After I installed a Sharepoint (WSS 3.0) test environment and created a new Site Collection, I tried to logon on to a new Site Collection. But the login didnt work. After I spend some hours checking the whole configuration of IIS7 and AD on a Windows Server 2008 I finally found the problem and the solution here:
http://ppalakollu.blogspot.com/2009/04/ie-8-ntlm-authentication-on-windows.html
If you are using host headers to resolve the websites, then you might have seen the following issue with NTLM authenticated sites on IE 8. When you access the websites on a machine other than the one where it is hosted, you will be able to get to the sites.
Once you RDP onto the server and try to connect to the website, it will prompt for your windows credentials and will get an access denied message. This problem occurs because Windows includes a loopback check security feature that helps prevent reflection attacks on your computer(Probably some kind of security change has been made in IE8 related to this feature). Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.Resolution: Disable the loopback check
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
Quit Registry Editor, and then restart your computer.
This issue caused our workflows to return the error 401: Unauthorized. at System.Workflow.Activities.InvokeWebServiceActivity
To fix this you have to apply the registry hack as installing Firefox will not fix the issue.
It took 3 days to trace the error 401: Unauthorized. at System.Workflow.Activities.InvokeWebServiceActivity back to the loopback problem. I hope this saves somone else the time!!!!!