1

The server is Windows Server 2012 R2 on a VM instance on Azure. There is no DC in the environment and the account in question is Local Administrator.

When I remote onto the box I use the local admin account and RDP successfully. I also have a web app on the same box which uses windows authentication. When I access the web app from an external machine & authenticate using this account - all works fine.

However, when I access the web app on the local machine when I enter the credentials at the challenge, it is refused - 3 strikes and 401.

I can see in the event viewer that the Audit Failure shows no Account Id:

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       ***
    Account Domain:     ***

Any help gratefully received, even if to get more data on the error.

Jenny D
  • 27,358
  • 21
  • 74
  • 110
OldBoy
  • 11
  • 1

1 Answers1

0

This issue occurs because our Security Token Service Web site (SAML Authentication) uses Integrated Authentication and has a name that is mapped to the local loopback address. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name. Solution:

  1. Set the DisableStrictNameChecking registry entry to 1.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  7. Restart the IISAdmin service
OldBoy
  • 11
  • 1