
> Here is another link to a search in that listserve to read:
>
> http://support.microsoft.com/newsgr...aa-0d60-40b0-a2
26-8b9cf33299a5&dglist=&ptlist=&exp=&sloc=en-us
>
> In the results go and read the result named, "An error occurred accessing
> your Windows SharePoint Services site files"
>
>
>
> You will see the following posting froma user named Michael Middleton
> referencing knowledge base article 896861 in regards to Integrated
> Authentication:
>
> I may have posted my fix in the wrong thread.
>
> You don't need to uninstall SP1.
>
> You do need to stop checking the loopback connector so that Kerberos
> doesn't break for virtual domains.
>
> http://support.microsoft.com/defaul...kb;en-us;896861
>
> At least that, and a good sanity check of permissions fixed it for me.
> See my previous post under "Win 2003 SP1 FrontPage Problem".
>
> It has been several days now, two servers were having this issue..
> hundreds of domains... and zero complaints after we made this change.
>
> Mike Middleton
> http://www.m13.net
>
> 
>
> Here is the Knowledge base article:
>
> You receive error 401.1 when you browse a Web site that uses Integrated
> Authentication and is hosted on IIS 5.1 or IIS 6
> View products that this article applies to.
> Article ID : 896861
> Last Review : May 20, 2005
> Revision : 1.2
>
> Notice
> Important This article contains information about modifying the registry.
> Before you modify the registry, make sure to back it up and make sure that
> you understand how to restore the registry if a problem occurs. For
> information about how to back up, restore, and edit the registry, click th
e
> following article number to view the article in the Microsoft Knowledge Ba
se:
> 256986 (http://support.microsoft.com/kb/256986/) Description of the
> Microsoft Windows Registry
> On This Page
>  SYMPTOMS
>  CAUSE
>  WORKAROUND
>    Method 1: Disable the loopback check
>    Method 2: Specify host names
>  STATUS
>  APPLIES TO
>
> SYMPTOMS
> When you use the fully qualified domain name (FQDN) to browse a local Web
> site that is hosted on a computer that is running Microsoft Internet
> Information Services (IIS) 5.1 or IIS 6, you may receive an error message
> that is similar to the following:
> HTTP 401.1 - Unauthorized: Logon Failed
> This issue occurs when the Web site uses Integrated Authentication and has
 a
> name that is mapped to the local loopback address.
>
> You may also receive an error message that is similar to the following whe
n
> you try to debug a Microsoft ASP.NET project in Microsoft Visual Studio 20
03:
> Error while trying to run project: Unable to start debugging on the web
> server. You do not have permissions to debug the server.
>
> Verify that you are a member of the 'Debugger Users' group on the server.
> Note The word "Web" is incorrectly capitalized in this error message.
>  Back to the top
>
> CAUSE
> This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2)
> or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and
> Windows Server 2003 SP1 include a loopback check security feature that is
> designed to help prevent reflection attacks on your computer. Therefore,
> authentication fails if the FQDN that you use does not match the local
> computer name.
>  Back to the top
>
> WORKAROUND
> Warning If you use Registry Editor incorrectly, you may cause serious
> problems that may require you to reinstall your operating system. Microsof
t
> cannot guarantee that you can solve problems that result from using Regist
ry
> Editor incorrectly. Use Registry Editor at your own risk.
>
> To work around this issue, use one of the following methods:
>  Back to the top
>
> Method 1: Disable the loopback check
> Follow these steps: 1. Click Start, click Run, type regedit, and then clic
k
> OK.
> 2. In Registry Editor, locate and then click the following registry key:
>  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Control\Lsa
> 3. Right-click Lsa, point to New, and then click DWORD Value.
> 4. Type DisableLoopbackCheck, and then press ENTER.
> 5. Right-click DisableLoopbackCheck, and then click Modify.
> 6. In the Value data box, type 1, and then click OK.
> 7. Quit Registry Editor, and then restart your computer.
>
>  Back to the top
>
> Method 2: Specify host names
> To specify the host names that are mapped to the loopback address and can
> connect to Web sites on your computer, follow these steps: 1. Click Start,
> click Run, type regedit, and then click OK.
> 2. In Registry Editor, locate and then click the following registry key:
>  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl
Set\Control\Lsa\MSV1_0
> 3. Right-click MSV1_0, point to New, and then click Multi-String Value.
> 4. Type BackConnectionHostNames, and then press ENTER.
> 5. Right-click BackConnectionHostNames, and then click Modify.
> 6. In the Value data box, type the host name or the host names for the sit
es
> that are on the local computer, and then click OK.
> 7. Quit Registry Editor, and then restart your computer.
>
>  Back to the top
>
> STATUS
> Microsoft has confirmed that this is a bug in the Microsoft products that
> are listed in the "Applies to" section.
>  Back to the top
>
>
> --------------------------------------------------------------------------
------
>
> APPLIES TO
> • Microsoft Internet Information Services 6.0, when used with:
>     Microsoft Windows Server 2003 Service Pack 1
>
> • Microsoft Internet Information Services 5.1, when used with:
>     Microsoft Windows XP Service Pack 2
>
> • Microsoft Visual Studio .NET 2003 Enterprise Architect
> • Microsoft Visual Studio .NET 2003 Enterprise Developer
>

[ Post a follow-up to this message ]