Configuring IIS to Allow Load Balancer FQDN for Loopback
Topic Last Modified: 2009-01-23
Microsoft Internet Information Services (IIS) has a security measure that prevents loopback. When you use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer that is running IIS, you may receive an error message similar to the following: "HTTP 401.1 - Unauthorized: Logon Failed."
This occurs when the Web site uses Integrated Authentication and has a name that is mapped to the local loopback address. If you are using a load balancer for your pool and attempt to validate Web Components Server functionality and you do not add the load balancer FQDN as an allowed FQDN for loopback, you receive the error message and validation fails. For details, see Microsoft Knowledge Base article 896861, "You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6," at http://go.microsoft.com/fwlink/?LinkId=130067.
To allow FQDN of the virtual IP (VIP) of your load balancer that is mapped to the loopback address and can connect to Web sites on your computer, follow the steps outlined in the following procedure.
|Serious problems might occur if you modify the registry incorrectly by using Registry Editor or other methods. These problems might require that you reinstall your operating system. We cannot guarantee that these problems can be solved. Modify the registry at your own risk.|
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the FQDN of your load balancer VIP, and then click OK.
Close Registry Editor, and then restart the IISAdmin service.
You can remove this FQDN after the validation wizard is complete.