Tuesday, August 6, 2013

Access denied on accessing SharePoint site through Alternate Access Mapping (AAM) URL

Last month I ran into an authentication issue after upgrading to SharePoint 2013 (See last post). I was glad to have solved that, but now I have an "Access denied" error when using Alternate Access Mapping (AAM) Urls. 

The Problem


I've created a SharePoint site that has been configured with an alternate access URL.
I can access the SharePoint site using localhost (on the SharePoint server) but when I access it using the alternate URL, I get this page with access denied message.
Surprisingly, when I access the page remotely using same AD credentials, can access the site without any problem.
The access denied page that comes up does not have a SharePoint background, its a white page with access denied message.
I added myself as administrator with full control to the Sharepoint site.
Why does this happen?
When accessing locally, you may be running afoul of the security loopback feature.  This prevents malware on the local server from bypassing web security by coming back to the same machine using an alias.  There are several ways to do this, as detailed in this KB article - http://support.microsoft.com/kb/896861/en-us
The Fix
The basic way to shutoff loopback checking (not ideal security, by the way).

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.


References:
Access denied on accessing sharepoint site through alternate access mapping URL

Error 401.1 when using Integrated Authentication

No comments:

Post a Comment