ApplicationXtender - Web Access - Local Web SSO 401

Applies to

• ApplicationXtender Web Access.NET All versions

Summary

• When logged into your Windows server, IIS Windows authentication for SSO or manually entering credentials through a browser does not work for either Windows Auth or Basic Auth using Windows user accounts to access ApplicationXtender. Login attempts just fail with a 401 error.

  However, accessing the same sites externally and logging in works just fine, using Windows log-on credentials. It only fails when on the local machine.

Cause

Loopback Protection on Windows Server

This problem comes up on Windows Servers primarily and lately also on Windows 10. When attempting to log on locally on a local Web site using Windows account authentication the your username and password always fail when this policy is enabled. For Web Connection, this affects the admin pages that rely on Windows authentication for access.

This problem is caused by a policy called Loopback Protection that is enabled on server OSs by default. Loopback Protection disables authenticating against local Windows accounts through HTTP and a Web browser.

For more info please see this Microsoft KB entry:
https://support.microsoft.com/en-us/kb/896861

Solution options

The workaround is a registry hack that disables this policy explicitly.

To perform this configuration manually find this key in the registry on the server:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

and edit or add a new key:

DisableLoopbackCheck (DWORD)

then sent the value to 1 to disable the loopback check (local authentication works), or to 0 (local authentication is not allowed).

Or more easily you can use Powershell:

Once the Registry edit has been applied, test accessing ApplicationXtender from the Host Server.

If the access issue continues, reboot the server and attempt access again.